Cyware Weekly Threat Intelligence - January 20–24

Weekly Threat Briefing • Jan 24, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jan 24, 2020
The Good
We come to the end of another week and as we look forward to the weekend, let’s take a quick glance at all the major developments that happened in the cybersecurity world. NIST has officially released version 1.0 of its Privacy Framework to help organizations optimize the beneficial uses of data while protecting individual privacy. In other news, a New York senator has introduced Senate Bill S7289 that would ban the paying of a ransom.
A New York senator has introduced Senate Bill S7289 that will prohibit municipal corporations or other government entities from paying ransom in the event of a cyberattack against them.
Lawmakers in the state of Maryland are considering to penalize anyone who is in the possession of ransomware and intends to use it to cause harm. The state also further plans to grant victims of a ransomware attack the right to sue the hacker for damages in a civil court.
The National Institute of Standards and Technology (NIST) has released version 1.0 of its Privacy Framework to help improve organizations’ approach to using and protecting personal data.
The Bad
The week was no good when it comes to breaches. Mitsubishi Electric Corp. disclosed that it had suffered a massive cyberattack, impacting the confidential data of government agencies and other business partners. Microsoft came under the scanner for leaking 250 million call records last year due to unsecured Elasticsearch servers. Buchbinder car rental company was also in soup for exposing the personal information of over 3.1 million customers.
Mitsubishi Electric Corp. had disclosed a massive cyberattack that affected the information of government agencies and other business partners. Among the potentially leaked information were the email exchanges with the Defense Ministry and the Nuclear Regulation Authority.
Researched noted that Microsoft had briefly exposed call center data of almost 250 million customers due to unsecured Elasticsearch servers. The incident had occurred last year and the exposed information included customer emails, IP addresses, support agent emails, and internal notes.
Magecart-type attacks were experienced on websites belonging to Hanna Andersson and resellers of tickets for the Euro Cup and the Tokyo Summer Olympics. The attacks enabled the attackers to steal payment card details of customers.
The main server of the Insurance company SAOG in Oman was hit in a ransomware attack, causing the loss of some data created between December 10, 2019, and January 1, 2020. The terror of Sodinokibi ransomware was also seen as the threat actors came up with a new threat of publishing 50 GB of data stolen from the GEDIA Automotive Group.
An unsecured Amazon S3 bucket owned by THSuite had leaked Personally Identifiable Information (PII) of 30,000 individuals connected to the medical and recreational marijuana industry. In total, over 85,000 files were leaked due to the unguarded bucket.
A data breach at the German car rental company Buchbinder had affected the personal information of over 3.1 million customers. The incident had occurred due to an unprotected database.
New Threats
Variants of several existing malware were also noticed this week. Some of the newly discovered variants belonged to Trickbot trojan, BitPyLock ransomware, and Muhstik botnet families. These malware variants were used to infect individuals and organizations across the globe. A new malware called CARROTBALL, distributed via a phishing email, was used in targeted attacks against a US government agency and two non-US foreign nationals professionally affiliated with North Korea.