Cyware Weekly Cyber Threat Intelligence October 8-12, 2018

The Good

• California passed a new law that aims at boosting IoT security. The new law makes it illegal for connected device manufacturers to ship devices with default passwords. The law also makes it mandatory for manufacturers to create a unique credential for each device, or ensure that the user is forced to create a unique password when they boot up the device for the first time.
• The Wall Street Journal launched a programme designed to help small businesses improve their security. The WSJ Pro Cybersecurity program offers small business information about cyberthreats, security response methods, and more via its website and newsletters.
• US authorities charged a Chinese intelligence agent over corporate espionage. The suspect, Yanjun Xu, is a high-ranking director in China’s Ministry of State Security (MSS) - the country’s counter-intelligence and foreign intelligence agency. The US justice department is seeking his arrest and extradition on charges of economic espionage and attempting to steal trade secrets from several U.S aviation and aerospace companies.
• The Italian police solved the five-year-old mystery of who hacked the Nasa website. The suspect claimed to be a part of the Master Italian Hackers Team and also defaced 60 other websites. The Italian police tracked him down after he opened up in social media about being part of the NASA 2013 website defacement attacks.

The Bad

• The breach of the week award goes to Google - the tech giant’s aging social media network will shut down next year after a breach exposed 500,000 customers’ data. The breach was caused by an API bug, which, if exploited, could allow third-party apps to gain access to public profile information of Google Plus users’ friends.
• Vancouver-based Rebound Orthopedics & Neurosurgery suffered a breach that may have compromised 2,800 patients’ records. The healthcare organization said that an unidentified person gained access to an employee’s email account on May 22.
• Garmin-owned Navionics inadvertently exposed customer and corporate information. The electronic marine navigation charts manufacturer was found using a misconfigured MongoDB server that exposed 19GB of information exposed to anyone on the internet.
• Shopper Approved suffered a breach after the notorious Magecart threat group launched an attack against the third-party application. The attackers skimmed payment information from multiple online stores instead of directly targeting a store.

New Threats

• A previously unknown threat group called Gallmaker was brought to light by security experts. Gallmaker has been active since 2017 and was found targeting government, military and defense agencies across the globe.The hacker group uses living-off-the-land (LotL) tactics - employing publicly available hacking tools, instead of malware in its operations.
• Multiple vulnerabilities were discovered  in Sony smart TVs. One of the three bugs discovered, a critical vulnerability,could allow an attacker to could conduct command-injection attacks. A successful attack could lead to attackers compromising TVs, and could even allow attackers the ability to hijack the targeted device and enslave it as part of a massive botnet.
• A new Panda Banker malware campaign was discovered targeting the US, Canada, and Japan. The trojan was also observed being distributed via the Emotet banking malware’s distribution platform, presumably to hide its activities. The malware, which is a variant of the Zeus, first emerged in 2016.
• ?A new phishing campaign delivering the URSNIF malware has been discovered. The cybercriminals behind the campaign used hijacked email accounts to send malware inserted within email responses, that are a part of ongoing conversations.