Cyware Weekly Threat Intelligence, October 07 - October 11, 2019

Weekly Threat Briefing • Oct 11, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Oct 11, 2019
The Good
Before we get ready to welcome the weekend, let’s explore all the cybersecurity happenings this week. We’ll start by looking at the positive advancements and then move to security compromises and threats. Researchers are working on a new technology called Cyber Anomaly Detection System that can warn pilots when there is a cyber attack. On the other hand, delegates from nearly 50 countries participated in the Warsaw Process cybersecurity group discussions in Seoul. Meanwhile, a new cybersecurity method inspired by the human body is being developed to predict cyber attacks.
Researchers are working on a new technology called Cyber Anomaly Detection System that can detect cyber intrusion on drones and military helicopters. This new warning system can detect attacks as of now. Future versions are expected to fight against attacks and possibly repair the damage.
The Warsaw Process cybersecurity group convened in Seoul on October 7 and 8. Nearly 50 countries participated in this meeting co-chaired by the Republic of Korea, Poland, and the United States. The delegates discussed promoting cyberspace stability, preventing malicious cyber activity, combating cybercrime, and safeguarding critical infrastructure.
Researchers are developing a new cybersecurity method that is inspired by the human body. Using machine learning, the system would be taught to recognize various cyber threats. This method is expected to predict an attack before it happens by observing changes in the environment.
A new machine-learning model that can detect serial hijackers before the attack, is being developed by researchers. The system can identify Autonomous Systems (ASes) that exhibit characteristics similar to that of serial hijackers. This will help proactively prevent hijackers from launching an attack.
The Australian Cyber Security Center (ACSC) has published a cybersecurity guide for small businesses. The guide provides information about the common cyber threats and ways to prevent them. It also outlines various software considerations and recommendations in terms of people and procedures that businesses can adopt.
The Bad
Several data breaches and incidents were reported this week. The website of T? Ora Compass Health was hit by a cyberattack possibly compromising the medical data of a million New Zealanders. The data of 8.7 million customers is being sold online after Beeline, the Russian internet service provider suffered a data breach. In other news, more than 6,500 firms were affected because of a cyber attack on eCommerce software company Volusion.
The T? Ora Compass Health notified of a cyber attack on its website that put the medical data of a million New Zealanders at risk. The possibly compromised information includes names, dates of birth, ethnicity, addresses, National Health Index Number, and enrolment information at medical centers. The attack occurred in August and officials were unable to confirm if any information was accessed.
Russian internet service Beeline fell victim to a data breach that resulted in the data of 8.7 million customers being sold online. The data contains personal information including names, phone numbers, and addresses. Beeline said that the compromised data belonged to Russian customers who opted for home broadband connections before November 2016.
Attackers launched a cyber attack on Volusion, an eCommerce software firm, impacting more than 6,500 firms. The attack involved delivering malicious code to harvest payment card details entered by users online. The attack was launched after the hackers gained unauthorized access to Volusion's Google Cloud infrastructure and injected malicious code to harvest payment details.
An unsecured cloud database belonging to Freedom Healthcare Staffing exposed over 957,000 healthcare records. The exposed data includes employee marital status, job seeker and recruiter data, and internal communication records among others. The database is now secured with a password and the data is encrypted with an algorithm.
UAB Medical’s payroll department was hit with a phishing attack that compromised the health information of 19,557 patients. Patient names, treatment information, dates of birth, diagnosis and certain patients’ social security numbers were among the compromised records. The medical center is sending out notifications to the affected patients.
An unauthorized access to TransUnion Canada web portal caused the leakage of consumer credit files. Credentials were stolen from a TransUnion customer with access to the web portal to launch the attack. With the right search query, credit files with name, date of birth, current and previous addresses, and credit information will be accessible to the attackers.
Malaysian firm Hibiscus Petroleum announced that it was hit by a cyber attack. Certain parts of the system that were affected were isolated and partially shut down. The firm said that the systems were being restored and production was not affected.
Methodist Hospitals in Indiana disclosed a possible exposure of data belonging to 68,039 individuals because of a phishing attack. Although there is no evidence yet of misuse of the information, officials have not ruled out the possibility. The exposed information includes names, usernames and passwords, Social Security Numbers, and dates of birth apart from other information.
New Threats
This week, a number of new threats were discovered. A decryptor for the Nemty ransomware that recovers impacted files has been published. In other news, a BitPaymer ransomware campaign exploiting a zero-day vulnerability in iTunes for Windows was reported. The United Kingdom NCSC issued a warning about APT groups leveraging vulnerabilities in certain enterprise VPNs.