Go to listing page

Cyware Weekly Cyber Threat Intelligence December 31, 2018 - January 4, 2019

Cyware Weekly Cyber Threat Intelligence December 31, 2018 - January 4, 2019

Share Blog Post

The Good

It’s time to welcome the first weekend of 2019 with the most interesting cybersecurity news of the week. The new year started on a good note with three positive events. USB Type-C Authentication Program was launched to protect against non-compliant chargers and malicious devices. The Department of Health and Human Services released a voluntary cybersecurity practices for the healthcare sector. Meanwhile, Automatic and Real-Time Detection and Mitigation System (ARTEMIS) with the release of an open-source software tool is aiming to detect and stop BGP attacks.

  • USB Implementers Forum (USB-IF) announced the launch of its USB Type-C Authentication Program, which aims to provide host systems the opportunity to protect against non-compliant USB chargers and mitigate risks from maliciously embedded hardware or software in USB devices.
  • The Department of Health and Human Services released a publication containing voluntary cybersecurity practices for the healthcare sector ranging in size from local clinics, healthcare centers to large hospital systems.
  • ARTEMIS is seeking to resolve the Border Gateway Protocol (BGP) attacks with the release of an open-source tool. This open-source software tool is aiming to detect and stop BGP attacks within one minute. ARTEMIS is funded by international agencies including the U.S. Department of Homeland Security, the National Science Foundation, the European Research Council.

The Bad

Several data breaches and cyber attacks have occurred over the past week. BlackMediaGames suffered a data breach compromising almost 7 million user accounts. Hackers hit Abine Blur password manager stealing private data of 2.4 million users. TheHackerGiraffe hacked thousands of Chromecasts to play PewDiePie videos. Meanwhile, hackers stole work details of almost 30,000 Victorian government employees.

  • BlackMediaGames was hit by a massive data breach compromising almost 7,633,234 user accounts. The breach was discovered after Dehashed, a Data-Mining and Hacked Database Search Engine, received an email that included the evidence of server access and provided details of the exposed database. The information compromised in the data breach included usernames, emails, passwords, IP addresses, Game & Forum activities, and payment information.
  • Abine Blur password manager suffered a data breach compromising private data of over 2.4 million users. The information compromised in the breach included users’ email addresses, first and last names, last and second-to-last IP addresses used to login to Blur, encrypted Blur passwords.
  • A new hacking campaign by TheHackerGiraffe hacked thousands of exposed Chromecasts, Smart TVs, and Google Home devices in order to stream a YouTube video promoting PewDiePie's YouTube channel, urging the users to subscribe to the channel and fix their devices.
  • The work details of almost 30,000 Victorian public servants have been stolen in a recent data breach. The breach took place when the Victorian Government directory was accessed and downloaded by an unauthorized person. The directory is available to public servants and contains work details such as work emails, job description, and work contact numbers.
  • Attackers have hacked a defector support center and stole the personal information of 997 North Korean defectors. The personal information stolen included names, dates of birth, and addresses. An employee of a defector support center received a malicious document via phishing email which compromised personal information of the defectors.
  • The Dark Overlord hacker group breached a law firm handling cases related to the September 11 attacks and threatened to leak the documents unless their ransom demands were met. The firms hacked by the Dark Overlord includes Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties.
  • The website of Luas, the tram system in Dublin, was hacked by attackers who also claimed to have gained access to the customers’ private data stored in the system. The attackers hacked the website and published a malicious message in the website threatening to expose customers' private data thereby demanding one bitcoin as ransom.

New Threats

While we were gearing up for the new year with celebrations and festivities, cybercriminals were found exploiting vulnerabilities and working hard to come up with new malware variants and ransomware. A new zero-day vulnerability in the Windows operating system has been discovered. A new version of NRSMiner was spotted leveraging EternalBlue exploit kit for propagation. A new Android malware dubbed ANDROIDOS_MOBSTSPY was found affecting users in almost 196 countries. Meanwhile, Ryuk Ransomware is suspected in the cyberattack on US Newspapers.

  • A new version of NRSMiner cryptocurrency mining malware has been spotted targeting vulnerable systems. The malware uses the EternalBlue exploit kit for propagation and is actively spreading in Asia.
  • The cybercriminals behind the massive attack against several major US newspapers are suspected to have used the Ryuk Ransomware. The affected newspapers include the Los Angeles Times, New York Times, Wall Street Journal, and the San Diego Union-Tribune.
  • A new zero-day vulnerability in the Windows operating system has been discovered recently. This is the fourth Windows zero-day discovered in last five months and it could allow attackers to overwrite a targeted file with random data. The vulnerability can further be used to conduct a denial-of-service attack on a machine.
  • A new Android malware was spotted hidden behind six android applications that were available for download in Google Play. The six apps include Flappy Birr Dog, Flappy Bird, FlashLight, Win7Launcher, Win7imulator, and HZPermis Pro Arabe. Out of these six apps, five have been removed from Google Play since February 2018. However, these apps have been installed at least 100,000 times by users across 196 countries.
  • Researchers have analyzed the propagation technique of the latest Emotet malware campaign. Attackers have used a downloader incorporated into a Microsoft Office file to propagate the malware in their latest campaign.
  • Several privilege escalation vulnerabilities were found in the MacPaw’s CleanMyMac X software. Researchers spotted 13 privilege escalation vulnerabilities in the software which could allow attackers to gain local access to victims’ machines. The attackers could then modify the file system as root.

 Tags

border gateway protocol
win7launcher
blackmediagames
win7imulator
hzpermis
artemis
eternalblue
pewdiepie

Posted on: January 04, 2019


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite