QuoScient’s Weekly Intelligence Bulletin for the week of 02 August – 09 August 2018 is now available for download in the Media Center! Find below a summary.
Cyber
Vulnerabilities HP released firmware fixes for two critical vulnerabilities impacting over 160 printer models: including versions of OfficeJet, DeskJet, Envy, DesignJet, and PageWide Pro printers.
Current Threats Security researchers identified a new attack on the WiFi Protected Access protocols (WPA/WPA2), which are security standards aimed at providing more secure wireless networks.
Researchers observed a new botnet campaign leveraging the Ramnit banking Trojan to infect over 100,000 machines in two months. Likely distributed through spam campaigns, the Ramnit Trojan acts as a backdoor for the proxy malware Ngioweb, which operates as a multipurpose proxy server.
Cyber Threat Actor Activity On Friday, 3 August, QuoINT detected a new Cobalt’s spear-phishing attack spoofing the legitimate Russian payment processing provider “InterKassa”. Further research performed by QuoINT revealed that the threat actor also registered three additional domains: two spoofing the European Central Bank and one spoofing the Nordic-Baltic banking group Swedbank AB.
Researchers began monitoring that activities of a threat actor dubbed Subaat in 2017, which has led them to potential connections with activity attributed to a larger Pakistan-linked group being tracked with the publicly known name of Gorgon Group.
Cryptocurrency
The price for Bitcoin fell to USD 6,300, while Ethereum declined to USD 350 by 9 August. The total market capitalization shrank by almost 19 percent over the last week.
Several groups of traders are using pump and dump schemes to manipulate the price of cryptocurrencies. As long as there is no comprehensive cryptocurrency regulation, these schemes will likely continue.
Geopolitics
The European Central Bank (ECB) released the “Services Procurement Guidelines” for the new framework TIBER-EU that was firstly published in May 2018. TIBER-EU is a framework created to encourage the information security industry in delivering intelligence driven red team exercises and give blueprints to the financial industry on how to select the right Threat Intelligence and Red Team providers. QuoScient welcomes this initiative since it confirms the importance of the role that the intelligence discipline takes in the security challenges faced also in the cyber domain. QuoScient also meets all the suggested requirements listed for the selection for the Threat Intelligence provider.
The U.S. administration imposed financial sanctions on Turkey’s interior and justice ministers as a U.S. Pastor remains detained in Turkey. In response, President Erdogan imposed sanctions on the ministers’ U.S. counterparts.
The U.S. reimposed sanctions on Iran. The sanctions will likely have a negative impact on Iran’s economy, European businesses and possibly lead to increased retaliatory cyberattacks targeting the U.S.
Outlook
12 August – DoDIIS Worldwide Conference
14 August – Blockchain Futurist Conference
14 August – Blockchain Futurist Conference