Cyware Weekly Threat Intelligence, May 18 - 22, 2020

Weekly Threat Briefing • May 22, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • May 22, 2020
The Good
Enhancing users’ privacy and security while surfing online has been a primary focus of web browsers. Keeping this in mind, Google has introduced Enhanced Safe Browsing protection in Chrome to protect users from phishing attacks and malicious file downloads. On the other hand, security researchers managed to dissect the source code of the GhostDNS exploit kit after hackers uploaded the file on an unprotected file-sharing platform.
Security researchers obtained the source code of GhostDNS exploit kit which was left unprotected by hackers. This allowed the experts to analyze the functionalities of the router hijacking exploit kit.
The Security Service of Ukraine (SSU) took into custody a threat actor named Sanix, who is responsible for putting a massive database - named Collection1 - of 773 million email addresses and 21 million passwords up for sale last year.
French police cracked down on an international ATM jackpotting group by arresting two suspects. It is said that the criminal group worked across Europe to insert malware into ATMs.
Google added Enhanced Safe Browsing protection in Chrome to protect users from phishing sites, malicious file downloads, and cross-product alerts.
Tutanota is working with the L3S Research Institute of Leibniz University on a new project called PQmail that aims to keep email secure by using post-quantum cryptography for encryption.
The Bad
This week saw the leak of confidential data belonging to several organizations such as Toll Group, Fresenius Medical Care unit, and Covve. Most of the leaked data included personal details of either employees or customers.
After the Texas court system, the state transportation agency fell victim to a ransomware attack. Some of the features of the department’s website were unavailable due to the attack.
Confidential data belonging to the Toll Group made its way to dark web forums. This included personal data of some former and current employees.
More than 2,000 Israeli websites were defaced to show an anti-Israeli message. Attributed to a hacker group called ‘Hackers of Savior,’ the attacks were executed by exploiting a vulnerability in a WordPress plugin.
Snake ransomware operators shared a small batch of data stolen from the Fresenius Medical Care unit on a paste website. It contained less than 200 records that included first and last names, gender, birth dates, postal addresses, and phone numbers of patients.
Details of 40 million users registered on the Wishbone app were sold for a price of approximately $8000 on a dark web marketplace. The breached data included usernames, email addresses, and hashed passwords of users.
A flaw in the website of the Paycheck Protection Program exposed the personal data of several claimants in Arkansas and Chicago. The issue also impacted the business of Bank of America after information for some of its clients, who applied for loans, were leaked on the internet.
A database containing 129 million records of Russian car owners was offered for sale on the dark web. The dataset included model numbers, registration dates, and manufacturing dates of cars.
A cybercriminal group that hacked Grubman Shire Meiselas & Sacks last week, auctioned the sensitive documents of the international singer, Madonna, after claiming to have sold the data related to the US President.
Covve leaked 23 million email addresses and other personal information details due to an unprotected Elasticsearch database. In total, the database contained 90GB of personal information.
A threat actor leaked a trove of personal and electoral data belonging to 2.3 million Indonesian citizens. The data appeared to be stolen from the official website of the General Elections Commission of Indonesia.
New Threats
Talking of new threats reported this week, Netwalker operators improved the evasion capabilities of the ransomware by integrating a reflective dynamic-link library (DLL) injection technique. On the other hand, researchers uncovered a new attack method against networking chips that leverages a class of vulnerabilities called Spectra.