Go to listing page

Cyware Weekly Cyber Threat Intelligence December 24-28, 2018

Cyware Weekly Cyber Threat Intelligence December 24-28, 2018

Share Blog Post


The Good
 
The last Friday of the year is here. Let’s welcome the last weekend of 2018 with the most interesting cybersecurity news of the week. Let’s start with all the positive events and advancements that happened in the cybersecurity community over the past week. NIST is out with the final version of its Risk Management Framework (RMF) 2.0 update providing organizations with a new guideline to define and manage risk. The UK government announced a new standard for cybersecurity that protects driverless cars from hackers.
  •  The National Institute of Standards and Technology issued out with the final version of its Risk Management Framework (RMF) 2.0 update, providing government agencies and commercial enterprises with a new guideline that aligns risk, privacy, and cyber-security controls.
  • The UK government has announced a new standard for cyber security to protect driverless cars from hacking. This new standard is also designed to attract investment in the UK’s autonomous vehicle industry.
 
The Bad
 
Over the past week, quite a few data breaches and cyber attacks have occurred. The San Diego School District was hit by a massive data breach. Cybercriminals were spotted selling the personal information of American children on different dark web markets. BevMo was hit by a massive data breach, compromising the payment card data of 15,000 customers. Meanwhile, cybercriminals hacked Electrum bitcoin wallets, stealing over 200 bitcoins worth $750,000.
 
  • The San Diego School District was hit by a data breach compromising the personal data of over 500,000 staffers and students. SDUSD suffered a data breach after cybercriminals launched a targeted phishing attack against a staffer to gain access to login credentials and use it to infiltrate the school district’s networks.
  • Cybercriminals were recently found selling the personal information of American children on different dark web markets. Information such as children's names, addresses, phone numbers, dates of birth, and Social Security Numbers were being advertised on underground markets. While the individual set of information is being sold at $10, bundles of sets are also being advertised at $490 or as high as $790.
  • BevMo was hit by a massive data breach recently. The cybercriminals gained unauthorized access to the BevMo website and installed a malicious code on the checkout page. The breach impacted nearly 15,000 customers and saw hackers compromise both credit card and personal information of customers.
  • Attackers recently hacked Electrum wallets, stealing over 200 bitcoins worth around $750,000. The attack resulted in the Electrum wallet apps displaying a message on users’ systems that asked them to download a malicious update from an unauthorized Github repository. The attack lasted for seven days and temporarily stopped after Github removed the attacker’s Github repository.
  • Nova Entertainment was hit by a data breach compromising over 250,000 users’ data. The personal information compromised in the breach includes usernames, passwords, residential addresses and other sensitive details of individuals. However, the firm confirmed that no financial information or copies of ID were affected.
 
 
New Threats

Over the past week, several new vulnerabilities, malware, and ransomware were discovered. A vulnerability in the ThinkPHP framework was exploited by the hacker group D3c3mb3r. A proof-of-concept that could be used to create a Facebook worm was published online. A bug in Orange modem leaked Wi-Fi credentials of thousands of users. After 18 months, WannaCry continues to be a persistent threat and lurk on infected computers. Meanwhile, few MacOS malware samples went undetected by most of the antivirus providers.
 
  • A hacker group named D3c3mb3r has been found exploiting the vulnerability on ThinkPHP framework to gain access to web servers. Another hacker group was also found exploiting the vulnerability to infect servers with the Miori malware.
  • A proof-of-concept that could be used to create a Facebook worm was recently published online. Anyone looking to target users on Facebook could use the worm to spread malware and perform other nefarious activities.
  • A vulnerability in Orange Livedox ADSL modem has leaked Wi-Fi credentials of thousands of users. Dubbed CVE-2018-20377, the vulnerability affects nearly 19,500 Orange modems. The vulnerability could also allow attackers to build IoT botnets.
  • The WannaCry ransomware continues to lurk on infected and vulnerable computers almost after 18 months since it first appeared. The ransomware made its first appearance in May 2017, infecting hundreds of thousands of computers, across 150 countries. Like other traditional ransomware variants, WannaCry encrypts files on the system’s hard drive and demands huge sums of ransom in exchange for decrypting data.
  • Three MacOS Malware samples went undetected by most antivirus providers. Four months after the attack by a mysterious hacker group on Mac users, few of its MacOS malware samples went undetected by most of the antivirus providers. One of these Mac malware variants is believed to have been linked to Windshift APT group that surveils individuals in the Middle East.
  • A new ransomware called JungleSec was spotted exploiting unsecured Intelligent Platform Management Interface (IPMI) cards to infect Windows, Mac, and Linux systems. The ransomware was first reported in early November 2018. However, there is no indication as to how many systems have been affected by the malware.
  • A new sample of Shamoon malware was uploaded recently to the VirusTotal on December 23, 2018. This new variant is signed with a digital signature. It tries to bypass detection by leveraging the digital certificate from the Chinese technology company Baidu. However, the digital signature is no longer valid as it expired on March 26, 2016.


 Tags

facebook worm
wannacry ransomware
d3c3mb3r
shamoon malware

Posted on: December 28, 2018


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite