Cyware Daily Threat Intelligence October 31, 2018

Security experts discovered that the SamSam ransomware has infected 67 organizations across the globe in 2018. Of the 67 organizations targeted, over 80 percent are located in the US. The ransomware also targeted a small number of organizations in Portugal, France, Australia, Ireland, and Israel. Unlike other ransomware variants, SamSam attacks begin remote desktop protocol (RDP) compromise via either brute force attacks on networks or by using stolen credentials.

Security researchers have discovered a unique ransomware called CommonRansom. Apart from demanding a Bitcoin ransom, the malware also demands remote desktop protocol (RDP) access and admin credentials. Although the ransomware is still not considered to be a major threat, the Bitcoin address linked to it has seen some activity. 65 bitcoins were transferred out of this bitcoin address and sent to another account that has received funds from over 11,000 other bitcoin addresses. 

Eurostar recently detected an intrusion attempt which prompted them to reset the passwords to all user accounts. The breach involved hackers using users' email and passwords to infiltrate systems. The malicious activity was recorded between October 15 and 19. It is still uncertain whether the attack led to any loss of data. 

The predictive policing tool, Predpol, accidentally exposed information regarding 17 communities and police departments that it is working with. According to researchers, Predpol assigns easy-to-guess subdomains to each Predpol customer. The subdomains are login portals for police officers. These subdomains were found to be associated with American cities, which suggest that PredPol has likely been quietly implemented in police departments across the US.