Weekly Intelligence Bulletin – Week 38

24. September 18

QuoScient’s Weekly Intelligence Bulletin for the week of 13 September – 20 September 2018 is now available for download in the Media Center! Find below a summary.

Cyber

Current Threats Reportedly, the Pegasus mobile spyware suite is identified as conducting surveillance operations in at least 45 countries over the last two years. While Pegasus operators are using outdated exploits from 2016, researchers are tracking current compromises of devices owned by political figures and activists.

Researchers discovered a malware named Xbash linked to the threat actor Iron Group. Xbash combines botnet, ransomware, and coinmining in a worm that targets Linux and Windows servers.

Vulnerabilities Researchers discovered a new cold boot attack technique that can bypass the mitigations established following earlier disclosed attack techniques in 2008. The new attack enables an attacker to potentially obtain confidential information such as encryption keys, and passwords for devices and networks.

Threat Actor Activity The computer hardware and electronics retailer Newegg reportedly became the latest company targeted by the threat actor publicly known as Magecart. Similar to other incidents reported last week researchers identified a malicious JavaScript code used for credit card skimming on the checkout page for the eCommerce company. However, since the Newegg incident was publicized, an additional 7,000 plus sites are found to be compromised by a Magecart JavaScript.

Reported Incidents The U.S. public sector experienced two data incidents this past week. Government Payment Services Inc., has leaked over 14 million customer records due to an access flaw discovered on their website. Separately, the U.S. State Department reported a breach of its unclassified email system, which allegedly exposed less than 1% of employee inboxes.

Cryptocurrency

The Japanese cryptocurrency exchange Zaif announced that cryptoccurency worth approximately EUR 51 million were stolen in a cyberattack on their platform on 14 September.

Taiwan, Zimbabwe and Malaysia are attempting to attract cryptocurrency companies to stimulate their economies, following Malta’s example.

Geopolitics

A Russian military surveillance plane was shot down in Syria by Syrian air defence systems on 17 September, after Israel conducted air strikes nearby. Russia’s Defense Ministry holds Israel responsible for the incident.

North Korea’s leader Kim agreed to close a key missile test facility in the attendance of international inspectors at a summit with South Korea’s President Moon.

The U.S. Defence Secretary criticized alleged Russian attempts to influence the upcoming name change referendum in Macedonia. Macedonia’s Prime Minister, however, found no such evidence.

Outlook

27 September – General Council Meeting of the European Central Bank
28 September – Turkey’s President Erdogan to visit Germany