Go to listing page

| Cyware Weekly Cyber Threat Intelligence | March 12 - 16, 2018

| Cyware Weekly Cyber Threat Intelligence | March 12 - 16, 2018

Share Blog Post

The Good

Good news is a bit meek this week! Researchers have released a kill switch, called Memfixed, to fix the infamous memcached DDoS attacks. A new quantum computing chip with 72 quantum bits has been unveiled by Google. Researchers have also made progress in AI, which is being leveraged to provide enhanced security to consumer’s credit card data.

  • Google has unveiled Bristlecone, a new quantum computing chip with 72 quantum bits much above the previous record holder of IBM with a mere 50-qubit processor. As per team Google, although few more tests are required but its expected that the chip will be available this year. Google has pinned high hopes on this chip that would help them achieve “quantum supremacy”, a point at which a quantum computer can do calculations beyond the reach of today’s fastest supercomputers.
  • Artificial Intelligence is now being leveraged by banks to provide enhanced security to consumer’s credit card data. Capital One has come out with a virtual credit card number for its customers to make online purchases. The technology behind the card is a browser extension that runs in the background of the cardholder’s computer automatically detecting when the person finishes off the shopping. Once the customer reaches a checkout page a virtual credit card number covering that person’s transactions with that specific retailer is generated and all payment fields on the site are filled. That way, if a retailer were to be hacked, or if the customer identified a fraudulent charge on their bill, Capital One could simply deactivate the compromised credit card alias, instead of replacing the card itself.
  • Researchers released a “kill switch” that effectively counters the memcached vulnerability bringing a downfall in the frequency of massive DDoS attacks being carried out by the hackers. The tool suppresses a memcached DDoS attack while leaving the compromised servers online. It makes use of ‘flush_all’ command to defeat the DDoS exploit.

The Bad

This week, unfortunately, registered a number of breaches and data leaks. German security researchers revealed that a data breach in Limoges Jewelry owner MBM Company impacted over 1.3 million people. Two healthcare facilities, BJC HealthCare and St. Peter’s Surgery & Endoscopy Center, resulting in loss of patient records of 33,420 people and 135,000 patients respectively.

  • Researchers from a German security firm have revealed that the Chicago based famous jewelry brand Limoges Jewelry owner MBM Company has suffered a data breach impacting over 1.3 million people. As per report, the company was allegedly handling customer details improperly over an unsecured Amazon S3 storage bucket. The leaked information includes addresses, zip-codes, e-mail addresses, IP addresses and even plain text passwords.
  • St. Louis healthcare facility, BJC HealthCare, disclosed that a data storage error had potentially compromised patient records impact 33,420 people. As per the disclosure made, the data was publicly available for nine months due to a misconfigured server that was left without a security protocol in place allowing someone to view scanned documents containing patient's driver's licenses, insurance cards and treatment-related documents from 2003 to 2009.
  • Another healthcare facility made announcement of a breach that might have impacted medical records of about 135,000 patients. St. Peter’s Surgery & Endoscopy Center revealed that it had unearthed a breach that occurred on 8th January 2018 with an unauthorized party gaining access to its servers. As per the healthcare facility, despite no evidence of hackers gaining access to patient data being found, it could not be conclusively ruled out that hackers did not access personal and medical information of patients including their names, date of birth, addresses, diagnosis codes, insurance information, and Medicare details.

New Threats

Researchers, this week, have unveiled a new malspam campaign, a backdoor, critical flaws and new tweaks in an old malware. Qrypter remote access Trojan (RAT), an old malware, has been found propagating through malicious emails. A new malspam campaign was spotted distributing the Sigma ransomware, and a new backdoor deployed by OceanLotus is targeting Southeast Asian countries. Researchers also found new critical flaws in AMD chips.

  • An old malware, dubbed Qrypter remote access Trojan (RAT), developed by an underground hacker group called ‘QUA R&D’ has been found targeting hundreds of organizations all across the world in a series of attacks. Also known by the names of Qarallax, Quaverse, QRAT and Qontroller, the malware leveraged TOR-based command and control servers. QRAT is a Java-based RAT that was first detailed in June 2016 after being found attacking individuals applying for a U.S. Visa in Switzerland. The malware is delivered usually via malicious email campaigns that consist of only a few hundred messages each.
  • A new malspam campaign that purports itself to be from Craigslist is doing rounds while distributing the Sigma Ransomware. The emails camouflage themselves as responses to short term job postings on Craigslist called Gigs. The malspam email comes with a password protected Word or RTF document that delivers Sigma Ransomware executable from a remote site and installs in on the target computer. Similar to a previous Sigma malspam campaign that pretended to be resumes, these emails contain malicious password protected Word or RTF documents that supposedly contain the information regarding the respondent.
  • Highly critical security flaws, being touted at par with Meltdown and Spectre impacting Intel chips, have been discovered by researchers in AMD chips. The flaws could potentially allow hackers to gain access to sensitive data from highly protected processors from millions of devices. The essential point to be noted is that the vulnerabilities have been found in the most secure part of the processors wherein most sensitive data like passwords and encryption keys are stored.
  • Researchers have unveiled a new backdoor being deployed by OceanLotus, a cyber-espionage group from Vietnam. Known as APT32 and APT-C-00, the group has been targeting government organizations and high profile corporate targets in Southeast Asian countries including Vietnam, Laos, the Philippines and Cambodia. As per researchers, the group is believed to have good resources at its disposal. The conclusion has been drawn from the usage of a custom built malware in combination with other techniques deployed by the threat actor.


threat intelligence
ddos flaw
qrypter rat

Posted on: March 16, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite