2017-8-7 Global Cyber Attack Reports

TOP ATTACKS AND BREACHES

• Marcus Hutchins, the British security expert who discovered WannaCry’s kill-switch back in May and consequently stopped the first wave of the attack, was arrested in the US with accusations of developing the Kronos banking Trojan and selling it on the dark web during 2014-2015. Hutchins, also known as MalwareTech, was caught on his way back from Defcon cyber-security convention in Las Vegas.
• The threat actor behind WannaCry has emptied the Bitcoin wallets connected to the attack, cashing out approximately $143K.
• Threat actors have breached HBO’s servers, and leaked the latest script and full episode of Game of Thrones. According to the threat actors, they have stolen over 1.5TB of data in their attack. At this point it is not clear whether the full episode indeed originates in a breach to HBO or to one of its distributors.
• Over 21K emails belonging to Emmanuel Macron, the recently elected French president, were leaked online, dated to March 2009 until April 2017.
• Threat actors have managed to hijack a popular Chrome extension, after its creator fell victim to a phishing attack. The extension, named “Web Developer”, had over 1 million users. In a related issue, earlier this week threat actors hijacked a Chrome extension named “Copyfish” and abused it to distribute adware to over 37K users.
• A Ukrainian law firm has initiated a collective lawsuit of NotPetya victims against Intellect-Service LLC, which owns the M.E.Doc accounting software. M.E.Doc was suspected to be abused for NotPetya’s distribution, and suffers from bad reputation after being breached multiple times in the past.
• WikiLeaks has revealed another CIA related cyber-tool under its “Vault7” project, named Dumbo. Dumbo is a capability to suspend processes utilizing webcams and disrupt any video recordings allegedly used in CIA field operations. By deleting or manipulating recordings, the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

VULNERABILITIES AND PATCHES

• Google has released a security update for Chrome OS. The update addresses multiple vulnerabilities, including a critical vulnerability which may allow an attacker to take over infected machines.
• Cisco has released security updates addressing 15 vulnerabilities in multiple products. Two of the vulnerabilities are of high severity and may allow an attacker to conduct an authentication bypass or server denial-of-service.

THREAT INTELLIGENCE REPORTS

• A new law-bill was purposed in the US, aiming to set baseline security standards for internet-of-things (IoT) devices being purchased by the American government. According to researchers, the bill was developed in response to the growing use of unsecured IoT devices in attacks during the past year. If passes, the law could standardize security level among IoT devices in general.
• A thorough analysis of the history of Magnitude exploit kit has been published, including the up-to-date techniques leveraged by the kit. Magnitude is one of the 3 leading exploit kit currently used in the wild. Check Point IPS blade provides protection against this threat (Magnitude Exploit Kit Landing Page; Magnitude Exploit Kit Redirection)
• According to a new research, Cerber ransomware has recently adopted new features such as Cryptocurrency theft and harvesting private credentials from victim web-browsers. Check Point Anti-Bot blade provides protection against this threat (Trojan-Ransom.Win32.Cerber.*)
• A new variant of Svpeng Android banking Trojan has added keylogging capabilities to its toolset. According to researchers, the new variant takes advantage of the Android Accessibility Services. The malware was detected among users throughout Europe, and is suspected to be distributed through malicious websites disguised as a fake Flash Player. Check Point Anti-Bot blade provides protection against this threat (Trojan-Ransom.AndroidOS.Svpeng.*)
• A new report sheds light on steganography and its uses in the threat landscape. Steganography is the
  practice of concealing data within a picture. According to the report, there’s a rising trend of using steganography in threat operations for various purposes; from C&C communication to concealing malicious payload.