Weekly Intelligence Bulletin – Week 35

3. September 18

QuoScient’s Weekly Intelligence Bulletin for the week of 23 August – 30 August 2018 is now available for download in the Media Center! Find below a summary.

Cyber

Current Threats Fiserv, a global organization that provides technology services to financial institutions, has recently fixed an “information disclosure” vulnerability that impacted customers across hundreds of bank websites. Reportedly, customers with accounts at financial institutions using Fiserv’s platform can view other customers information, such as email address, phone number, and account number, as well as view and edit alerts that customers previously set up.

A researcher publicly disclosed a previously unknown zero-day local privilege escalation vulnerability affecting Windows 10 64-bit and Windows Server 2016 systems. Successful exploitation could allow a malicious logged-in user or malicious program to elevate their privileges to ‘SYSTEM’ level on a targeted machine. Proof of concept (PoC) code is publicly available. No vendor fix is currently available.

Reported Incidents The Bank of Spain suffered a Distributed Denial of Service (DDoS) attack, which temporarily disrupted access to its site on Sunday, 26 August. According to our sources, the attack only intermittently impacted access to Bank of Spain’s website, and did not affect services or its communications with the European Central Bank or other institutions.

Cyber Threat Actor Activity Researchers discovered a spear-phishing campaign linked to Cobalt Dickens, a threat group allegedly associated with the Iranian government. The spear-phishing campaign targeted 76 universities located in 14 different countries, including Australia, Germany, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States. QuoINT preliminary analysis revealed that this attack shared infrastructure and TTPs with a campaign executed by Silent Library back in 2017.

Researchers uncovered an attack, dubbed Operation Jeus, against an unnamed cryptocurrency exchange and attributed it to the North Korea threat actor group Lazarus. The threat actor used spear-phishing emails to lure an employee into downloading a trojanized cryptocurrency trading application.

Cryptocurrency

On 25 August, Atlas Quantum, a well-known cryptocurrency investment platform in Brazil with over 260,000 customers, notified its customers about a data breach caused by an unknown threat actor. Leaked customer information includes names, email addresses, phone numbers and account balances.

According to reports, North Korea plans to hold an international cryptocurrency conference in Pyongyang from 1 October to 2 October. The conference agenda is not publicly known, but it is reported that a meeting with cryptocurrency experts and the leaders of North Korea industry will take place on 3 October.

Geopolitics

The United States announced new sanctions on Russia following the nerve agent attack in Britain. The new sanctions will prohibit Russia from arm sales and financing, as well as prohibiting the export of security-sensitive goods and technology.

Outlook

1. September – BSides St. Louis, Missouri

2. September – Rwanda’s 2018 Parliamentary Elections

6. September – U.S. Secretary of State and Secretary of Defense to Hold Talks in Nen Dehli