Cyware Weekly Threat Intelligence, June 08 - 12, 2020

Weekly Threat Briefing • Jun 12, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jun 12, 2020
The Good
Dealing with a significant cyber incident against a nation requires a whole-of-government approach along with an interface for bi-directional threat intelligence sharing. Taking critical measures in a similar vein, the U.S. Cyber Command and the National Guard have launched a new portal called ‘Cyber 9-Line’ to get a holistic view of threats occurring in the country and abroad. Furthermore, the CISA has proposed a strategy to disrupt malware attacks on ICS.
The Department of Homeland Security’s CISA has unveiled a strategy to help protect Industrial Control Systems (ICS) from being hacked. The strategy includes developing deep data capabilities to analyze and deliver information that can be used by the ICS community to disrupt the kill chain.
With an aim to gain a holistic view of cyber threats occurring in the nation, the U.S. Cyber Command along with the National Guard has created a new portal called Cyber 9-Line. The portal will enable Guard units from their respective states to quickly share cyber threat information with Cyber Command.
The National Cybersecurity Center of Excellence (NCCoE) and National Institute of Standards and Technology (NIST) are working with leading industry vendors and subject matter experts to devise new cybersecurity standards for firms offering telemedicine services. This will help the telehealth and telemedicine providers to understand the security threats lurking in their platforms.
The Bad
The week witnessed several organizations falling victim to ransomware attacks that disrupted operations at their facilities. Some of the victim organizations include the Fisher & Paykel Appliances, Honda Motor.Co, and VT San Antonio Aerospace.
Fisher & Paykel Appliances was struck down by Nefilim ransomware. The attack impacted the manufacturing and distribution operations at the firm, forcing the firm to shut down its facilities to deal with the ransomware.
The City of Florence paid a ransom of nearly $300,000 in bitcoin to restore its systems that were affected in a ransomware attack on June 5, 2020. Investigations reveal that it was the act of DoppelPaymer operators. In another incident, the City of Knoxville was forced to shut down its IT networks due to a ransomware attack.
Nintendo confirmed that nearly 300,000 user accounts were breached after an unauthorized login occurred on April 24, 2020. The personal data that was compromised in the incident included dates of birth and email addresses.
The Snake ransomware operators were responsible for attacks at Honda Motor.Co. and Edesur S.A. As a result, the operations at several plant locations of Honda and Edesur S.A were halted.
Nature &Co’s subsidiary Avon suffered a cyberattack, impacting some of its operations. Reportedly, the attack occurred due to a security weakness in the company’s digital security system.
Australian beverage giant, Lion, was hit by a major cyberattack that knocked out its internal IT systems. This impacted the processing of customer orders.
Columbia College became the third college in the U.S. to be attacked by the Netwalker ransomware within a week. This affected the employees’ and students’ data.
The Duluth Public School disclosed a data breach that compromised student accounts. The school authorities disabled the accounts to prevent additional unauthorized logins.
Admission systems, business processing systems, and email servers were taken offline following a cyberattack at the Life Healthcare Group. The extent of the attack is yet to be ascertained.
Details of some 900,000 credit cards held by South Koreans were sold on underground forums this week. The leaked information included card numbers, expiration dates, and validity dates.
Credentials of over 100 senior executives working in nine German MNCs were stolen in a phishing attack campaign. These firms were associated with a German government-private sector task force created to procure PPE kits.
Maze ransomware returned in a new attack against VT San Antonio Aerospace. The threat actors used a compromised administrator account to steal 1.5 TB of unencrypted files. The attackers also exfiltrated data from New York-based Threadstone Advisors.
Personal information of several U.S. police officers was leaked on social media in a targeted attack. The leaked data included home addresses, email addresses, and phone numbers of the officers.
A1 Telekom took almost six months to recover from a security breach that occurred in November 2019. The attackers had compromised some databases and even ran database queries in order to study the company’s internal network.
A flaw in the Babylon Health app allowed users to gain access to other users’ video consultations with doctors. The telehealth start-up fixed the issue as soon as it became aware.
Greenworks’ website fell victim to a highly-sophisticated and self-destructing skimmer code attack. The malware grabbed payment card details of customers from the checkout page of the website.
New Threats
Talking about new threats, security researchers discovered two new vulnerabilities - CrossTalk and SGAxe - affecting Intel processors. Also, the Armv8-A CPU architecture was also found to be vulnerable to a newly found Straight-Line Speculation (SLS) flaw.