Weekly Intelligence Bulletin – Week 42

19. October 18

QuoScient’s Weekly Intelligence Bulletin for the week of 11 October – 18 October 2018 is now available for download in the Media Center!

Find below a summary.

CYBER

Vulnerabilities Industry Impacted: ANY

Oracle released its quarterly Critical Patch Update (CPU) which includes security patches for 301 vulnerabilities across multiple products. Of the reported vulnerabilities, 196 are remotely
exploitable without authentication and 49 are rated as Critical. An authentication bypass vulnerability exists in libssh’s server code affecting version 0.6 and above. Successful exploitation could allow an attacker to authenticate without credentials, resulting in unauthorized access.

Threat Actor Activity

Industry Impacted: Energy, Financials, Industrial

Researchers uncovered details of a threat actor group known as GreyEnergy, which is detailed as a subgroup of the Russia-linked Telebots group. On 11 October, QuoINT identified a spearphishing campaign we attribute to Cobalt that is targeting financial institutions operating SWIFT. As the infrastructure and IOCs are new, it is imperative organizations blacklist the network indicators and update their AV scanners on their endpoints to mitigate against this attack

CRYPTOCURRENCY

The total market capitalization increased by 6 percent over the previous week to around EUR 184 billion, after it temporarily increased by 10 percent on 15 October.

GEOPOLITICS

The European Council announced it will create a sanctions regime for cyberattacks by the end of the legislature in May 2019. The G7 Foreign Ministers voiced their concerns over the disappearance of Jamal Khashoggi. The incident might result in an increase in hacktivist activities.

OUTLOOK

18 October – Afghanistan Holds Parliamentary Election
25 October – NATO Exercise | Trident Juncture 2018
28 October – Final Round of Brazil’s Presidential Election