Cyware Weekly Threat Intelligence, October 12 - 16, 2020

Weekly Threat Briefing • Oct 16, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Oct 16, 2020
The Good
The network router is an easy target for cybercriminals who are looking for ways to breach home networks. Following the rise in cybersecurity incidents due to vulnerable routers, the Singapore government has published a list of new security protocols for new home routers. The new mandate will come into action from April 13, 2021. Meanwhile, North Carolina has launched a cybercrime hotline owing to the rise in losses due to COVID-19 scams.
North Carolina started a cybercrime hotline following the rise in financial losses owing to COVID-19 related cyber scams. State residents have reported COVID-19- related fraud losses of over $4 million since March, according to FTC data.
The U.S. Government Accountability Office (GAO) called out the Federal Aviation Administration to take action to protect modern commercial airplanes from cyberattacks. The agency warned that if avionics systems are not properly protected, they could be at risk of a variety of cyberthreats.
The U.K. government announced plans to implement advanced offensive and defensive cyber capabilities to disrupt the critical infrastructure of adversaries. This initiative will be primarily steered by GCHQ.
The Singapore government introduced a new list of security requirements for home routers that will come into action from April 13 next year. The enhanced requirements include unique login credentials for each device, minimum password strength, disabling of system services, and download of firmware updates.
The Bad
Several large data leak incidents made headlines this week, out of which a major portion of the data was leaked by Broadvoice VoIP provider. The firm had leaked more than 350 million customer records due to a misconfigured Elasticsearch database. In another incident, cybercriminals made away with over $22 million funds from the Electrum wallet app after tricking users into a fake wallet update message.
Ransomware attacks continued to freeze their targets’ operations by encrypting their systems. This week, the affected organizations include the names of Ubisoft, Crytek, Software AG, and Seyfarth Shaw.
A cyberattack on Barnes and Noble’s Nook services disrupted users’ ability to access Nook libraries, their previous purchases, and more. Malware infection on POS systems was claimed to be the reason behind the attack.
Several government agencies across the globe also came under attack in different incidents. The targeted agencies include the foreign ministry in Norway, Hackney Council in London, and two government departments in Iran.
The week also witnessed several unsecured database instances, exposing a wide range of sensitive data belonging to different firms. The impacted organizations were teamDigital, Intcomex, Broadvoice, and Panion.
Cybercriminals stole more than $22 million in user funds in multiple campaigns targeting Electrum wallet app for more than two years. The attack was carried out through a social engineering technique, wherein users received a false message for updating their wallets.
A threat actor group named Spectre123, allegedly leaked sensitive data from NATO and Havelsan online. The documents included work files, proposals, contracts, 3D designs, resumes, excel sheets containing raw materials information, and financial statements.
Joker’s Stash dark market forum was abuzz after a hacker dumped card details for 3 million Dickey’s Barbecue Pit users. The data, which was compromised between July 2019 and August 2020, was sold for a median price of $17 per card.
New Threats
The week grabbed the attention of security experts due to the rise of the TrickBot trojan from ashes. Despite the takedown of its backend infrastructure, the trojan made its comeback in a new form by replacing the affected domains with fresh ones. That’s not all, the gang also enhanced the capabilities of BazarLoader backdoor to distribute Ryuk ransomware onto victims’ machines.