Cyware Weekly Threat Intelligence, January 27-31, 2020

Share Blog post

The Good

With ransomware attacks running rampant, various law enforcement agencies have come up with new laws and guidelines for organizations, counties, and towns to improve their digital security postures. New York State has introduced two bills - S7246 and S7289 - to ban the payment of ransom. On the other hand, NIST has published guidelines to help firms create strategies to protect their data in the event of a ransomware attack.

  • Ben-Gurion University has introduced the first all-optical ‘stealth’ encryption technology that will strengthen the security of highly sensitive cloud-computing and data center network transmission. The technology is an extension of the digital optical encryption method originally invented at Bar Ilan University.
  • New York State has introduced two bills - S7246 and S7289 - to ban municipalities from meeting ransomware attackers’ demands. Senate Bill S7246 also proposes the creation of a ‘Cyber Security Enhancement Fund’ which would help villages, towns, and cities with populations of less than a million residents to upgrade their digital security defenses.
  • The National Institute of Standard and Technology (NIST) has published guidelines for businesses on how to defend against debilitating ransomware attacks. With this, NIST intends to help firms create strategies to protect data in the event of any cyberattack. 
  • The UK government has proposed new security rules for IoT devices. These rules are designed to protect consumers and businesses against an increasing volume of cyberattacks.
  • The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. The sheet focuses on mitigation measures for four prominent cloud vulnerabilities: misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities.
  • The World Economic Forum (WEF) has published Cybercrime Prevention Principles for Internet Service Providers (ISPs) to boost their cybersecurity practices. Each principle is considered from the perspective of the challenges the ISPs are seeking to address against cyber attacks.
  • Indonesian police forces, along with Interpol, have cracked down on hackers - suspected to be from Magecart group - in an operation named ‘Night Fury’. These criminals were involved in stealing payment card information from customers of hundreds of hacked online stores.   

The Bad

The week saw some of the worst data breaches, with malicious hackers compromising millions of customers’ sensitive records. One of the major data breach incidents was reported at the largest convenience store chain Wawa Inc. after fraud experts discovered a batch of over 30 million stolen card details up for sale on Joker’s Stash dark web market. In other news, an unprotected database belonging to Cornerstone Payment Systems spilled 6.7 million transaction records online.

  • In a major update, fraud experts found that attackers had put the first batch of over 30 million stolen Wawa customers’ data on the popular Joker’s Stash dark web forum. The retail store had experienced a major cyberattack in late December 2019.
  • LabCorp again suffered a data breach after it inadvertently exposed 10,000 medical documents due to a security flaw in its website. The exposed documents included names, dates of birth and, in some cases, Social Security numbers of patients.
  • Cornerstone Payment Solutions took its unprotected database offline that contained 6.7 million transaction records online. The exposed records included payee names, email addresses, and in many cases, postal addresses as well.
  • Canada-based Bird Construction became the latest target of Maze ransomware’s ‘Name and Shame’ tactic. The operators had published 60GB of data stolen from the company on its website after the company denied to pay the ransom.  
  • A new investigation revealed that Chinese hackers had used an unpatched vulnerability in TrendMicro OfficeScan antivirus to launch attacks against Mitsubishi. The attack had affected the confidential files exchanged with government agencies and other business partners.
  • In an exclusive investigation performed by ‘The New Humanitarian’, it was revealed that the United Nations offices in Geneva and Vietnam were compromised in a massive cyberattack last year. The attackers had accessed dozens of servers to launch the attack.

New Threats

Notorious malware like Emotet, Trickbot, and Ryuk were also spotted in different cyberespionage campaigns across the globe. While Ryuk made a comeback with a new variant that could steal confidential files from government and finance sectors, the Trickbot and Emotet were observed using particular text from articles and Coronavirus threat report respectively to infect their victims.

  • Operators of Emotet trojan leveraged the ongoing ‘Coronavirus threat’ report to target potential Japanese users. The trojan was delivered via phishing emails that included subject lines written in the Japanese language.
  • Trickbot operators used text from articles about President Trump’s impeachment to bypass the scanning engines of security software. The selected texts were injected with malware with the hope that the strings will be whitelisted by security software.
  • A new variant of Ryuk ransomware that could pilfer confidential data from the government, military, and finance sectors was uncovered by security researchers. The variant included a set of keywords to look for C++ code files (i.e. .cpp files), Word and Excel document types, PDFs, JPG image files, and also files associated with cryptocurrency wallets.
  • The week also saw the discovery of Ragnarok ransomware and a new variant of Android.Xiny trojan. The Ragnarok ransomware was used in targeted attacks that exploited the recently disclosed Citrix ADC bug. On the other hand, the new Android.Xiny variant targeted phones that ran on versions prior to 5.1.
  • Security researchers also found a new ransomware named Snake with unique capabilities. The ransomware has the ability to lock up or even delete data on industrial control systems.
  • Two more issues related to the speculative functionality of its processors, one of them being CacheOut, were uncovered affecting Intel processors. The firm plans to roll out the security patches for the same in the coming weeks.
  • Details of two dangerous vulnerabilities discovered in Microsoft Azure services were released. These flaws could be exploited to target several businesses that run their web and mobile apps on Azure.
  • Security researchers claimed that the new and fast-rising LoRaWAN technology is vulnerable to cyberattacks and misconfigurations. The encryption keys used for securing communications between devices, gateways, and network servers in LoRaWAN environments are weakly protected and easily obtainable. In another instance, Microsoft detected an ongoing Evil Corp phishing campaign that deliver malicious payloads.

 Tags

microsoft azure
ryuk ransomware
national security agency nsa
lorawan technology
ragnarok ransomware

Posted on: January 31, 2020

Get the Weekly Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!