Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Aug 2, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Aug 2, 2021
Governments and private firms are concerned with cybercriminals’ most daring intrusions in recent times and doing all they can to contain their impact. A new open-source tool by GitLab now helps detect malicious code in open source software components. U.S. officials launched a new website to help organizations mitigate ransomware threats. Another group of experts devised a method to encrypt photos on leading cloud-storage platforms, including Google Photos, Apple, and Flickr.
GitLab rolled out a new open-source tool, dubbed Package Hunter, to help developers identify malicious code in their project dependencies. Right now, it includes support for NodeJS modules and Ruby Gems.
ENISA highlighted 12 high-level recommendations for SMEs on how to fortify the security infrastructure of their businesses, such as improving internet services, adopting cloud services, upgrading websites, and enabling staff to work remotely.
The DoJ, along with other federal partners, launched a new site StopRansomware.gov. It claims to offer partners and stakeholders ransomware detection, protection, and response guidance, all from a single source.
A study by Columbia Engineering revealed the first way to encrypt personal images in cloud photo services. Dubbed Easy Secure, the system encrypts images uploaded on the cloud and deters attackers and services from decrypting the images.
Brazil created a cyberattack response network called the Federal Cyber Incident Management Network to promote faster response to cyberattacks and vulnerabilities while establishing coordination between federal government bodies.
From the Pegasus scandal to Beijing One Pass, spyware grabbed the spotlight in July. Still, sensitive breaches kept sending shockwaves across organizations and their stakeholders. A zero-day flaw at Saudi Aramco was exploited for millions. Officials in Florida, Taiwan suffered data leaks. Besides, there was a cryptomining campaign engaging servers from at least 1,300 global organizations.
Chinese state benefits app called Beijing One Pass was found laden with spyware-like features. It is mandatory for foreign organizations in China to download the app to handle employee state benefits.
ZeroX claimed to have stolen 1TB of sensitive data from Saudi Aramco, to which the victim weeks later acknowledged. While the stolen data was up for sale on multiple hacking forums, hackers allegedly demanded $50 million as part of the extortion attempt.
The Cuba ransomware hit Forefront Dermatology and impacted the personal details of 2.4 million patients and employees. Around 47MB of data stolen was dumped on the threat actor’s darknet site.
A consortium of media houses exposed NSO’s Pegasus malware to claim that it was misused to target activists, journalists, business executives, and politicians. The spyware was used to potentially steal all types of data from more than 50,000 smartphones.
Florida’s Department of Economic Opportunity (DEO) suffered a data breach after threat actors allegedly accessed sensitive information from the CONNECT public claimant portal between April 27 and July 16. The affected data includes social security numbers, driver’s license numbers, and bank account numbers, among others.
LINE accounts of more than 100 Taiwanese politicians and government officials were hacked and data pilfered. Users have been asked to enable their account’s message encryption feature.
NFT Ethereum-based game Axie Infinity players were targeted after threat actors infected Google Ads content. The threat actors lured the players into transferring funds from their cryptocurrency accounts.
An SQL database belonging to Humana leaked highly sensitive data—patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, and medical treatment data—of over 6,000 patients on a hacker forum.
The Iran-linked TA453 threat actor group, also known as Charming Kitten, was found impersonating British scholars in a recent attack campaign. Dubbed Operation SpoofedScholars, the motive of the campaign was to steal credentials from senior professors from well-known academic institutions and experts focusing on the Middle East.
Threat actors stole over $350,000 from users in a widespread scam involving over 170 fake mobile apps. These apps—BitScams and CloudScams—promised to perform cryptocurrency mining on behalf of subscribers.
A global cryptojacking scheme that targeted over 1,300 organizations was revealed last month. It reportedly targeted organizations in the health, tourism, media, and education sectors in the U.S., Vietnam, and India.
A leading U.S. insurance company CNA Financial Corporation notified customers of a data breach due to an attack by the Phoenix CryptoLocker ransomware in March. Data—names and social security numbers—of 75,349 individuals were compromised.
As observed, a majority of cyber adversaries had an even greater interest in innovating and experimenting with new tools. Malware used to target European banking applications was upgraded and offered on dark web forums. Some new ransomware groups, including the Haron and BlackMatter groups, attempted to make strides in the threat landscape. Meanwhile, experts warned against security loopholes in smart cameras.