Cyware Weekly Threat Intelligence, April 26 - 30, 2021

Weekly Threat Briefing • April 30, 2021
Weekly Threat Briefing • April 30, 2021
The Good
Emotet is no more! And we are feeling good. At least, one less malware to terrorize us. The cyberworld has taken big strides in innovation this week. A new industry task force has been created by various stakeholders in an attempt to disrupt ransomware groups. In another such beatific news, with the release of a new framework, NFC communications will have stronger privacy.
European law enforcement agencies used a customized DLL to wipe out the notorious Windows malware Emotet. The specially-crafted DLL caused the software to self-destruct. Besides, the FBI shared about 4.3 million email addresses stolen by Emotet with the Have I Been Pwned breach notification site to mitigate threats faced by the victims.
Ransomware Task Force, a coalition of more than 50 stakeholders, proposed 48 recommendations to combat ransomware attacks, and for a global network of ransomware investigation hubs.
The DARPA is testing zero-knowledge proofs, a cryptographic protocol to create mathematical evidence without having to show the underlying work, for use in the vulnerability disclosure process.
The NFC Forum released a new framework for NFC-enabled mobile devices that will safeguard the confidentiality and privacy of NFC communications.
Researchers found a new method to detect fake satellite images, even the ones capable of tricking trained human eyes and advanced computer detection techniques.
The Bad
The week witnessed loads of data breaches, be it due to misconfigured servers or cyberattacks. For instance, the police department in Washington, D.C. suffered an attack by the Babuk ransomware gang. While speaking of data breaches, accidental data leaks have become a huge concern for the cyber community with Wyoming Health Department accidentally exposing the test results of hundreds of thousands of residents. In addition to this, a failed ransom negotiation posed a big problem for the Illinois Office of the Attorney General.
Hundreds of third-party Android contact-tracing apps were found leaking sensitive data due to the API developed by Apple and Google. With these apps, anyone can view users’ medical data.
Los Angeles-based Paleohacks exposed data belonging to almost 70,000 users due to a misconfigured AWS S3 bucket. The bucket included data from 2015 to 2020 and contained personally identifiable information.
The Wyoming Department of Health (WDH) accidentally disclosed COVID-19, flu, and breath alcohol test results of 164,000 individuals on the internet, along with their names, IDs, postal addresses, dates of birth, and dates of service.
DopplePaymer ransomware operators leaked files from the Illinois Office of the Attorney General after a failed negotiation. The leaked files include information from court cases orchestrated by the Illinois OAG, including some private documents.
Houston-based Gyrodata suffered a data breach leading to the leak of current and former employee data, including names, addresses, dates of birth, driver’s license numbers, social security numbers, passport numbers, and tax forms.
The Washington, D.C. police department revealed that its computer network was breached and data was stolen in an attack by the Babuk ransomware gang. The threat actor posted more than 250GB of data on its site on the dark web.
A set of 20 million records belonging to BigBasket users was dropped by ShinyHunters on a popular hacking forum. The attacker claimed that the data was stolen in November 2020, and includes email addresses, SHA1 hashed passwords, addresses, phone numbers, and other assorted information of users.
The court system for the Brazilian state of Rio Grande do Sul—Tribunal de Justiça do Estado do Rio Grande do Sul (TJRS)—suffered an attack by REvil ransomware. The attack encrypted employee files and the court systems were forced to shut down their networks.
Pompurin, a hacker, leaked a database containing personal and sensitive household data of over 250 million Americans. The leaked information contains full names, phone numbers, email addresses, dates of birth, marital status, gender, and physical addresses of users.
In yet another data leak incident, a staggering 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed on a cybercrime forum. The leaked details were claimed to be stolen from government domains from across the world, including the U.S., the U.K, Australia, Brazil, and Canada.
New Threats
Just sliding down the rocky rollercoaster of bad news, we reached Mr. Toad’s Wild Ride that is this section. Way too many new threats popped up this week and we tried our best to compile them for you. Let’s start with the phishing campaigns targeting JPMorgan Chase customers. Moving on to a new spyware that was discovered stealing passwords and sensitive information. Another cyberespionage campaign was revealed that spanned for two years and was conducted by the Naikon APT group.