Cyware Weekly Cyber Threat Intelligence October 22 - 26, 2018

The Good
It’s Friday, good people and that means its once again time for our weekly roundup of the biggest and most interesting stories that emerged from cyberspace. Let’s begin by taking a look at all the innovative and positive strides taken by private and government entities in securing cyberspace for all. The European Union is gearing up to create new regulations that would impose economic sanctions on cybercriminals. The US Cyber Command is dogging the heels of Russian online trolls attempting to distribute disinformation campaigns and warning them that they are being watched. The Royal Navy’s biggest warship is currently docked in New York to fight cybercrime.

  • The European Union is gearing up to create new regulations that would impose economic sanctions on cybercriminals. In the face of increasingly sophisticated cyberespionage and cybercriminals campaigns, EU leaders are now mulling imposing sanctions on hackers to stem the flow of destructive cyberattacks.
  • The US Cyber Command is dogging the heels of Russian online trolls attempting to distribute disinformation campaigns and warning them that they are being watched. The operation is aimed at deterring more sophisticated Russian cyberattacks targeting US infrastructure.
  • The Royal Navy’s biggest warship, the HMS Queen Elizabeth, which is currently docked at New York, boasts of extensive and sophisticated cyber offensive and defensive capabilities. The aircraft carrier was built to deal with modern cyberthreats and may also be an invaluable resource in open waters across the globe.
  • The Pentagon recently expanded its “Hack the Pentagon” bug bounty program, allowing hackers to find vulnerabilities with hardware and physical systems within the Pentagon. Now even the most critical internal systems at Pentagon will be tested for vulnerabilities by ethical hackers.

The Bad
Several severe data breaches and leaks came to light through the week. The HealthCare.gov’s sign-up system was hit by hackers who stole the data of around 75,000. Switzerland-based cryptocurrency exchange Trade.io was hacked and $7.5 million worth of cryptocurrencies was stolen. Hong Kong-based airline Cathay Pacific was hit by a massive data breach that compromised 9.4 million passengers’ data.

  • The HealthCare.gov’s sign-up system was hit by hackers who stole the data of around 75,000. The hackers gained access to the HealthCare.gov’s sign-up system, called the Federally Facilitated Exchange (FFE), which is used by the HealthCare insurance agents and brokers to enroll users into Obamacare plans.
  • Switzerland-based cryptocurrency exchange Trade.io was hacked and $7.5 million worth of cryptocurrencies was stolen. The stolen funds were stored in a cold storage wallet. The cryptocurrency exchange discovered the breach after it observed a large number of cryptocurrencies being transferred from one of the accounts associated with its cold storage wallets.
  • Hong Kong-based airline Cathay Pacific was hit by a massive data breach that compromised 9.4 million passengers’ data. Passengers' personal details including names, nationality, dates of birth, phone numbers, email addresses, passport numbers, identity card numbers, frequent flyer membership numbers, custom service remarks, and travel history might have been stolen by hackers.
  • Washington-based Internet service provider Pocket iNet publicly exposed 73GB of data. This includes AWS secret keys, passwords and corporate information that were at least six months old. The data leak was caused by a misconfigured Amazon S3 storage bucket that had no password.

New Threats
The past week saw numerous new malware, vulnerabilities and threat actors emerge. A new Android malware dubbed TimpDoor was recently discovered and has already infected around 5,000 victims in the US. The Ramnit banking malware was found distributed via a new malware downloader called sLoad. A security vulnerability was discovered that impacts nearly all Linux and BSD distros.

  • A new Android malware dubbed TimpDoor was recently discovered and has already infected around 5,000 victims in the US. The Android malware has been active since March and could turn infected Android devices into mobile backdoors, which, in turn, could be leveraged by attackers to infiltrate home and corporate networks.
  • The Ramnit banking malware was found distributed via a new malware downloader called sLoad. The new campaign has been targeting financial institutions across Italy, Canada and the UK. The malware comes packed with sophisticated reconnaissance capabilities and has also been distributing other malware variants like Gootkit, Ursniff and more.
  • A security vulnerability was discovered that impacts nearly all Linux and BSD distros. This flaw could allow an attacker with limited privileges to elevate privileges and gain root system access, either using a terminal or SSH session.
  • A recently discovered malware downloader called Godzilla Loader is up for sale on the dark web for $500. The malware downloader comes with a built-in UAC bypass feature, which can allow attackers to specify any executable and run it on the infected system with administrative privileges.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.