Cyware Weekly Threat Intelligence, July 13 - 17, 2020

Weekly Threat Briefing • Jul 17, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jul 17, 2020
The Good
Cybersecurity for remote workers amid the pandemic has become an important requirement. Keeping the need in mind, the U.K.’s National Cyber Security Centre (NCSC) has released a new set of free tools and roleplay exercises to help organizations keep their employees safe while working from home. Additionally, Google Meets has included a Zoom-Bombing protection feature to protect its education customers from unwanted intrusions.
The U.K.’s National Cyber Security Centre (NCSC) released a new set of free tools and roleplay exercises to protect remote workers from cyberattacks. The exercises focus on safe access to networks, securing employee collaboration and managing cyber incidents remotely.
The U.S. Secret Service announced the creation of the Cyber Fraud Task Force (CFTF) after a merger between Financial Crime Task Forces (FCTFs) and Electronic Crimes Task Forces (ECTFs). CFTF’s main goal is to investigate and defend American individuals and businesses from a wide range of cyber-enabled financial crimes, BEC scams, and ransomware attacks.
Google Meets added a ‘Zoom-Bombing’ prevention feature to protect educators from unwanted intrusion. This will be especially useful for users joining Google Meets video conferences organized through G Suite.
The Bad
Data leaks on various dark web forums grabbed the headlines as hackers dumped data stolen from Wattpad, MGM Hotel Resorts, Bhinneka, and LiveAuctioneers. A U.K. ticketing provider was also affected after its 4.8 million records were sold at a price of $2,500.
The reports of spearphishing attacks, conducted by Chinese government hackers, that happened in May 2020 on the Hong Kong Catholic Church attacks came to light this month. In this operation, malware files were sent in the form of ZIP and RAR archives that contained Windows executables.
The Hong Kong-based UFO VPN leaked over 20 million user logs due to an unprotected Elasticsearch database. The data included plaintext passwords, IP addresses, session tokens, and information of devices.
MyCastingFile.com leaked private data of over 260,000 individuals owing to an unguarded database. The database contained 1GB data, including names, physical addresses, email addresses, phone numbers and dates of birth of users and some staff members.
An unsecured Amazon S3 bucket associated with LPM Property Management had leaked more than 31,000 images of users’ passports, driver’s licenses, evidence of age documents and more. The bucket was secured after researchers contacted the firm.
Around 130 Twitter accounts of major companies and individuals were compromised with a purpose to promote a bitcoin scam. The accounts belonged to President Barack Obama, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and the giant, Apple.
An unsecured database belonging to Wattpad was put up for sale before it was offered for free on hacker forums. The database contained 270 million user records.
A trove of 4.8 million records belonging to a well-known U.K. ticketing provider was put up for sale on the dark web. The data was sold at a price of $2500 by a user named ‘Jamescarter.’
Cybercriminals compromised a British cryptocurrency exchange, Cashaa, and stole over $3 million in bitcoin. The incident occurred after malicious hackers gained access to one of the exchange’s digital wallets.
A hacker was found selling details of more than 142 million MGM hotel guests at a price of over $2,900. The data included names, postal addresses, and email addresses of individuals.
A breach at Benefit Recovery Specialists Inc. had exposed health details of some 275,000 individuals. The exposed information included names, dates of birth, provider names, policy identification numbers, procedure codes, and diagnosis codes.
LiveAuctioneers disclosed a data breach after a broker sold 3.4 million user records on a hacker forum. The data was sold at a price of $2,500.
Antwerp-based savings bank, Argenta, fell victim to a series of ATM jackpotting attacks that forced the ATMs to spew out all of its cash on demand.
Personal data of approximately 40,000 U,S. citizens was dumped on the dark web. This included full names, addresses, states, and dates of birth of individuals.
Cybercriminals dumped a stolen database of Indonesia’s largest online store, Bhinneka, on a dark marketplace. The database contained over 1.2 million account records with users’ personal information such as full names, addresses, emails, gender, contact numbers, social media IDs, and salted passwords, among other details.
Researchers also discovered the records of over 45 million tourists who traveled to Thailand and Malaysia on the dark web. The leaked data included passengers’ ID, full names, mobile numbers, passport details, addresses, and flight details.
More than 8,200 databases containing information of billions of users were compromised by a hacker named NightLion. These databases belonged to a data leak monitoring service, DataViper.
Hackers infiltrated the IT consultancy giant, Collabera, and stole some employee’s personal information such as their names, addresses, contact numbers, social security numbers, dates of birth, employment benefits, and passport details.
New Threats
Among the new threats discovered this week, security researchers revealed that seven ransomware families have expanded their activities by targeting Operation Technology (OT) software. Apart from this, a new Android malware named BlackRock was found to be capable of stealing information from 337 banking, dating, social media, and instant messaging apps.