Cyware Weekly Cyber Threat Intelligence August 20 -24, 2018

The Good

• The DHS is launching a program called the risk radar next year. The program is aimed at helping government agencies better understanding and implementing their cybersecurity strategies. The radar will take a close look at the cyber threats agencies face, and their readiness to respond to those threats.
• US government agencies and businesses are collaborating to launch Project Spartacus, which aims to protect the national energy grid from potential cyber and EMP attacks. The project’s announcement comes as intelligence leaders are raising new fears of an attack and as business and some in the military are beginning to make plans for a lights out event.
• Microsoft managed to thwart a new campaign orchestrated by Russia-backed Fancy Bear hackers. The campaign targeted US think tanks and GOP critics of US president Donald Trump. Microsoft believes that the new campaign is Russia’s renewed attempt to influence the upcoming US midterm elections.
• The UK National Cyber Security Centre (NCSC) has recognised The University of Kent, King's College London and the University of Cardiff as academic centres of excellence in cybersecurity. The three universities join a list of 14 other institutions in a scheme forming part of the government's National Cyber Security Strategy, which aims to make the UK a world leader in cybersecurity.

The Bad

• Augusta University Health exposed over 400,000 patients sensitive healthcare records. The organization was hit by two separate phishing attacks. Investigators discovered that an email account accessed earlier by an unauthorised user may have given access to a number of internal email accounts.
• Superdrug was hit by hackers who held the firm’s customers’ data to ransom. The UK health and beauty retailer has been sending emails out to those affected after reports suggested hackers contacted the firm on Monday to say they had data on 20,000 customers.
• Animoto suffered a data breach that exposed users’ personal data and location data. Although it is still unclear as to how many users were affected by the breach, Animoto is alerting all 22 million of its users about the breach.
• Spyfone, a company that offers parents and employers mobile spyware, inadvertently exposed terabytes of user data. The breach was caused due to an unprotected Amazon S3 bucket and exposed information such as selfies, location data, text messages and more.

New Threats

• The BackSwap malware, which is believed to have emerged in March, was discovered targeting banks in Poland and Spain. The malware contains the features of the Tinba trojan and like other banking trojans, uses malicious scripts to modify what victims see on their bank’s website in classic man-in-the-browser (MitB) style.
• The Dark Tequila malware campaign was found targeting victims in Mexico. The cybercriminals conducting the campaign are looking to steal financial information and login credentials to popular websites. Dark Tequila has been active since 2013, deliver the malware via either spearphishing or USB devices.
• The cybercriminals behind the Ryuk ransomware have targeted multiple organizations across the globe, raking in over $640,000. The Ryuk ransomware was found to have several similarities with the Hermes ransomware, which is believed to be operated by the Lazarus Group.
• The North Korea-backed Lazarus Group was found distributing Mac malware for the first time ever. Lazarus targeted an Asia-based cryptocurrency exchange with its old malware Fallchill, which had been upgraded to target both Windows and Mac users.