Cyware Daily Threat Intelligence October 8, 2018

Around 19,000 MikroTik routers in India have allegedly been infected with the Coinhive malware that is designed to mine for Monero. IPSs have been unwittingly distributing infected routers. The cybercriminals behind this campaign have been exploiting CVE-2018-14847 - a critical vulnerability that affects all versions of RouterOS through 6.42. Although a patch has already been issued, experts believe that over 200,000 routers yet to have applied it, and are still vulnerable. 

A dark web malware development builder called Gazorp has been offering threat actors a relatively simple means of creating their own custom AZORult malware variants. The malware is a powerful data stealer that is capable of pilfering credentials, payment card data, as well as cryptocurrency wallet data. Gazorp offers crooks a new dashboard panel and code upgrades like a global heat map that provides country-by-country statistics. Gazorp links to a Telegram channel to update users on their activity and to share updates on the project.

Experian suffered a breach that could have allowed cybercriminals to potentially obtain PIN numbers, unfreeze credit reports and open new accounts in someone else’s name. The flaw was discovered in Experian's process to retrieve a PIN that safeguards a frozen Experian credit report. Fortunately, Experian has addressed the flaw. Existing PINs should be changed by permanently removing the current Experian credit freeze and placing a new freeze. This can be done online or over the phone. Users should check their Experian credit report for any fraudulent accounts.

The Tillamook Chiropractic Clinic was hit by hackers who stole 4,058 patients' medical records and other sensitive information. The clinic discovered that for over two years, its systems were harboring a malware that allowed the attackers to pilfer sensitive information. The stolen data includes patient name, diagnoses, lab results, medications, addresses, phone number, insurance billing information, driver’s license, date of birth, social security numbers (for Medicare patients only), bank account and routing numbers, as well as employee payroll data.