Go to listing page

Cyware Weekly Cyber Threat Intelligence June 11 - June 15, 2018

Cyware Weekly Cyber Threat Intelligence June 11 - June 15, 2018

Share Blog Post

The Good

As Friday comes around again, it’s time to round-up the latest in cybersecurity news this week. Major advancements were made by governments and researchers towards bettering security and safeguarding of digital systems and data. Australia formed a task force to protect elections against cyberattacks, while Canada unveiled a new national cybersecurity strategy. US lawmakers introduced the ENCRYPT bill. Meanwhile, researchers developed a transmitter to protect IoT devices.

  • Australia formed a new Electoral Integrity Task Force to safeguard its election process against cyberattacks. The task force’s spokesperson described the task force as a “precautionary measure, which in the age of increasing levels of cyber-enabled interference and disruption, will need to become the norm.” The announcement comes just weeks before the five federal by-elections, slated to be held next month.
  • Canada unveiled its new cybersecurity strategy to bolster its defenses and protect the country and its citizens against evolving threats. Backed by an investment of CA $500 million to be spent over the next five years, the plan includes the establishment of a new cybersecurity center, a certification program for small businesses to escalate their defense systems and more.
  • US lawmakers reintroduced the “Ensuring National Constitutional Rights for Your Private Telecommunications” bill to create a national standard for encryption. The ENCRYPT act aims to regulate data encryption rules across the country and prevent states from passing their own laws that undermine encryption or similar technologies.
  • The FBI arrested 74 scammers in a massive global business email compromise (BEC) crackdown that involved attempts to steal data and funds from individuals and businesses. Thanks to a six-month long global operation named Operation Wire Wire, 42 scammers were arrested in the US, 29 in Nigeria and 3 in Canada, Poland and Mauritius.
  • MIT researchers developed a novel “frequency-hopping” transmitter to help protect IoT devices against hackers. The transmitter frequency hops every individual 1 or 0 bit of a data packet that a device sends out to a unique, random frequency. This is done every microsecond, thus preventing attackers from intercepting or manipulating the data.

The Bad

This week saw a fresh trove of breaches and cyberattacks. Dixons Carphone disclosed a data breach affecting 59 million customers while Weight Watchers exposed its internal IT infrastructure on an unprotected server. A Chilean bank was hit with a disk-wiping malware. Chinese hackers stole undersea warfare data from a US Navy contractor, while La Liga app was caught using smartphones to detect illegal football broadcasts.

  • Dixons Carphone disclosed a massive data breach that compromised 5.9 million customer cards and 1.2 million personal records. The electronics retailer said it discovered the breach following a review of its systems and data. Although 5.8 million of the cards compromised have chip and pin protection, 105,000 payments from outside the EU do not and were thus compromised.
  • Banco de Chile was hit with a disk-wiping malware in an attempted SWIFT attack that crashed over 500 servers and 9000 computers. Images shared by the bank’s employees on online forums indicated the malware used in the attack was KillDisk. The bank said the attack was designed to damage its systems and not compromise user accounts.
  • Chinese hackers reportedly swiped about 614GB worth of sensitive undersea warfare data from a US Navy contractor. The Washington Post reported the stolen data included secret plans regarding a US project to build a supersonic anti-ship missile, signals and sensor data, submarine radio room information, documents on electronic warfare and more.
  • Weight Watchers accidentally exposed sensitive data about its IT infrastructure on a Kubernetes server without any password protection. Kromtech researchers found the server contained administrator’s root access, keys for 102 domains, data of users with administrative credentials and more. The company fixed the issue after the researchers notified them.
  • Spanish football league La Liga’s app was caught using fans’ smartphone mics and GPS to identify pirate broadcasts of football games. The app could quietly detect the location of users to see if they were in a bar and record audio clips to find out if the establishment had paid for a license to show the match. The league later justified its actions saying illegal streaming costs it millions in losses, but noted users are required to provide their consent for the functionality and can revoke it at any time.

New Threats

Among this week’s batch of malware, ransomware and malicious tools were the RedEye ransomware that destroys victims’ files if they don't pay up. IQY files are used to deliver the FlawedAmmyy RAT. Many Android devices are being shipped with debug ports exposed while the MysteryBot malware was spotted.

  • Malware researcher Bart Blaze spotted the new RedEye ransomware that destroys victims’ files if they fail to pay up. Believed to be created by iCoreX, the ransomware asks victims to pay 0.1 Bitcoin within four days. The ransom note gives users four options including decrypting files, getting support or destroying the PC. Selecting the latter reboots the machine and replaces the Master Boot Record.
  • Barkly researchers found the Necurs botnet is powering a new spam campaign that uses Excel Web Query (IQY) file attachments to bypass antivirus programs and deliver the remote access trojan FlawedAmmyy. Built from the leaked source code of the remote desktop software Ammyy Admit, the RAT has been previously linked to the threat actor TA505.
  • Thousands of Android devices are still being shipped with Android Debug Bridge enabled, potentially leaving them vulnerable to hackers. The flaw leaves the device open to remote connections via the ADB interface that could be used to install malicious software or execute functions. Devices left vulnerable due to this flaw include tankers in the US, DVRs in Hong Kong, mobile phones in South Korea and Android TV devices.
  • ThreatFabric researchers spotted a new Android malware dubbed MysteryBot that comes with banking malware, keylogger and ransomware features. It also features data-stealing abilities to harvest SMS messages, email, contacts and more. Researchers believe MysteryBot is a new variant of LokiBot or an entirely new malware created by the same threat actors.


dixons carphone
redeye ransomware

Posted on: June 18, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.