Cyware Weekly Cyber Threat Intelligence September 17-21, 2018

Share Blog Post

The Good

Its finally Friday and that means its time to put your feet up, get a nice, relaxing drink and catch up on the biggest, most interesting cybersecurity news that occurred this week. But before we jump into the latest malware, breaches and threat actors to have emerged, let’s give a virtual high-five to the law enforcement authorities and the companies that are working on boosting security even as cyberthreats continue to become more advanced.The US Air Force is working on establishing a new rapid cyber response center. The Chinese police arrested a hacker who was selling millions of users personal data on the dark web and the British regulator fined Equifax over $657,000 for last year’s breach.

  • The US Air Force is working on establishing a new rapid cyber response center that will be modeled after the Air Force’s Rapid Capibilities Office. The goal for the new center would be “to tackle the cyber challenges from a rapid capabilities standpoint and a cyber standpoint,” Maj. Gen. Robert Skinner, commander of 24th Air Force/Air Forces Cyber, said during a panel at the annual Air, Space and Cyber conference.
  • The Chinese police arrested the hacker responsible for selling the data of millions of customers of the Huazhu hotel chain on the dark web. The hacker attempted to blackmail the hotel chain into paying a ransom for the recovery of its data. However, Huazhu said that the cybercriminal was unsuccessful in his attempt to sell any of the compromised data.
  • Equifax was fined a little over $657,000 (£500,000) by a UK regulator for the 2017 breach, which impacted the personal data of 15 million British customers. The Information Commissioner’s Office (ICO) said that although the breach occurred in the US, the firm was still responsible for failing to protect the personal data of its British customers.
  • The US army is looking to boost its cyber teams’ resource and abilities. The army’s expeditionary cyber support detachments (ECSDs) are small units connected to organizations that provide cyber and electromagnetic spectrum effects such as sensing or jamming.

The Bad

The past week saw several major breaches and data leaks come to light. The US State Department’s unsecured email system was hacked. GovPayNet accidentally exposed 14 million customer records dating back to 2012. Meanwhile, the cryptocurrency exchange Zaif was hacked and $60 million was stolen by hackers.

  • The US State Department’s unsecured email system was compromised by cybercriminals. The breach impacted around 1 percent of employees, whose personal details were believed to have been accessed by the attackers.
  • GovPayNet accidentally exposed 14 million customer records dating back to 2012. The service’s website, which is used by multiple U.S state and local governments, contained a vulnerability that allowed attackers to view customer records just by altering the digits in the web address. These digits are available on every receipt generated as a payment acknowledgment for customers.
  • Japanese cryptocurrency Zaif was hit by hackers who stole over $60 million worth of Bitcoin, Bitcoin Cash and Monacoin. The hackers gained unauthorized access to the server managing hot wallets to steal the funds. The firm has planned to secure a $44.5 million loan to pay back the customers affected by the hack.
  • California-based marketing firm SaverSpy inadvertently exposed 43GB of personal data of around 11 million customers. The breach was caused due to an unprotected MongoDB database. The leaked data was available online from September 13 and contained emails, full names, gender and physical addresses of customers.

New Threats

Numerous new and advanced malware and vulnerabilities cropped up this week. The XBash malware comes with ransomware, cryptomining, botnet and worm capabilities. The new Russian botnet Black Rose Lucy allows cybercriminals to target Android devices. Meanwhile, the new Peekaboo vulnerability allows attackers to view and tamper with video and security camera feeds.

  • XBash is a newly discovered malware that contains ransomware, cryptomining, botnet and worm capabilities. The malware was developed and is being used by the cybercriminal gang called Iron Group (aka Rocke) and has already raked in over $6,000.
  • Black Rose Lucy is a new Russian botnet, developed by the Russian cybercrime group - The Lucy Group. The botnet cropped up in the malware-as-a-service (MaaS) arena and can allow cybercriminals to target Android OS devices. The botnet has been targeting victims in Russia, France, Israel and Turkey.
  • The newly discovered Peekaboo flaw can allow attackers the ability to view and tamper with video and security camera feeds. The zero-day vulnerability affects security cameras and surveillance equipment that use the NUUO software. The bug can also allow attackers to steal data including credentials, IP addresses, port usages, and device model numbers.
  • The Israeli surveillance vendor NSO Group’s custom spyware Pegasus has been deployed against victims in 45 countries. Pegasus is believed to be one of the most intrusive and prolific spyware variants to have ever emerged. The Pegasus spyware is capable of targeting both Android and iOS devices. It can also steal victims’ personal data, including passwords, contact lists, calendar events, text messages and more.


black rose lucy botnet
data breaches
data leaks
peekaboo flaw
pegasus spyware
xbash malware

Posted on: September 21, 2018

Get the Weekly Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!