Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Jan 7, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Jan 7, 2021
The Good
The necessity of creating a resilient cybersecurity framework for organizations of all sizes is now more crucial than ever. In this light, Google publicized Atheris—a tool to assist developers in identifying vulnerabilities—last month. The tech giant also rolled out a new feature that warns Chrome users of compromised passwords, along with other security measures. Further, cyber experts at NIST laid out security protocols for IoT devices used within the federal information systems.
Google security experts open-sourced a fuzzing tool, named Atheris, to help developers find security vulnerabilities and patch them before attackers abuse them. The tool supports Python 2.7, 3.3+, and native extensions created with CPython.
Last month, Google reportedly worked on Chrome’s Safety check feature that would alert users if their passwords were discovered in data breaches. This feature comes as a warning against weak passwords.
The NIST drafted a set of guidelines for federal agencies on improving security for IoT devices. The four new documents are drafted with the goal of integrating IoT devices into the security and privacy controls of federal information systems.
Apple, Cloudflare, and Fastly codesigned a new DNS benchmark to deal with privacy issues faced by DNS. The new standard would separate IP addresses from queries to mask requests and make it harder for attackers to track users online.
CISA’s Cloud Forensics team released a PowerShell-based tool, dubbed Sparrow, that is capable of detecting potentially compromised applications and accounts in Azure/Microsoft 365 environments.
The Bad
All’s well that ends well. However, it cannot be said in this case as hackers breached the Texas monitoring service company SolarWinds. The supply chain attack impacted several top federal agencies and Fortune 500 companies. Moreover, researchers uncovered a cyberespionage campaign compromising tens of iPhone devices of Al Jazeera employees allegedly by an Israel-based NSO group. In another vein, an extensive Emotet campaign crippled Lithuania’s National Center for Public Health (NVSC) and several municipalities.
Last month witnessed a massive supply chain attack on SolarWinds Orion platform used by several U.S. government agencies and private firms, such as Boeing, AT&T, and Ford. Microsoft stated that the ultimate purpose of the actors behind the SolarWinds supply chain attack was to access victims’ cloud assets after deploying the Solorigate backdoor on their local networks.
REvil (Sodinokibi) ransomware actors claimed to have pumped out about 600GB of documents from The Hospital Group and published a sample database with a threat to release before and after pictures of celebrity clients.
Vodafone-owned Ho mobile was caught in a data breach after an actor allegedly dumped about 2,500,000 customer records and other data on a hacker forum. Besides customers’ PII, leaked information included SIM card PUK code, ICCID number, IMSI number, and various base64-encoded hashes.
Fashion marketplace app 21 Buttons exposed over 50 million private files belonging to hundreds of influencers across Europe via a misconfigured AWS cloud storage bucket. Researchers discovered invoices for commissions paid by 21 Buttons to the influencers.
Broker business Freedom Finance allegedly leaked 12GB of confidential data of around 16,000 clients on darknet forums after an employee fell for a phishing email. The attackers were successful because an employee opened an email despite the security warning.
At least 36 employees of AlJazeera were targeted in a cyberespionage campaign that leveraged an invisible zero-click iOS exploit called KISMET to hack into their iPhones. The infection malware was traced back to the Israel-based cyber intelligence company NSO Group (previously criticized for selling spyware to governments).
ThreatNix unearthed a phishing campaign on Facebook touching 615,000 lives in Egypt, the Philippines, Pakistan, and Nepal. Criminals used ads to steal user credentials. The campaign would redirect users to GitHub where the actual phishing pages resided.
Cybercriminals compromised the DNS server of cryptocurrency firm Voyager Digital in a cyberattack that halted trading activities. The company tweeted that no funds or personal information were compromised.
More than 250,000 databases were compromised due to an ongoing ransomware attack that abused weak credentials on MySQL servers. The campaign was launched in January and, to date, 83,000 victims have been targeted.
The Netherlands-based staffing agency Randstad was hit by Egregor, in which its IT services were breached. The hackers published some internal corporate data, including financial reports and legal documents, in an extortion attempt.
A large-scale Emotet campaign infected the systems of Lithuania’s National Center for Public Health (NVSC) and several municipalities. As per reports, infected computers started sending fake emails or engaging in various types of malicious activities.
nTreatment inadvertently exposed thousands of medical records online after it failed to add password protection to a cloud server. The misconfigured server included medical records, doctors’ notes, insurance claims, lab test results from third-party providers, and other sensitive patient information.
New Threats
In a parallel world, healthcare continued to flounder due to external, as well as insider threats. A research group found 45 million medical images—including X-rays and CT scans—exposed on unprotected servers, while the Emotet group launched COVID-19 related phishing campaigns. Meanwhile, several threats including APTs, malware, and vulnerabilities made the final month of 2020 a bit challenging for security teams.
?