Cyware Weekly Threat Intelligence - January 20–24

Weekly Threat Briefing • January 24, 2020
Weekly Threat Briefing • January 24, 2020
The Good
We come to the end of another week and as we look forward to the weekend, let’s take a quick glance at all the major developments that happened in the cybersecurity world. NIST has officially released version 1.0 of its Privacy Framework to help organizations optimize the beneficial uses of data while protecting individual privacy. In other news, a New York senator has introduced Senate Bill S7289 that would ban the paying of a ransom.
The Bad
The week was no good when it comes to breaches. Mitsubishi Electric Corp. disclosed that it had suffered a massive cyberattack, impacting the confidential data of government agencies and other business partners. Microsoft came under the scanner for leaking 250 million call records last year due to unsecured Elasticsearch servers. Buchbinder car rental company was also in soup for exposing the personal information of over 3.1 million customers.
New Threats
Variants of several existing malware were also noticed this week. Some of the newly discovered variants belonged to Trickbot trojan, BitPyLock ransomware, and Muhstik botnet families. These malware variants were used to infect individuals and organizations across the globe. A new malware called CARROTBALL, distributed via a phishing email, was used in targeted attacks against a US government agency and two non-US foreign nationals professionally affiliated with North Korea.