Cyware Daily Threat Intelligence November 2, 2018

Iranian networks were hit by a new, more aggressive and sophisticated variant of the Stuxnet malware. Although little is known about the new attack, such as how many firms were affected, the Iranian government said that it had successfully detected and thwarted the attack. The original Stuxnet malware struck Iran's nuclear systems eight years ago, damaging the centrifuges at a uranium enrichment center. The malware was believed to have been developed and deployed by the US and Israel. However, it is unclear as to who was behind the more recent attack. 

A new campaign pushing a new variant of Emotet has been discovered. The new Emotet variant is capable of stealing victims' emails, which may have escalated its capabilities to espionage. Harvesting data in mass provides a weaponized data-driven analytical capability which should not be underestimated. The malware can now also infiltrate and infect protected systems. Although Emotet was highly active in 2016, since late 2017, the malware's activities died down. However, the new campaign hints that the malware's operators may have been upgrading Emotet with new capabilities during the downtime. 

The Radisson Hotel chain suffered a data breach which affected some of its customers. The breach affected the members of the hotel's loyalty scheme. The information accessed by the attackers include members' name, address (including country of residence), and email address. It is still unclear as to how many customers were affected by the breach.

The Australian defense contractor and shipbuilder Austal was hit by hackers. Some of Austal's employees' email addresses and phone numbers were stolen by the attackers. However, the firm said that information relating to national security was not compromised. The attacker tried to sell certain materials on the internet and engage in extortion. However, Austal maintains that it will not now or in the future, respond to extortion attempts. 

81,000 Facebook accounts have been hacked and personal detailed leaked. The attackers claim to have gained access to 120 million accounts and have leaked data from 170,000 more accounts. The breach affects Facebook users in the UK, US, Brazil, Ukraine, and Russia. Facebook has denied having suffered another breach.