Cyware Weekly Threat Intelligence, August 08 - 12, 2022

Weekly Threat Briefing • August 12, 2022
Weekly Threat Briefing • August 12, 2022
Owing to the rising malware attacks against IoT devices, the HHS Health Sector Cybersecurity Coordinator Center (HC3) released a set of guidelines to improve the security of any internet-connected device. In another development, the Ransomware Task Force (RTF), launched in 2021, has developed an action plan to respond to and recover from ransomware attacks.
The coopetition trend among ransomware gangs has become a matter of concern as more and more organizations find themselves being attacked by multiple threat groups. Recently, an automotive supplier was a victim of this trend after attackers behind LockBit, Hive, and BlackCat dropped their respective malicious payloads at different time gaps to infect systems. There were also multiple incidents of impersonation attacks targeting branded companies like Coinbase, Best Buy, MetaMask, and Gemini.
Coming to new threats, two new types of side-channel attacks against modern processors were uncovered this week. Researchers demonstrated that these attacks—dubbed Scheduler Queue Usage via Interference Probing (SQUIP) and AEPIC Leak—could enable attackers to pilfer sensitive information. A new browser-based attack that abuses the weaknesses of HTTP-request handling has also come to light and it can put popular websites, such as Amazon, at risk.