Cyware Weekly Threat Intelligence, September 21 - 25, 2020

Share Blog post

The Good

When it comes to cybersecurity, keeping up with the latest protection and prevention strategies is crucial for organizations. Therefore, government agencies are always on their toes to identify cybersecurity best practices and new methods to tackle cyberattacks. Taking steps in this direction, NIST released a new set of guidelines to protect the integrity of data from malware and other disruptive attacks. Moreover, the agency came up with a new method called Phish Scale to help organizations analyze why employees fall prey to phishing attacks.
 
  • The NSA published two advisory reports on securing personal devices or networks from external threats. The reports are primarily designed for system administrators and teleworkers associated with the National Security System (NSS), and DoD.
  • Researchers at the NIST developed a new method called Phish Scale to help organizations avoid phishing attacks. Phish Scale uses a rating system that is based on the message content in a phishing email.
  • NIST also published a cybersecurity practice guide to help organizations recover from ransomware and other malware attacks. The goal is to effectively monitor, detect, and retrieve the data in case of attacks.
  • The U.S. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) released a report outlining the best cybersecurity practices for electric utilities. The guidelines are aimed at making these industries cyber-resilient.

The Bad

It’s raining ransomware and this week’s targeted victim companies include the names of Tyler Technologies, Luxottica, and IP Photonics. Unsecured databases leaking a trove of personal data also grabbed the attention of security researchers. The leaky databases belonged to Midwest Property Management and Town Sports International.

  • Software vendor Tyler Technologies, eyecare giant Luxottica, and laser company IP Photonics were targeted in different ransomware attacks. This resulted in huge losses of data and disruption of systems.
  • Unsecured databases were responsible for data leaks at Midwest Property Management and Town Sports International. While the Midwest Property Management exposed 1.2 million records, the data leak at Town Sports International affected a terabyte of data associated with the company.
  • The official website of the Ukraine National Police was temporarily taken down after an intrusion by malicious actors. The threat actors and the attack method are still unknown. In another incident, hackers leaked personal details of 1,000 high-ranking Belarus police officers on Telegram. The leaked data included names, dates of birth, and job titles of officers.
  • The online retail platform, Shopify Inc suffered a customer data breach after two employees stole transaction records. The exposed data included email addresses, names, and physical addresses of customers.
  • ArbiterSports paid a ransom to hackers to prevent the data leak of 540,000 sports referees. The attack occurred in July this year.
  • Microsoft patched one of its backend servers that exposed over 6.5TB of log files containing 13 billion records originating from the Bing search engine.
  • Encrypted email service, Tutanota, experienced a series of DDoS attacks, resulting in downtime of several hours for its users.
  • The College of the Nurses of Ontario fell victim to a cyberattack, forcing the governing body for nurses to shut down its services. On the contrary, Long Island’s tertiary care center, Regional Trauma Center and Stony Brook University notified their patients about a data breach due to Blackbaud’s ransomware attack.
  • The University of Tasmania notified that the personal details of almost 20,000 students were compromised in a phishing attack. Information belonging to 19,900 students was made public through the Microsoft Office365 platform SharePoint.

New Threats

In new threats, researchers discovered a variety of new malware such as the Taurus Project infostealer, Alien Android trojan, and TinyCryptor ransomware. In addition to these, several notorious malware such as Emotet, LokiBot, and Zebrocy made their comeback in different attack campaigns.

  • This week’s list of newly discovered malware includes the likes of Taurus Project, Alien Android trojan, and TinyCryptor ransomware. While the new Taurus Project information stealer was observed in a malspam campaign targeting users in the U.S, the Alien trojan came with the capabilities to steal credentials from 226 Android applications. On the other hand, TinyCryptor is a creation of the OldGremlin hacking group that recently launched a successful attack on a Russian medical company.
  • A new ransomware operation named Mount Locker was found to be active since July 2020, stealing victims’ files before encrypting them, and then demanding multi-million dollar ransoms. The ransomware uses ChaCha20 and RSA-2048 to encrypt files.
  • Microsoft removed 18 Azure Active Directory applications from its Azure portal that were created and abused by a Chinese state-sponsored hacker group. These apps were a part of a spear-phishing campaign that used COVID-19 themes to target organizations. 
  • The return of Zebrocy and Emotet, in different cyberespionage campaigns, was also reported by researchers and federal agencies. While the Zebrocy campaign leveraged fake NATO documents to target government bodies in specific countries, the Emotet trojan made use of legitimate email threads to evade detection. Additionally, security agencies in Italy and the Netherlands issued an advisory on the uptick in Emotet’s activities. Meanwhile, the recently discovered AgeLocker ransomware was also uncovered targeting QNAP NAS devices and in some cases, stealing files from victims.
  • Talking more about the return of certain malware strains, the Cybersecurity and Infrastructure Security Agency (CISA) warned of an uptick in attacks using LokiBot information-stealer. The alert issued by the agency highlighted its intrusion, detection, and prevention methods.
  • In a recent report, IBM revealed that the Mozi botnet accounted for 90% of the attacks on IoT devices between October 2019 and June 2020. The targeted devices included Netgear, D-Link, and Huawei routers.

 Tags

luxottica
emotet
lokibot trojan
zebrocy malware
phish scale
midwest property management
taurus project infostealer
tyler technologies

Posted on: September 25, 2020

Get the Weekly Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!