Go to listing page

Cyware Weekly Cyber Threat Intelligence December 17 - 21, 2018

Cyware Weekly Cyber Threat Intelligence December 17 - 21, 2018

Share Blog Post

The Good
 
With Christmas around the corner, let’s gear up for the festive weekend with the most interesting cybersecurity news of the week. Let’s first take a look at all the good events that occurred in the past week. South Korea’s Financial Supervisory Services and SK telecom together have developed an AI to prevent voice phishing attacks. Google engineers are working on blocking the ‘Back button’ hijacking of browser history. Meanwhile, Cybersecurity and Infrastructure Security Agency Act has been passed.
 
  • South Korea’s Financial Supervisory Service and SK telecom together develop AI to prevent voice phishing attacks. The Financial Supervisory Services will provide data on financial fraud while the SK telecom will develop an AI system that alerts callers on phishing call.
  • Google is working on blocking the ‘Back button’ hijacking of Chrome browser. Google engineers are currently working on an update that will block malicious websites from hijacking the Chrome browser's history and, indirectly, the Back button.
  • Cybersecurity and Infrastructure Security agency bill has been passed. The bill will replace the National Protection and Programs Directorate with the new Cybersecurity and Infrastructure Security Agency. The White House has agreed to a Senate version of the Cybersecurity and Infrastructure Security Agency (CISA) without opposition.
 
The Bad
 
Over the past week, several data breaches and massive cyber attacks have occurred. Brazilian IT firm Tivit was hit by a massive cyber attack. Facebook data breach exposed 6.8 million users’ photos. Twitter suffered a data breach and suspects state-sponsored hackers to be behind the attack. Meanwhile, Nasa suffered a data breach affecting its employees’ personal information.
 
  • A massive cyber attack hit Brazilian IT firm Tivit that exposed its clients' credentials online. Tivit confirmed that nine of its employees fell for an email phishing attack last week. This incident involved data from 19 other companies including Faber, Zurich, Banco Original, SAP and more.
  • Data breach hit Facebook exposing 6.8 million users’ photos. The social networking site has come under fire again for a new API bug leaked private photos of 6.8 million users to third-party apps. The leaked photos were accessible by 1,500 apps built by 876 developers.
  • Twitter suspects state-sponsored threat actors to be behind its recent data breach. The attack targeted one of Twitter’s support forms which the account users use to contact Twitter about the issues they have with their account. Twitter confirmed that the data breach did not expose full phone numbers or any other private data.
  • Hackers hit the University of Vermont Health Network. Elizabethtown Community Hospital suffered a data breach as one of their employee’s email account was remotely accessed by an unauthorized user. The hospital confirmed that the data breach did not involve the hospital’s computer networks or electronic medical records.
  • Government payment portal Click2Gov hit by cyber attack. The payment system in dozens of town across the US got hacked by cybercriminals. Security research firm confirmed that at least 294,929 payment records have been compromised in 46 U.S cities. The criminals have earned approximately $1.7 million by selling the records on the Dark Web for $10 per record.
  • Nasa suffered a data breach affecting its employees’ personal information. The US National Aeronautics and Space Administration (NASA) disclosed that it has suffered a data breach that may have resulted in the compromise of personal information of both current and former employees.
  • Facebook gave Spotify, Netflix, and Royal Bank of Canada read and write access to users’ private messages. The most popular social networking site Facebook is in data-sharing partnership with Apple, Amazon, Microsoft, Spotify, Netflix, Royal Bank of Canada, Yahoo, and more.
  • Nine Managed service providers including HPE and IBM targeted in APT10 attacks. The Chinese cyber espionage group APT10 also known as MenuPass, Red Apollo, Stone Panda was accused of hacking a large number of managed service providers including HPE and IBM.
  • Caribou coffee chain suffered a data breach impacting 239 stores. Cybercriminals gained unauthorized access on to the coffee chain’s point of sale (POS) systems as a result of which customers’ data were exposed.
 
New Threats
 
Several vulnerabilities, malware, and ransomware were discovered over the past week. Magecart’s card skimming tool was up for sale in the Dark Web. Researchers uncovered computer chip vulnerabilities that could lead to failures in modern electronics. GrandCrab ransomware was spotted using fileless techniques. Shamoon malware returns with a new variant. New malware built for SEO injection spotted targeting WordPress. Meanwhile, Microsoft releases an emergency patch for zero-day in Internet Explorer.
 
  • Malware and weaponized memes are the latest threat in cyberspace. Cybercriminals are combining memes with malware to conduct various malicious activities. Hackers have been spotted using steganography to embed malicious payloads within memes to bypass security solutions and perform various malicious activities.
  • Magecart’s card skimming tool was up for sale in the Dark Web for $1300. Magecart’s card skimming tool, which was used to hack British Airways and Ticketmaster, is now available for sale on a dark web forum. The tool consists of two components - a standard universal payment card sniffer and a control panel.
  • PewDiePie supporters hack 50,000 printers to highlight vulnerabilities in the printers. A hacker said that due to the flaws in a printer’s firmware, it was possible to write random data onto to the chip. The vulnerabilities can allow hackers to steal sensitive documents as they get printed.
  • Vulnerabilities in high?performance computer chips have been uncovered by researchers that could lead to failures in modern electronics. The vulnerabilities could damage the on-chip communications system and shorten the lifetime of the whole computer chip by adding malicious workload.
  • GrandCrab ransomware was spotted using fileless techniques. Fileless ransomware attacks operate by taking default Windows tools, particularly PowerShell and Windows Management Instrumentation (WMI), and using them for malicious activities.
  • Shamoon malware returns with a new variant. Earlier last week, the disk-wiper malware was spotted back in action, with not just one, but two occurrences. The second sighting observed a different strain of the malware and was uploaded to VirusTotal on December 13, 2018, from a user in the Netherlands.
  • Mash-up toolkit is made up of leaked source code of backdoors and publicly available tools GhOst Rat and NetBot attacker. The toolkit also contained parts of the Remote Control System (RCS) surveillance tool.
  • A new malware designed for SEO injection has been found targeting WordPress sites. The malware uses an innovative approach to evade detection by web admins. The malware is found targeting two different sites used by English and Korean-speaking searchers for ‘free’ downloads.
  • Microsoft releases an emergency patch for zero-day in Internet Explorer. The vulnerability could allow an attacker to gain control of the target system, install malicious programs, create other user accounts, and read or modify data.
  • One more Mirai IoT botnet variant discovered. Researchers discovered a  new Mirai malware variant called Miori which exploits an RCE bug in the ThinkPHP framework. Miori performs a brute force attack via Telnet to infect IoT devices with weak or default authentication to join them to a DDoS botnet.

 
 
 


 Tags

mash up toolkit
shamoon malware
seo injection
magecarts card skimming tool
grandcrab ransomware
fileless techniques

Posted on: December 21, 2018


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite