Cyware Weekly Cyber Threat Intelligence February 19 - 23, 2018

The Good

• Researchers at MIT have come up with a new chip that is hardwired to perform public-key encryption. The chip is highly energy efficient as it consumes only 1/400 as much power as software execution of same protocols would require. Furthermore, the chip uses about 1/10 as much memory and executes 500 times faster. The researchers have described the technique used in the chip as ‘elliptic-curve encryption’ that relies on a type of mathematical function called an elliptic curve.
• Quantum physics is gaining much importance in cybersecurity because of stronger security features it can help create. An Australian cyber security company is using quantum physics to create stronger data security tools. The entire concept focuses on the concept of quantum tunneling, an intriguing property in diodes, that paves way for the creation of stronger encryption keys. As per classical mechanics, Quantum tunneling is a phenomenon as per which a particle is able to cross a barrier that technically it should not be able to do. 
• The National Institute of Standards and Technology (NIST) has published the 'Attribute Metadata: a Proposed Schema for Evaluating Federated Attributes' in order to provide the basis for the evolution of a standardized approach to entity attributes. This is an internal report that can be used by public and private organizations. The report will not be imposed on the federal agencies. The purpose is to allow a system that uses federated IAM to better understand and trust different attributes; to apply more granular and effective access authorizations, and to promote the federation of attributes.

The Bad

• Tesla fell victim to the hackers this week when it came to be known that their cloud environment was exploited by hackers to mine cryptocurrencies. Security researchers reported the discovery of an unprotected Kubernetes console that belongs to Tesla. The console is used to automate the deployment, and for scaling and operating application containers and virtualized software among others. The researchers discovered that hackers have deployed mining scripts on Tesla’s unsecured Kubernetes instances to perform cryptojacking.
• Hackers stole away the personal details of at least 685,000 registered forum users of Hardware Zone. As per statistics, this breach is the largest breach in Singapore to date. Although the hacking took place in September 2017, it was discovered only this week when security researchers discovered suspicious posting from a senior moderator’s account that was found to be compromised by an unknown hacker.
• California seems to be on hackers radar. Now in a new breach, the hackers have stolen the personal data of thousands of state employees and contractors from the Department of Fish and Wildlife. However, what is different about this breach is that the data was stolen by an insider (former employee) who downloaded it to an unencrypted personal device and took the data outside the department’s perimeter. As of now, the threat actor has not been named by the department.
• The Russian Central Bank came with an astonishing revelation this week when it disclosed that unknown hackers had stolen $6 million from a Russian bank last year. The hackers had compromised SWIFT international payments messaging system. Although the bank did not provide much inside details of the hack but it did mention that the hackers employed a ‘common scheme’ to compromise SWIFT and steal the money.

New Threats

• The infamous Coldroot Remote Access Trojan is still found to be undetectable by popular antivirus engines. It would be essential to mention that the trojan code was uploaded and made freely available on GitHub for around 2 years. Initially, the trojan was created to target the Mac users and fill in the void of a RAT targeting Macs but since then it has expanded its domain to cover Linux and Windows also.
• Researchers have identified a multi-stage infection attack that deploys malware for stealing passwords from applications installed on the targeted computer. The attack is initiated through spam emails that are delivered via Necurs botnet. The botnet delivers macro-enabled documents including Word, Excel and PowerPoint documents. In the campaign, researchers found out that DOCX attachments containing en embedded OLE objects having external referenced were used.
• The famous peer-to-peer apps BitTorrent and uTorrent have been found vulnerable to hijacking flaws. A security researcher unearthed a number of DNS rebinding exploits in the Windows versions of the software. The bugs allow the hackers to resolve web domains to the user’s computer thereby providing the keys to the kingdom. The hackers are able to execute remote code, download malware to Windows startup folder, take hold of downloaded files and scan your download history. The bug impacts all the unpatched versions of the software.
• Researchers have unearthed new spam campaigns impacting a number of websites including the Bitcoin cryptocurrency. The spam campaign starts with the injection of a malicious script into different Joomla, WordPress and jBoss websites. The purpose is to create a binary file that is achieved by hiding the unwanted script on the embedded site. Once the binary file is created, the hackers misuse the PC’s CPU to access user’s computers to mine Bitcoin.