Cyware Weekly Threat Intelligence - March 09–13

Weekly Threat Briefing • Mar 13, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Mar 13, 2020
The Good
Another weekend is around the corner and just before we slide into a relaxed mood, let’s take a peek at the major developments from the cybersecurity world. Microsoft, along with partners from 35 different countries, successfully disrupted the operations of Necurs botnet which had affected nearly nine million computers worldwide. In other news, Google’s open-source developers have created a new USB Keystroke Injection Protection tool to defend users against USB keystroke injection attacks.
Google’s open-source developers have released a new tool dubbed USB Keystroke Injection Protection to fend off stealthy USB keystroke injection attacks. The tool is effective on machines using the Linux operating system.
After an eight year-long coordinated investigation, Microsoft, along with partners from 35 different countries, has successfully dismantled the operations of Necurs botnet that infected an estimated nine million computers worldwide. The botnet was believed to be managed by the creators of the Dridex trojan.
Dubai has become the first city in the UAE to enact security standards on industrial control systems (ICS). The step has been taken following the increase in cyberattacks on operational technology (OT) infrastructure in the Middle East.
The Bad
Data breaches exposing millions of personal records of users were also reported worldwide this week. The Dutch government disclosed the loss of two external hard drives that had the personal details of over 6.9 million organ donors stored in them. On the other hand, a software vendor serving small retailers in the EU had exposed nearly 8 million sales records due to a misconfigured MongoDB database.
Personal data of over 6.9 million organ donors was compromised following the loss of two external hard storage drives. The external hard drives belonged to the Dutch government and included electronic copies of all donors filed with the Dutch Donor Register between February 1998 and June 2010.
Card data stolen last year from Volusion-hosted online stores were found on the dark web. The breach had occurred in September-October 2019 and had impacted 6,589 online stores.
A software vendor serving small retailers in the EU exposed nearly 8 million sales records on the web due to an unprotected MongoDB database. The exposed sales records included customers’ names, email addresses, shipping addresses, purchases, and the last four digit of credit card numbers.
Whisper app leaked 900 million secret posts and all the metadata related to those posts due to a misconfigured database. The firm took down the database on March 9, 2020, after it learned about the leak from other sources.
A web server containing records of about 76,000 unique fingerprints was left exposed on the internet. The unsecured fingerprint data along with employees’ email addresses and telephone numbers, had been collected by a Brazilian company called Antheus Tecnologia.
Open Exchange Rates announced a data breach that exposed the personal information and salted and hashed passwords of customers of its API services. An internal investigation revealed that an unauthorized user had gained access to their network and a database that included user information.
The University of Kentucky and UK Healthcare conducted a major reboot of their systems in an effort to end a month-long cyber attack. The unidentified threat actors had infiltrated Kentucky’s largest university system in early February and installed malware to mine cryptocurrencies.
New threats
Talking about growing threats, researchers demonstrated a new variant of Rowhammer that affects DDR3, DDR4, LPDDR4, and LPDDR4X memory chips. The week also widespread use of ‘COVID-19’ threat as a channel to spread AZORult trojan and FormBook info-stealer.