2017-5-1 Global Cyber Attack Reports

TOP ATTACKS AND BREACHES

  • A new OSX malware was found in the wild by Check Point’s researchers. The unique malware, which
    addresses Apple’s operating system, is a multi-functional Trojan. The malware was found being
    delivered through phishing emails pretending to be related to tax returns.
  • A threat actor known as The Dark Overlord has leaked the first 10 chapters of season 5 of Netflix’s
    “Orange Is The New Black”, after allegedly stealing them. The leak has followed a blackmail attempt by
    the threat actor on Netflix.
  • Several Israeli academic institutions and companies were recently targeted by attacks via emails with malicious attachments. The attacks are similar to a former attack known as Oilrig.
  • Yapizon, a South Korean Bitcoin exchange service, has suffered a breach in which threat actors had stolen 3816.2 Bitcoins belonging to its users (equal to 5 million dollars).
  • Iowa Veteran Home has announced being a target to phishing attacks last February, which have put at risk of exposure personal records belonging to almost 3,000 residents.
  • A new threat group named XMR-Squad has launched DDoS attacks on German companies since April 19, followed by a ransom demands sent via email of 250 Euro in Bitcoins.
  • An Interpol-led cybercrime operation has resulted in the identification of nearly 9,000 malicious command and control (C&C) servers and hundreds of compromised sites involved in threat activity. The operation, which was focused on Asia, involved several countries and major cyber security companies.
  • A new IoT botnet was recently spotted spreading among vulnerable IP cameras. The botnet, which includes parts of code from the infamous Mirai botnet, has a different infection chain and C&C communication protocols.

VULNERABILITIES AND PATCHES

  • Adobe has released a security update for ColdFusion versions 10, 11 and the 2016 release, addressing two vulnerabilities, one of which may be used in a cross-site-scripting attack.
  •  IBM has released a security update to address a vulnerability in IBM Domino server IMAP EXAMINE, which if exploited may allow an attacker arbitrary code execution with Domino server privileges.
  • Portrait Displays has released a security update addressing a critical vulnerability in its software development kit (SDK), versions 2.30 through 2.34. If exploited, the vulnerability may allow an attacker to take over infected machines. Portrait Displays’ SDK is pre-installed on some Fujitsu, HP, and Philips devices.
  • A backdoor was found in the firmware of Bitcoin mining equipment made by Bitmain. The backdoor, named “Antbleed”, could allow remote shutdown of Bitcoin miners using Bitmain’s equipment. It is estimated that the backdoor may effect up to 70% of Bitcoin mining equipment.

THREAT INTELLIGENCE REPORTS

  • Check Point’s researchers have published a joint report with the Europol describing the history of banking Trojans. The report details the major malware families of the banking Trojans world, their way of action and unique insights regarding the structure and behavior of threat groups that run them.
  • According to a new report, 65% of the federal agencies in the US have suffered a data breach at some point in recent years, and 34% have suffered a breech during the last year. In addition, throughout 2016 most organizations, including 61% of the federal government sector in the US, have increased security spends.
  • A new research describes the activity of a threat actor named NoTrove, which includes web scams and potentially Unwanted Programs (PUP) distribution. According to the research, NoTrove’s operation includes thousands of domains and IPs, with one of the domains reaching place 517 on Alexa’s websites rank, thus providing NoTrove massive web-traffic for his threat activity.
  • RawPOS, a point-of-sale malware family, was recently found to be stealing victims’ driver licenses. The malware, which is one of the oldest point-of-sale malware in the wild, is still very active today, as threat actors use it to target hotels and other hospitality industry businesses. By stealing driver license, threat actors can perform identity thefts and other scams.