Cyware Weekly Threat Intelligence - January 27–31

Weekly Threat Briefing • Jan 31, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jan 31, 2020
The Good
With ransomware attacks running rampant, various law enforcement agencies have come up with new laws and guidelines for organizations, counties, and towns to improve their digital security postures. New York State has introduced two bills - S7246 and S7289 - to ban the payment of ransom. On the other hand, NIST has published guidelines to help firms create strategies to protect their data in the event of a ransomware attack.
Ben-Gurion University has introduced the first all-optical ‘stealth’ encryption technology that will strengthen the security of highly sensitive cloud-computing and data center network transmission. The technology is an extension of the digital optical encryption method originally invented at Bar Ilan University.
New York State has introduced two bills - S7246 and S7289 - to ban municipalities from meeting ransomware attackers’ demands. Senate Bill S7246 also proposes the creation of a ‘Cyber Security Enhancement Fund’ which would help villages, towns, and cities with populations of less than a million residents to upgrade their digital security defenses.
The National Institute of Standard and Technology (NIST) has published guidelines for businesses on how to defend against debilitating ransomware attacks. With this, NIST intends to help firms create strategies to protect data in the event of any cyberattack.
The UK government has proposed new security rules for IoT devices. These rules are designed to protect consumers and businesses against an increasing volume of cyberattacks.
The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. The sheet focuses on mitigation measures for four prominent cloud vulnerabilities: misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities.
The World Economic Forum (WEF) has published Cybercrime Prevention Principles for Internet Service Providers (ISPs) to boost their cybersecurity practices. Each principle is considered from the perspective of the challenges the ISPs are seeking to address against cyber attacks.
Indonesian police forces, along with Interpol, have cracked down on hackers - suspected to be from Magecart group - in an operation named ‘Night Fury’. These criminals were involved in stealing payment card information from customers of hundreds of hacked online stores.
The Bad
The week saw some of the worst data breaches, with malicious hackers compromising millions of customers’ sensitive records. One of the major data breach incidents was reported at the largest convenience store chain Wawa Inc. after fraud experts discovered a batch of over 30 million stolen card details up for sale on Joker’s Stash dark web market. In other news, an unprotected database belonging to Cornerstone Payment Systems spilled 6.7 million transaction records online.
In a major update, fraud experts found that attackers had put the first batch of over 30 million stolen Wawa customers’ data on the popular Joker’s Stash dark web forum. The retail store had experienced a major cyberattack in late December 2019.
LabCorp again suffered a data breach after it inadvertently exposed 10,000 medical documents due to a security flaw in its website. The exposed documents included names, dates of birth and, in some cases, Social Security numbers of patients.
Cornerstone Payment Solutions took its unprotected database offline that contained 6.7 million transaction records online. The exposed records included payee names, email addresses, and in many cases, postal addresses as well.
Canada-based Bird Construction became the latest target of Maze ransomware’s ‘Name and Shame’ tactic. The operators had published 60GB of data stolen from the company on its website after the company denied to pay the ransom.
A new investigation revealed that Chinese hackers had used an unpatched vulnerability in TrendMicro OfficeScan antivirus to launch attacks against Mitsubishi. The attack had affected the confidential files exchanged with government agencies and other business partners.
In an exclusive investigation performed by ‘The New Humanitarian’, it was revealed that the United Nations offices in Geneva and Vietnam were compromised in a massive cyberattack last year. The attackers had accessed dozens of servers to launch the attack.
New Threats
Notorious malware like Emotet, Trickbot, and Ryuk were also spotted in different cyberespionage campaigns across the globe. While Ryuk made a comeback with a new variant that could steal confidential files from government and finance sectors, the Trickbot and Emotet were observed using particular text from articles and Coronavirus threat report respectively to infect their victims.