Cyware Weekly Threat Intelligence, June 01 - 05, 2020

Weekly Threat Briefing • Jun 5, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jun 5, 2020
The Good
With another week coming to an end, let’s take a quick glance at all the positive developments that happened this week. The Cybersecurity and Infrastructure Security Agency (CISA) came up with new strategies to strengthen the cyber ecosystem of government agencies. One of them includes the release of six Cyber Essentials toolkits that will improve the level of security awareness among organizations. The other is related to a new Domain Name System(DNS) resolver that will enhance the resiliency of online systems of federal agencies.
As a follow-up to the November 2019 announcement of Cyber Essentials, the DHS’ CISA has released the first set of Cyber Essentials toolkits to address cybersecurity risks in government agencies and small businesses. It consists of six toolkits that are aimed at developing security awareness, protecting critical assets, and more.
The CISA has also planned to roll out a new Domain Name System (DNS) resolver service to ensure online systems are resilient. The service will also enable CISA to gain insights into active cyber threats to analyze and protect federal agencies.
A group of academics has developed a prototype of security and privacy labels for IoT devices to increase cybersecurity awareness among users. The labels have been created after consulting a diverse group of privacy and security experts.
The Bad
Meanwhile, ransomware attacks continued to be a major concern for several organizations as attackers stole sensitive files and threatened to leak them online. Some of the victim organizations include the University of California San Francisco (UCSF), Digital Management Inc., and Westech International.
Maze ransomware operators wreaked havoc on Westech International, a US military nuclear missile contractor. After gaining access to the company’s network, the attackers stole company emails, payroll data, and some personal information.
The Netwalker ransomware operators successfully attacked the UCSF and exfiltrated several sensitive information before encrypting the computers. The compromised data includes student applications with social security numbers, employee information, medical studies, and financial details.
The San Francisco Employees’ Retirement System (SFERS) suffered a data breach that affected the information of nearly 74,000 members. The incident occurred after hackers gained unauthorized access to a database hosted in a test environment.
A large-scale attack campaign was carried out by attackers with an intent to harvest database credentials from 1.3 million WordPress sites by downloading their configuration files. The campaign was launched between May 29 and May 31, 2020.
Coincheck cryptocurrency exchange was hit in a cyberattack after hackers gained access to some emails sent by customers. These emails included names, dates of births, and phone numbers of customers.
DopplePaymer ransomware gang allegedly breached the network of Digital Management Inc. To support their claim, they posted 20 archive files on a dark web portal.
Spanish e-Learning platform, 8Belts, exposed private details of at least 100,000 e-learners due to a misconfigured Amazon S3 bucket. The bucket contained identity numbers, full names, email IDs, and contact information of users.
The Sodinokibi ransomware operators leaked the files allegedly stolen from the UK power grid company, Elexon, after they did not receive the ransom. The firm was attacked in May 2020.
U.S passenger railroad service, Amtrak, informed about some of its customers’ personal data that may have been compromised as a result of unauthorized access to guest reward accounts. These accounts contained names, email addresses, phone numbers, billing addresses, and mailing addresses of customers.
Joomla reported a data breach after a team member left a backup of the JRD portal exposed on an Amazon S3 bucket. The backup file included details of around 2,700 users who registered and created profiles on the JRD website.
A hacker going by the name of KingNull uploaded a database belonging to Daniel’s Hosting (DH) on a file-sharing portal. The leaked data included 3,671 email addresses, 7205 account passwords, and 8580 private keys for .onion domains.
New Threats
Talking about new threats, security researchers discovered a new BazarBackdoor malware operated by the gang behind the TrickBot trojan. Another new malware, dubbed USBCulprit, associated with the Cycldek APT group was also found stealing data from air-gapped systems.