Go to listing page

Cyware Weekly Cyber Threat Intelligence August 20 -24, 2018

Cyware Weekly Cyber Threat Intelligence August 20 -24, 2018

Share Blog Post

The Good

Its Friday again and that means it's time for your weekly roundup of all the biggest cyber stories that happened over the past week - the good, the bad and the surprising. However, before we jump into the world of malware, vulnerabilities and breaches, let's look at some of the positive developments that occured in cyberspace this week. The US Department of Homeland Security (DHS) is launching a “risk radar” to help government agencies better understand and implement their cybersecurity strategies. Dozens of US private and government organizations are collaborating on “Project Spartacus” to protect the energy grid from cyberattacks.

  • The DHS is launching a program called the risk radar next year. The program is aimed at helping government agencies better understanding and implementing their cybersecurity strategies. The radar will take a close look at the cyber threats agencies face, and their readiness to respond to those threats.
  • US government agencies and businesses are collaborating to launch Project Spartacus, which aims to protect the national energy grid from potential cyber and EMP attacks. The project’s announcement comes as intelligence leaders are raising new fears of an attack and as business and some in the military are beginning to make plans for a lights out event.
  • Microsoft managed to thwart a new campaign orchestrated by Russia-backed Fancy Bear hackers. The campaign targeted US think tanks and GOP critics of US president Donald Trump. Microsoft believes that the new campaign is Russia’s renewed attempt to influence the upcoming US midterm elections.
  • The UK National Cyber Security Centre (NCSC) has recognised The University of Kent, King's College London and the University of Cardiff as academic centres of excellence in cybersecurity. The three universities join a list of 14 other institutions in a scheme forming part of the government's National Cyber Security Strategy, which aims to make the UK a world leader in cybersecurity.

The Bad

This week saw several major data breaches and attacks. Augusta University Health exposed over 400,000 patients sensitive healthcare records. Superdrug was hit by hackers and a spyware firm exposed terabytes of data.

  • Augusta University Health exposed over 400,000 patients sensitive healthcare records. The organization was hit by two separate phishing attacks. Investigators discovered that an email account accessed earlier by an unauthorised user may have given access to a number of internal email accounts.
  • Superdrug was hit by hackers who held the firm’s customers’ data to ransom. The UK health and beauty retailer has been sending emails out to those affected after reports suggested hackers contacted the firm on Monday to say they had data on 20,000 customers.
  • Animoto suffered a data breach that exposed users’ personal data and location data. Although it is still unclear as to how many users were affected by the breach, Animoto is alerting all 22 million of its users about the breach.
  • Spyfone, a company that offers parents and employers mobile spyware, inadvertently exposed terabytes of user data. The breach was caused due to an unprotected Amazon S3 bucket and exposed information such as selfies, location data, text messages and more.

New Threats

Over the past week, numerous new malware, vulnerabilities and scams were discovered by security experts. The BackSwap malware was discovered targeting global banks. A new malware campaign called Dark Tequila was found targeting Mexican users and the Lazarus group was found distributing Mac malware for the first time.

  • The BackSwap malware, which is believed to have emerged in March, was discovered targeting banks in Poland and Spain. The malware contains the features of the Tinba trojan and like other banking trojans, uses malicious scripts to modify what victims see on their bank’s website in classic man-in-the-browser (MitB) style.
  • The Dark Tequila malware campaign was found targeting victims in Mexico. The cybercriminals conducting the campaign are looking to steal financial information and login credentials to popular websites. Dark Tequila has been active since 2013, deliver the malware via either spearphishing or USB devices.
  • The cybercriminals behind the Ryuk ransomware have targeted multiple organizations across the globe, raking in over $640,000. The Ryuk ransomware was found to have several similarities with the Hermes ransomware, which is believed to be operated by the Lazarus Group.
  • The North Korea-backed Lazarus Group was found distributing Mac malware for the first time ever. Lazarus targeted an Asia-based cryptocurrency exchange with its old malware Fallchill, which had been upgraded to target both Windows and Mac users.


fancy bears
man in the browser attack

Posted on: August 24, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.