Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Feb 3, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Feb 3, 2021
**The Good **
Leaving behind the woes of 2020, the cybersecurity fraternity continues to make progress in the new year. Intel made the first-ever system where PC hardware plays a direct role in identifying ransomware instances. Meanwhile, law enforcement authorities shut down the operations of one of the greatest malware threats, while also sealing the doors of the world's largest underground marketplace. Let’s make a toast to the good bits of the month.
Intel, at the 2021 Consumer Electronics Show, added ransomware detection capabilities to its new 11th Gen Core vPro processors by improving its Hardware Shield and Threat Detection Technology (TDT).
The NSA released guidance to help network security analysts and system administrators in detecting and replacing outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants.
Global law enforcement and judicial authorities took Emotet down, one of the most significant botnets used by cybercriminals to launch a variety of malware attacks. They have started spreading a module that will uninstall the malware on March 25, 2021.
CSIRO’s Data61, the digital specialist arm of Australia’s National Science Agency, the NSW Government, and other groups developed a privacy tool that adds an extra layer of security to ensure further protection of key datasets, such as those tracking COVID-19.
DarkMarket, the world’s largest underground marketplace, was taken down via the joint efforts of law enforcement authorities from the U.K, the U.S., Germany, Denmark, Australia, Ukraine, and Moldova.
The Bad
It goes without saying that attackers are perpetually advancing their toolsets for bigger hunts. During the month, ransomware attacks, breaches were galore, whereas details about SolarWinds attack kept coming forth with new facts. On top of it all, sensitive data were leaked left, right, and center, from various platforms, with ShinyHunters leading the pack.
A new report revealed that up to 18,000 SolarWinds customers may have received trojanized updates for their Orion monitoring product. As a result, attackers could establish a backdoor on victim systems and deploy more malware.
Retail giant Dairy Farm was attacked by REvil ransomware, following which the attackers demanded $30 million in ransom. Allegedly, the attackers had access to information for seven days after the attack.
Nissan revealed leaking the source code of mobile apps and internal tools due to a misconfiguration in one of its Git repositories, a Bitbucket instance. Hackers shared it in the form of Torrent links on Telegram channels and hacking forums.
ShinyHunters leaked 70GB of customer data, including card data, after breaking into the cloud backup database of Bonobos, an online men’s clothing store. The group also shared about 1.9 million Pixlr user records on a hacker forum for free.
The sensitive data of 325,000 users of the BuyUCoin cryptocurrency exchange was leaked on the dark web. It included the user names, e-mails, mobile numbers, encrypted passwords, wallet details, order details, bank details, KYC details, and deposit history.
The IT systems of Palfinger AG, an Austrian firm that makes cranes and other machinery, were taken down due to an ongoing global cyberattack. The attack sabotaged the firm’s e-mail and business operations.
A database belonging to Teespring, an e-commerce platform that lets users design and sell custom apparel, was disclosed on a popular hacker forum. The files in the leaked archive included email addresses and last update dates for around 8 million user accounts.
Trend Micro researchers found hundreds of networks that were still affected by VPNFilter malware. Believed to be operated by the Sofacy threat actor group, the malware is capable of exfiltrating data, encrypting communications with C2 server, and exploiting endpoints.
In an ongoing investigation, Capcom claimed last month that up to 390,000 people may have been affected in a ransomware attack in November. Ragnar Locker had demanded $11 million for the release of 1TB of stolen data from the company.
A group of researchers was able to gain access to the Git repositories of the United Nations as part of the Vulnerability Disclosure Program. This resulted in the leak of several user credentials, including over 100,000 private records for the United Nations Environmental Programme employees.
The Conti ransomware group crippled OmniTRAX, the Colorado-based short line rail operator and logistics provider, and pilfered data after compromising its parent company, Broe Group. The group leaked a sample of the 70GB files containing the internal OmniTRAX documents.
Around 3GB archive of data belonging to the U.S.-based auto parts shop, NameSouth, was publicly leaked by the NetWalker gang, following a failed ransom negotiation. The trove contained financial and accounting data, credit card statements, employee PII, and various legal documents.
New Threats
In the time it takes one to blink, a new threat emerges. The month gave us an old malware with a new ensemble. Android had its own share of threats, one discovered by Google and the other by Italy’s security experts. Further, the cyber landscape saw new scams, new attack campaigns, and vulnerabilities affecting a myriad of systems.