Cyware Weekly Threat Intelligence, September 28 - October 02, 2020

Weekly Threat Briefing • Oct 2, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Oct 2, 2020
The Good
With another week coming to an end, let’s take a quick glance at all the good developments that happened this week. America’s top law enforcement agencies plan to work with intelligence agencies to fight against foreign hackers. On the other hand, the Western Australian government has decided to come up with a new cybersecurity center that will provide further support to existing cybersecurity efforts across government.
America’s top law enforcement and intelligence agencies will work together as part of a new federal strategy to fight foreign hackers. The effort will improve targeting and prosecution of hackers who attack American organizations.
The Western Australian government has dedicated AU$1.8 million (~US$ 1.3 million) to establish a whole-of-government cybersecurity operations centre. It will provide further support to existing cybersecurity efforts across government and the dedicated cybersecurity team within the Office of Digital Government.
Researchers from CSIRO’s Data61 and the Monash Blockchain Technology Centre claimed to have developed the world’s most efficient blockchain protocol that is both secure against quantum computers and protects the privacy of its users and their transactions. The technology can be applied beyond cryptocurrencies, such as digital health, banking, finance and government services.
The Bad
It’s raining ransomware and this week’s targeted victim companies include the names of United Health Services (UHS), Arthur J.Gallagher & Co. and CMA CGM. In other news, the FBI is investigating an ongoing BEC campaign in which $15 million have been stolen from at least 150 victims.
Two popular flight tracking websites, Flightradar24 and PlaneFinder, had their services disrupted following multiple attacks. In a different incident, Swatch Group was also forced to shut down some of its operations due to a cyberattack. It is unclear which threat actor groups were behind these attacks and which malware was used to infect the systems.
A European fashion retailer, BrandBQ, exposed seven million customer records due to a misconfigured Elasticsearch server. The compromised data included full names, home addresses, dates of birth, phone numbers, and payment records of individuals.
In another incident, Kylie Cosmetics reported a data breach due to the security incident at Shopify Inc. According to Shopify, the compromised data included basic contact details such as email, name, and address, as well as order details.
A technical issue in Airbnb service on desktop and mobile web platforms caused the leak of a limited amount of data. The exposed information included personally identifiable information, such as addresses of hosts and details of Airbnb properties.
REvil operators deposited $1 million in a hacker forum as part of their recruitment drive. The deposit illustrates the amount of money that attackers are generating from ransomware operations.
Meanwhile, the Ryuk ransomware claimed its attack on United Health Services (UHS). The attack, which occurred on Monday, affected IT networks at UHS facilities across the U.S. French shipping giant CMA CGM was also affected in a different ransomware attack, where the attackers encrypted some of the company’s files and demanded a ransom for the decryption key.
The U.S.-based Arthur J.Gallagher & Co. and the Ashtabula County Medical Center were also targeted in different ransomware attacks. While the malware used in the attacks is unknown, the firms took concrete steps to contain the spread.
The FBI is investigating an ongoing BEC campaign in which $15 million have been stolen from at least 150 victims. The campaign uses social engineering techniques to impersonate senior executives using Microsoft Office 365 email services. So far, a majority of these attacks have targeted organizations in the U.S.
New Threats
In new threats, researchers discovered new variants of the InterPlanetary Storm botnet and Android/SpyC23.A. While the new version of InterPlanetary Storm botnet uses brute-force attacks to get into systems, the new variant of Android/SpyC23.A spyware is distributed via a fake app store in the form of AndroidUpdate, Threema and Telegram apps.