Weekly Intelligence Bulletin – Week 30

30. July 18

QuoScient’s Weekly Intelligence Bulletin for the week of 19 July – 26 July 2018 is now available for download in the Media Center! Find below a summary.

Cyber

Vulnerabilities The Apache Software Foundation (ASF) has released security updates to address three vulnerabilities in its Tomcat application server. Apache Tomcat is an open source webserver tool developed by the ASF. The most impactful vulnerability is rated as ‘Important’ and is an information disclosure vulnerability that could allow a remote attacker to obtain sensitive information.

On 19 July, proof-of-concept code targeting a remote code execution vulnerability in Oracle Weblogic Server became publicly available on a code repository.  Additionally, since 20 July, exploitation activity by at least one threat actor group was observed in the wild. To note, this vulnerability was patched on 18 July, when Oracle released its quarterly Critical Patch Update.

Reported Incidents 
VNCERT issued an alert earlier this week, warning of malware targeting financial institutions and national infrastructure organizations in Vietnam: such as Internet, telecom and power providers, air carriers, and transportation operators. In-house analysis is currently ongoing based on the technical indicators provided in the alert.

Information of roughly 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 was illegally accessed and copied by an unknown adversary.  The adversaries reportedly obtained personal information, such as the name, NRIC number, address, gender, race, and date of birth of the patients.

Cyber Threats
Researchers discovered a new variant of the Kronos banking Trojan being used in at least three separate campaigns targeting users in Germany, Japan, and Poland, respectively.

Cryptocurrency

Cryptocurrency prices increased over the previous week, as the total market capitalization rose by 3.5 percent. The price for Bitcoin reached USD 8,000 for the first time since May.

The rating service provider for cryptocurrency exchanges, CryptoExchangeRanks (CER), investigated the exchange BitForex and concluded it falsified and inflated its daily trading volume. Artificially inflated trading volume can lead to price slippages for traders.

Geopolitics

In its annual Report on the Protection of the Constitution (Verfassungsschutzbericht), Germany’s intelligence service warned of continued espionage cyberoperations from Russia, China and Iran targeting the German government and private sector.

After the reported foreign meddling in the 2016 U.S. elections, the upcoming mid-term elections are closely monitored. Microsoft reported the APT group FancyBear is preparing a phishing campaign targeting certain candidates. The Department of Justice will release regular reports to update citizens on foreign interference. And Facebook is also preparing to combat potential meddling.

Outlook

26 July – Governing Council of the ECB: non-monetary policy meeting

28 July – International Army Games 2018