Cyware Monthly Threat Intelligence

Monthly Threat Briefing • November 1, 2023
Monthly Threat Briefing • November 1, 2023
Nations are uniting in the face of growing cybersecurity threats, pooling their resources and expertise to tackle shared challenges. The U.S. and the UAE have inked an agreement to enhance cybersecurity collaboration with information sharing, training, and joint exercises. Meanwhile, Singapore and the U.S. teamed up to counter scams and unsolicited communications through regulatory enforcement and information exchange. On another front, the HHS Office for Civil Rights introduced resources to educate patients about telehealth privacy and security risks, fostering essential cyber hygiene practices.
The U.S. and the UAE signed a memorandum to work closely to improve the security of critical infrastructure in the financial sector. The MoU emphasizes increased information sharing about digital threats, more staff training, and conducting cross-border cybersecurity exercises. This new partnership is part of the U.S. Treasury Department’s continued effort to improve cybersecurity outcomes across the financial service sector.
Singapore's Infocomm Media Development Authority and the U.S. Federal Communications Commission (FCC) signed a memorandum to work together to combat online scams. As part of the effort, the two government agencies will be involved in exchanging information and working with other regulators to deal with scams originating from messages and calls.
The HHS Office of Civil Rights (OCR) unveiled two resource documents to educate patients about the privacy and security risks of their PHIs when using telehealth services. These resources offer tips on basic cybersecurity hygienes such as employing strong and unique passwords, enabling lock screen functions to protect stored health information, activating MFA on accounts, and avoiding public WiFi networks at public charging stations.
The Transportation Security Administration (TSA) announced updates to three security directives regulating passenger and freight railroad carriers in the continued effort to strengthen the industry’s defenses against cyberattacks. The revised directive required owners and operators to submit an annual Cybersecurity Assessment Plan to TSA, test two objectives in their Cybersecurity Incident Response Plan, and provide cybersecurity training to employees.
Last month was marked by a surge in ransomware attacks, creating significant disruptions. The PLAY ransomware group listed over a dozen victims in two weeks, sending threat waves across the world. The education sector continues to be a lucrative target with Stanford University and the University of Michigan disclosing potential cyberattacks affecting confidential records of hundreds of thousands of students. Two major ransomware groups, LockBit and BianLian, also crippled the networks of a pair of organizations in the airline sector.
In the new threats category, Microsoft exposed Octo Tempest, a financially oriented threat actor, which utilizes advanced social engineering techniques to target companies using a variety of tools. Meanwhile, a new attack campaign was spotted which leverages fraudulent MSIX Windows app packages for deploying the GHOSTPULSE malware loader on Windows systems, emphasizing the importance of vigilant cybersecurity measures. In addition, Mirai botnet variants—hailBot, kiraiBot, and catDDoS—were observed targeting IoT devices.