Cyware Weekly Threat Intelligence, May 04 - 08, 2020

Weekly Threat Briefing • May 8, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • May 8, 2020
The Good
The week comes to an end on a positive note with several governments making advances in tackling COVID-19 related cyberattacks. The OCR released a set of cyber threat resources for healthcare providers to deal with privacy and security threats. Meanwhile, Singapore’s government intensified its monitoring of local e-commerce platforms to remove fake products purporting to treat the disease.
Europol arrested five Polish hackers who were part of the Infinity Black hacking group. The group, formed in late 2018, was primarily known for stealing and selling users’ credentials.
Researchers announced a decryption key for GoGoogle ransomware that was first spotted in April 2020. The malware, which is written in Go language, generates encrypted files with the .google extension.
Singapore’s government scraped more than 1,700 fake COVID-19 related products from e-commerce sites. The purpose was to prevent users from falling victim to false and misleading claims about the disease.
The Office for Civil Rights (OCR) issued a list of COVID-19 related cyber threat resources to help healthcare providers prevent, detect, respond, and recover from privacy and security threats. The initiative was taken due to an increase in targeted attacks against the healthcare sector.
The Bad
Coming to data leaks, Tokopedia, StorEnvy, and Unacademy lost control of their users’ personal data after threat actors gained unauthorized access to their databases. The leaked data included names, birth dates, email addresses, and other confidential details of their customers.
Threat actors exploited a Salt software vulnerability to hack into several companies. Some of the impacted ones included the Ghost blogging platform, Lineage OS, and Xen Orchestra.
GoDaddy reported a security breach that occurred in October 2019. The incident took place after an unauthorized individual accessed some users’ web hosting accounts via SSH.
CAM4 exposed over 4TB of PII of its users due to a misconfigured database. The exposed PII included names, private conversations, and IP addresses of users.
An unprotected database potentially exposed over 10,000 legal documents containing sensitive details of commercial property owners. The cache of documents included owners’ house property transaction forms with other authentication details.
French floor surfaces company, Tarkett, fell victim to a cyberattack, resulting in a disruption in its operations. The attack occurred on April 29, 2020.
Threat actors leaked details of around 91 million Tokopedia users online. The exposed data included names, emails, and birth dates of users.
Hackers sold records of 22 million Unacademy users after gaining access to their database. The database was put for sale at a price of $2000.
Nintendo was hit by a data leak wherein the source code, demos, videos, and other content for Wii, N64, and GameCube gaming consoles were found on the internet. The details were leaked on Dexerto and later on 4Chan.
Taiwan’s Formosa Petrochemical gas stations were hit by a malware attack. In another incident, a newly discovered ColdLock ransomware ransacked several organizations in Taiwan.
Details of 44 million Pakistani mobile users were put leaked online this week. The records included customers’ full names, home addresses, phone numbers, and National Identification Numbers.
Attackers breached StorEnvy’s database to steal and leak personal details of over 1.5 million customers and merchants. The data contained emails, passwords, full names, usernames, IP addresses, city, gender, and links to social media profiles.
Maze ransomware operators claimed that they hacked and stole data from a Minnesota-based egg supplier, Sparboe. The operators broke into the company on May 1, 2020.
Shiny Hunters group, who previously offered databases of the Tokopedia, Unacademy, and Microsoft’s GitHub repositories for sale, also sold user records stolen from HomeChef, ChatBooks, and Chronicle.com.
New threats
Talking of new threats reported this week, malicious actors leveraged the wide usage of video-conferencing apps like Zoom and Cisco Webex to launch attacks. While a fake Zoom installer distributed RevCode WebMonitor RAT, a fake Cisco Webex phishing email tricked victims into sharing their credentials.