Cyware Monthly Threat Intelligence

Monthly Threat Briefing • May 4, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • May 4, 2021
Controlling one of the most dangerous and prolific malware threats is indeed a great achievement. In a big blow to Emotet operators, a coordinated law enforcement action disrupted the infamous botnet and caused it to self-destruct. In different news, Microsoft released a simulator that helps study attacks on networks by AI-controlled cyber agents. Further, the U.K. NCSC presented a free cybersecurity training program to teachers and staff.
European law enforcement agencies used a customized DLL to wipe out the notorious Windows malware Emotet. The specially-crafted DLL caused the software to self-destruct. Besides, the FBI shared about 4.3 million email addresses stolen by Emotet with the Have I Been Pwned breach notification site to mitigate threats faced by the victims.
The NFC Forum released a new framework for NFC-enabled mobile devices that will safeguard the confidentiality and privacy of NFC communications.
An open-source cyberattack simulator was developed by Microsoft that would allow developers to create simulated environments to play against AI-controlled cyber agents. Dubbed CyberBattleSim, this Python-based Open AI Gym Interface models the way intruders spread laterally on a network.
The Internet of Secure Things Alliance (ioXt) launched a new security certification for VPNs and mobile apps. The compliance program consists of a set of security-related requirements against which apps can be certified.
The U.K NCSC released a free cybersecurity training package for teachers and staff to help them mitigate cyber threats, while demonstrating case studies for a better understanding of the impact of cyber incidents.
There was quite a lot of cybercriminal activity against government entities this month, with the Washington, D.C., Police Department and Illinois Office of the Attorney General reporting data leaks. Meanwhile, the sensitive data of millions of users of BigBasket, ParkMobile, Facebook, and other platforms were leaked on hacking forums. Threats against financial firms continue to rise with VISA warning of hackers attempting to steal payment and personal data.
The Washington, D.C. Ppolice Department confirmed that its computer network was breached and data was stolen in an attack by the Babuk ransomware gang. The threat actor posted more than 250GB of data on its site on the dark web.
Hundreds of third-party Android contact-tracing apps were found leaking sensitive data due to the API developed by Apple and Google. With these apps, anyone could view users’ medical data.
DopplePaymer ransomware operators leaked files from the Illinois Office of the Attorney General after a failed negotiation. The leaked files consist of information from court cases orchestrated by the Illinois OAG, including some private documents.
A set of 20 million records belonging to BigBasket users was dropped by ShinyHunters on a popular hacking forum. Earlier this month, it also leaked sensitive information of about 2.5 million Upstox users, including 56 million KYC documents stolen from the company’s server.
In another data leak incident, a staggering 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed on a cybercrime forum. The leaked details were claimed to be stolen from government domains from across the world, including the U.S., the U.K, Australia, Brazil, and Canada.
Conti ransomware claimed to have attacked Broward County Public schools and demanded a $40 million ransom. More than 1TB of data was stolen that included social security numbers, addresses, birth dates, and contact information.
Cybercriminals abused Google Alerts by redirecting users to fake adult sites, fake dating apps, sweepstake scams, and unwanted browser extensions. Such attacks were launched by sending fake Google Alert URLs to unsuspicious users.
A hacker was found selling approximately 50GB of sensitive data stolen from OTP-generating companies, including Google, Facebook, Amazon, Emirates, Apple, Microsoft, Signal, Telegram, and Twitter.
Babuk ransomware operators reportedly posted 500GB worth of Houston Rockets’ internal business data—contracts, NDA, and financial data—on its dark web forum.
ParkMobile suffered a breach and the account information of 21 million customers was for sale on a Russian-speaking crime forum for $125,000.
Global payment processor VISA issued a warning against threat actors increasingly deploying web shells, to inject malicious scripts, on compromised servers to exfiltrate credit card information from online customers.
Data of 533 million Facebook users were posted on a cybercrime forum. The leaked data included phone numbers, Facebook IDs, birth dates, gender, and location.
From zero-day exploits to using modified tools, cybercriminals appear to be working hard amidst the pandemic. Researchers spotted two phishing campaigns launched against JPMorgan Chase customers. In more threats, security experts exposed new backdoor malware such as RotaJakiro, Nebulae, and Vyveva, with file-stealing capabilities. Nonetheless, if you fall for a pink-themed WhatsApp, hackers may gain your unsolicited permission to control your device.