Cyware Weekly Threat Intelligence - June 24–28

Weekly Threat Briefing • Jun 28, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jun 28, 2019
The Good
As we have come to the last week of June, let’s quickly revisit all that happened in the security landscape this week. Let’s first glance through all the positive developments. SK Telecom has developed a new technology that allows quantum password keys to be switched and routed to different networks. Microsoft has announced a new feature called ‘OneDrive Personal Vault’ that adds a security layer to protect sensitive files. Meanwhile, Moody’s Corporation along with Team8 has developed a framework to measure businesses’ defenses against cyber attacks.
SK Telecom has announced that it has developed a new technology that allows quantum password keys to be switched and routed to different networks. This technology allows networks to transfer a quantum password key to another network when the network being used is down. It will also allow routing of the transfer when connected to multiple networks.
Microsoft has announced a new security layer for protecting sensitive files with its new feature ‘OneDrive Personal Vault’. This feature is a protected area in OneDrive that can be accessed only with the Microsoft Authenticator app or a second step of identity verification such as fingerprint, face recognition, PIN, or authentication code. This feature is supported in web, Android, iOS, and Windows 10.
Financial services company Moody’s Corporation has collaborated with the cybersecurity think-tank Team8 for developing a framework to measure businesses’ defenses and preparedness against cyber attacks. This framework will help companies that engage in mergers and acquisitions or when purchasing cyber insurance policies.
The Bad
Several data breaches and security incidents were witnessed in the past week. A cybersecurity firm has revealed that a Chinese threat group has launched cyberattacks against several telecommunication companies across 30 countries since 2017. In another instance, Chinese cyber-espionage campaign ‘Cloud Hopper’ has compromised almost 8 tech services companies. Meanwhile, the City Hall in Lake City, Florida which suffered a ‘Triple Threat’ ransomware attack on June 10, 2019, has paid the attackers nearly $500,000 in order to recover the encrypted files.
A cybersecurity firm has revealed that a Chinese threat group has launched cyberattacks against several telecommunication companies across 30 countries since 2017. The tools used in the attacks are linked to the APT10 threat group. The attackers attempted to obtain CDR data such as call logs, cell tower locations, etc. and attempted to compromise the critical assets of the telecom companies.
A hacker stole 9.3 million Ripple (XRP) coins worth $4.25 million and 2.5 million Cardano (ADA) coins worth $225,000 from the Bitrue cryptocurrency exchange platform. Bitrue administrators detected the hack and immediately shut down trading on their platform. The exchange also worked closely with HuobiGlobal, Bittrex exchange, ChangeNOW to freeze the affected funds and accounts.
An unprotected Amazon Web Services S3 bucket exposed sensitive data about apprentices recruited by MEGT such as passport scans, visa details, invoices, work placement documents, employment agreements, and performance warnings. The unsecured S3 bucket contained almost 143,000 entries that dated back to 2014.
The City Hall in Lake City, Florida which suffered a ‘Triple Threat’ ransomware attack on June 10, 2019, has paid the attackers 42 bitcoins worth nearly $500,000 in order to recover the encrypted files. The city’s insurance provider had made the payment on June 25, 2019. Soon after, the attackers provided the decryption key to retrieve the city’s files and data.
A new phishing scam that purports to come from Larry Page, former CEO & Co-founder of Google, states that users have won $2.5 million for using its services and asks for their personal details. The scam email prompts users to fill out the claims form in order to claim the prize money. The claims form asks for users’ personal details such as names, addresses, phone numbers, age, email addresses, and occupation.
Taiwan’s Ministry of Civil Service (MOCS) suffered a data breach compromising the personal information of almost 243, 376 civil servants including both local and central government officers. The compromised information included ID numbers, names, national identification card numbers, agency information, job designation, and the agencies the civil servants work for.
The City of Sun Prairie in Wisconsin suffered a data breach after attackers broke into some of the employees’ email accounts. The compromised email accounts contained personal information of residents including Social Security numbers, account login ID and passwords, driver license or state identification numbers, and banking details.
A ‘human hacking’ forum, Social Engineered has been breached and the user data has been published on a rival website. The data includes 89,000 unique email addresses linked to 55,000 forum account holders, usernames, IP addresses, and passwords. The data breach was due to a security hole in ‘My BB’ open-source software.
Dominion National, an insurer and administrator of dental and vision benefits disclosed that it suffered a data breach impacting the personal information of some of its former and current members. The compromised data includes names, addresses, dates of birth, email addresses, Social Security numbers, taxpayer identification numbers, bank account and routing numbers, member ID numbers, group numbers, and subscriber numbers.
WeTransfer, a cloud-based file transfer service announced that it shared users’ sensitive files to people who were not intended to receive the files. The file sharing service has logged out some user accounts and has asked those users to reset their passwords. It has further blocked transfer links to avoid further transfers
Attackers stole the administrative credentials that the tech provider PCM uses to manage client accounts within Office 365. A security expert at a PCM customer said that the attackers prime motive is to steal client information that could be used to conduct gift card fraud at various retailers and financial institutions.
An unprotected MongoDB database belonging to MedicareSupplement.com has exposed almost 5 million records containing personal information of users such as names, addresses, dates of birth, gender, email addresses, and IP addresses. The database also included 239,000 records related to insurance interest area such as cancer insurance.
Unprotected Amazon Web Services cloud-computer servers belonging to Attunity has exposed the company’s passwords and network information. The leaky servers also exposed sensitive information of some of its high-profile customers including Ford Motor and the Toronto-Dominion Bank.
Chinese hackers’ global hacking campaign ‘Cloud Hopper’ has compromised almost 8 tech services companies. The impacted companies include Ericsson, Hewlett Packard Enterprise, IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology.
**New Threats **
This week also witnessed the occurrence of several new malware strains and vulnerabilities. Researchers observed multiple malspam campaigns that distributed LokiBot and NanoCore trojans. Several vulnerabilities were detected in EA’s Origin platform that could expose 300 million gamers to account takeover attacks. Meanwhile, researchers noted that Sodinokibi ransomware is distributed via malvertising that leads to the RIG exploit kit.