Cyware Weekly Threat Intelligence, October 05 - 09, 2020

Weekly Threat Briefing • Oct 9, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Oct 9, 2020
The Good
With the rise in sophistication of cyberattacks, several government agencies have come up with different cybersecurity strategies to protect organizations and individuals. Acting in this direction, Singapore has decided to form a panel consisting of global experts to tackle cyberattacks against OT systems. On the other hand, DHS’ Science and Technology Directorate (S&T) has invented a new technology called TrustMS to protect apps against manipulation, buffer overflows, and execution of unintended code.
Singapore is planning to form a panel of global experts to tackle cyberattacks against OT systems. Additionally, it has unveiled a cybersecurity blueprint —based on 2016’s cybersecurity strategy —to focus on digital infrastructures and cyber activities.
The DHS’ Science and Technology Directorate (S&T) has designed a new technology called Trusted Mobile System (TrustMS) to secure apps from cyberattacks. It provides protection against exploits such as stack manipulation, buffer overflows, execution of unintended code, and even execution of an app’s code in incorrect order.
The NIST has launched a crowdsourcing challenge that aims to protect individual’s data privacy. The objective of this challenge is to safeguard the integrity of data when shared with vendors.
The Bad
Data leak incidents made headlines this week. Some of the victim organizations included Airline International UAE, SEPTA, and Chowbus. In addition to this, threat actors leveraged legacy software—Magento 1.x and PHP version 5.6.40—to compromise online stores in different skimming attacks.
A threat actor shared sensitive data of Airline International UAE for free on the dark web. The data was stolen from a misconfigured server that contained 60 directories with approximately 5,000 files each.
The Southeastern Pennsylvania Transportation Authority (SEPTA) struggles with the restoration process after falling victim to a ransomware attack in August. Post-attack, the employees were unable to access their emails and riders stopped receiving real-time travel information.
Food delivery service, Chowbus, exposed 800,000 user records after hackers gained unauthorized access to systems. The compromised data includes names, phone numbers, and email addresses of users. In another data leak incident, Snewpit exposed close to 80,000 user records due to an unsecured bucket.
Fraudsters siphoned off $15 million from a U.S. company in a well-planned BEC attack that lasted for about two months. They used Microsoft Office 365 email services as part of the evasion strategy.
The Fullz House threat actor group comprised the Boom! Mobile website and injected skimmer code into its checkout page to steal payment details of users. Researchers found that the website was compromised due to the use of an old version of PHP that is no longer supported. In another credit card skimming attack, threat actors targeted Playback Now customer sites with an aim to steal personal and financial details of users.
The insurance company, Ardonagh Group, was forced to suspend 200 internal accounts with admin privileges following a ransomware attack that occurred last week.
Philadelphia-based eResearchTechnology, which provides clinical trial oversight software to drug makers and testing firms, was recently hit by a variant of Ryuk ransomware. This limited the operations of clinical trials in testing firms.
Threat actors extorted about 20 Israeli cryptocurrency executives after hacking into their phones, Telegram accounts, and email accounts. The hack took place in September.
Several schools suffered cyberattacks in one form or another. Threat actors hacked several Swiss universities in a massive spearphishing attack to pilfer employee salary payments. Besides, Gulf Coast State College notified its students and employees about a data breach incident that took place between March 31 and June 3. The Springfield Public Schools district in Massachusetts was forced to shut its schools after a ransomware attack on October 8.
Wisepay, a Hampshire-based cashless school payments firm, pulled its website offline after spotting a miscreant trying to spoof its card payment systems. The intruder intended to steal customer payment card details.
Sam’s Club issued a breach notification to customers who were hacked in credential stuffing attacks. The activity was first detected in September.
New Threats
Talking about new threats, experts demonstrated a new fileless technique called Kraken that abuses Windows Error Reporting (WER) service as a defense evasion mechanism. Making headway, security researchers developed a new jailbreaking technique by combining checkm8 exploit and Blackbird vulnerability.