Cyware Weekly Cyber Threat Intelligence October 29 - November 2, 2018

The Good
Happy Friday everyone! It is once again time to sit back, relax and let us fill you in on the biggest and most interesting cybersecurity news of the week. Let’s begin by tipping our hats to all the private and government entities that have worked to embolden their own and the public’s security. Apple launched a new T2 security chip that is designed to stop attackers from spying on users. Google launched reCAPTCHA v3 that aims to better protect websites from spam and make the security procedure more user-friendly. Meanwhile, Canada passed a new law that requires every company to report security breaches.

  • Apple launched a new T2 security chip that is designed to stop attackers from spying on users. This new security feature is capable of disconnecting the microphone whenever the lid of the MacBook is closed. It is designed to help protect a device’s encryption keys, storage, fingerprint data, and secure boot features.
  • Google launched reCAPTCHA v3 that aims to better protect websites from spam and make the security procedure more user-friendly. The latest version of the security tool is designed to run an adaptive risk analysis in the background and provide websites with a score that shows how suspicious an interaction is.
  • Canada passed a new law that requires every company to report security breaches. Canadian organizations must now also keep a comprehensive record of all breaches detected for two years, and alert stakeholders about the impact of any and all breaches.

The Bad
Over the past week, several high-profile data breaches and leaks have occurred. Eurostar detected a breach and began resetting users’ passwords. A Pakistani bank was hit by hackers who reportedly stole $6 million. Meanwhile, the Australian defense contractor Austal was hit by hackers, who stole some staffers’ information.

  • Eurostar detected a breach and began resetting users passwords. The firm said that the cybercriminals behind the attack used Eurostar account holders’ usernames and passwords to infiltrate systems. It is still unclear as to how many users have been affected by the breach and whether the attackers succeeded in exfiltrating any sensitive corporate or user data.
  • A Pakistani bank was hit by hackers who reportedly stole $6 million. The Karachi-based Bank Islami confirmed that it suffered a security breach, which resulted in the theft of payment card information. Although the bank confirmed the breach, it has denied claims of having lost $6 million.
  • Australian defense contractor Austal was hit by hackers who stole some staffers’ information. Some staffers’ email addresses and phone numbers were stolen by hackers. However, the firm said that information relating to national security was not compromised.
  • Jones Eye Clinic and Surgery Center, a healthcare center located in Sioux City, suffered a ransomware attack. The attack may have exposed the data of around 40,000 individuals. The data compromised in the breach includes patients’ full names, addresses, dates of birth, dates of services, medical record numbers and more.

New Threats
A bunch of new malware, vulnerabilities, and threat actors popped over the last week. A new Mac malware dubbed CoinTicker was found silently installing backdoors. A new ransomware called CommonRansom demands RDP access to decrypt files. Meanwhile, A new DDoS-for-hire service called ‘0x-booter’ has been spotted in the wild, which has launched over 300 DDoS attacks in just two weeks.

  • A new Mac malware dubbed CoinTicker was found silently installing backdoors. The cryptocurrency trojan appears to be legitimate and secretly installs two backdoors - EvilOSX and EggShell. These backdoors could allow attackers to gain remote control over affected Macs.
  • A new ransomware called CommonRansom has been discovered. Unlike other ransomware variants, CommonRansom not only demands a Bitcoin payment but also demands that victims provide remote desktop protocol (RDP) access.
  • A new DDoS-for-hire service called ‘0x-booter’ has been spotted in the wild, which has launched over 300 DDoS attacks in just two weeks. Ox-booter has been advertised as containing over 500Gbps of bandwidth and 20,000 bots. The malicious service can launch DDoS attacks without direct contact between the user and the botmaster.
  • Iranian networks were recently reportedly hit by a new more powerful variant of the infamous Stuxnet malware. The new Stuxnet variant is allegedly more aggressive and sophisticated. Stuxnet is believed to have been created and deployed by the US and Israel. However, it is unclear as to who orchestrated the new Stuxnet attack against Iran. It is also still unclear as to which industries and companies were hit by the attack.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.