Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Aug 2, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Aug 2, 2022
Cybercriminals are quickly catching up with security protocols that come along with quantum computers. In the wake of it, the NIST has finalized the first four quantum-resistant cryptographic algorithms that researchers have been working on for nearly six years. The collection of personal sensitive data by various tech firms to cater to us better is backfiring due to the shadowy ad tech and data broker ecosystem. This has prompted the FTC to caution tech firms against sharing such sensitive data with third parties.
The exploitation of sensitive data, including users' browser behavior, healthcare data, and their precise whereabouts, is rising with each passing day. The U.S. Federal Trade Commission (FTC) has issued a warning that it will take action against tech companies that are illegally using and sharing highly sensitive data of users. The agency aims at using the full scope of its legal authorities to protect consumers’ privacy.
Google has officially added support for DNS-over-HTTP/3 (DoH3) in Android to keep DNS queries private. This will effectively prevent third parties from snooping on users' browsing activities. Phones running Android 11 and higher versions are expected to use DoH3 instead of DNS-over-TLS (DoT), which came with Android 9.0.
After six years, the NIST handpicked four encryption algorithms—CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+—that will withstand attacks from quantum computers. While CRYSTALS-Kyber will be used for access to websites, the other three are to protect digital signatures. These algorithms will also be helpful in safeguarding daily-in-use critical online banking and email software systems.
The U.S. federal credit union regulators announced a new mandate to report cyber incidents. According to the new proposed rule, federally chartered credit union organizations are required to report within 72 hours of a cyberattack and apply for third-party security breaches as well.
The efforts to disrupt the Web3 universe are intensifying with each passing day. In the past month, security experts witnessed multiple decentralized protocols and platforms, including Uniswap, Crema Finance, Audius, and Premint, lose tens of millions of dollars altogether. Meanwhile, researchers reported European cyber mercenaries dropping Subzero surveillance malware on the networks of entities in Central America and Europe. In other news, the virtual pets website Neopets fell victim to a breach affecting millions of people worldwide.
The FBI issued a warning against cybercriminals distributing fake cryptocurrency investment applications to crypto enthusiasts in the U.S. They make users install fake apps and deposit funds into wallets allegedly associated with the victims' accounts. Cybercriminals defrauded at least 244 investors to pilfer roughly $42.7 million.
The decentralized music platform Audius was hacked, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million. The hacker exploited a bug in the contract initialization code to launch the hack.
Austrian hack-for-hire company DSIRF, along with the Knotweed gang, was spotted abusing multiple bugs in Windows and Adobe software products in a targeted attack campaign against European and Central American individuals. The Private-Sector Offensive Actor (PSOA) drops a surveillance tool known as Subzero. The malware can be used to hack phones, computers, and IoT devices.
American Marriage Ministries (AMM) disclosed a data breach incident that affected the data of about 185,000 officiants and 15,000 married couples, as well as their wedding guests. This occurred due to an unsecured Amazon bucket that contained around 630GB of data.
Solana-based liquidity protocol Crema Finance lost more than $8.78 million worth of cryptocurrencies after hackers attacked the platform. The attackers used the infamous flash loan trick to manipulate the prices of assets before stealing the assets.
Microsoft researchers revealed that a large-scale phishing attack campaign has targeted more than 10,000 organizations since September 2021. The campaign used the Evilginx2 phishing toolkit to construct phishing pages, bypass MFA, and steal credentials and session cookies from Office 365 users.
Professional Finance Company disclosed a ransomware attack that impacted the private data of around 1.9 million people associated with hundreds of U.S. hospitals, medical clinics, and dental firms. The debt collection firm revealed that the criminals were able to access files from more than 650 healthcare providers.
Threat actors compromised the official website of Premint NFT and stole 314 NFTs, amounting to approximately $375,000. The attack has six primary EOAs associated with it, among which two wallets contain Bored Ape Yacht Club, Otherside, Oddities, and goblintown.wtf NFTs.
Over the last month, a crimeware group named 8220 has expanded its botnet to roughly 30,000 hosts. The group makes use of SSH brute force attacks and abuses Linux and cloud app vulnerabilities to grow its botnet.
Neopets, a virtual pets website, suffered a data breach that impacted the personal data of 69 million members. Reportedly, a hacker named 'TarTarX' has begun selling the source code and database for the Neopets.com website for four bitcoins.
The Marriott hotel chain suffered another data breach incident that allowed attackers to exfiltrate around 20GB of data, including customer credit card details. Threat actors used social engineering techniques to trick an employee into providing access to their computer.
About 4295 ETH (approximately $4.6 million at the time of reporting) was stolen in a phishing attack on the Uniswap cryptocurrency exchange. The attackers exploited the Uniswap V3 protocol on the ETH blockchain to launch the attack.
Cozy Bear (APT29) was seen abusing legitimate cloud services, such as Google Drive and DropBox, to target a number of Western diplomatic missions, including foreign embassies of Portugal and Brazil. The group’s phishing technique involves the use of a malicious HTML file, called EnvyScout, which acts as a dropper for Cobalt Strike and additional payloads.
Phishers and scammers are following the ebbs and flow of the threat landscape. A highly-successful phishing campaign was observed stealing banking data from the likes of Bank of America, Capital One, Citibank, Wells Fargo, and others. Linux systems continue to gain the attention of cybercriminals as Orbit and Lightning Framework join as fresh threats against the open-source, community-developed operating system. That’s not all. The introduction of new malware strains, such as Autolycos, Havanacrypt and, Checkmate, has stirred anxiety among researchers.