Cyware Weekly Threat Intelligence, August 08 - 12, 2022
Weekly Threat Briefing • Aug 12, 2022
We use cookies to improve your experience. Do you accept?
Weekly Threat Briefing • Aug 12, 2022
Owing to the rising malware attacks against IoT devices, the HHS Health Sector Cybersecurity Coordinator Center (HC3) released a set of guidelines to improve the security of any internet-connected device. In another development, the Ransomware Task Force (RTF), launched in 2021, has developed an action plan to respond to and recover from ransomware attacks.
The coopetition trend among ransomware gangs has become a matter of concern as more and more organizations find themselves being attacked by multiple threat groups. Recently, an automotive supplier was a victim of this trend after attackers behind LockBit, Hive, and BlackCat dropped their respective malicious payloads at different time gaps to infect systems. There were also multiple incidents of impersonation attacks targeting branded companies like Coinbase, Best Buy, MetaMask, and Gemini.
Managed Service Provider (MSP) Advanced confirmed a ransomware attack on its seven software solutions. This has impacted the connectivity with the U.K’s National Health Service (NHS) and other firms using the solutions, especially emergency services.
Attackers are spoofing Coinbase accounts in a new phishing campaign to steal users’ credentials and their funds. These spoofed accounts are distributed via emails to trick users.
In May, an automotive supplier was the victim of a triple ransomware attack, making it difficult to recover its encrypted files. Attackers behind three ransomware— LockBit, Hive, and BlackCat—had exploited the misconfigured RDP to spread across the networks.
Palo Alto Networks is working on a vulnerability that was exploited to launch reflected DDoS attacks. The flaw, tracked as CVE-2022-0028, affects firewalls from multiple vendors.
The sophisticated scam-as-a-service operation dubbed Classiscam has now expanded to Europe. Active for more than a year, the scam especially targets people using marketplaces and services relating to property rentals, hotel bookings, online bank transfers, online retail, ride-sharing, and package deliveries.
Cisco shared insights into a recent cyberattack that was carried out by compromising an employee’s credentials. This enabled an attacker to conduct a series of sophisticated voice phishing attacks and gain access to critical internal systems. Both Lapsus$ and Yanluowang ransomware gangs are believed to be behind the attack.
7-Eleven was forced to close its outlets in Denmark after suffering a cyberattack. The convenience store chain could not use the cash register or accept payments.
Communications giant Twilio confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The accessed data included addresses, payment details, IP addresses, and proof of identity of 125 customers.
Kaspersky has linked a series of attack campaigns with the TA428 threat actor group. These attacks were primarily aimed at organizations in Asia and Eastern Europe and involved the use of a variety of malware i.e nccTrojan, Logtu, Cotx, DNSep, and CotSam.
Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency customers. The attack was carried out by compromising an employee’s account.
A large-scale phishing campaign is abusing Google sites and the Microsoft Azure Web app to create fake websites for Coinbase, MetaMask, Kraken, and Gemini. These fake websites are being used as channels to target people’s wallets and their assets.
Best Buy was targeted in an impersonation attack, enabling threat actors to steal users’ credentials. Phishing emails were used to spread the fake website.
Coming to new threats, two new types of side-channel attacks against modern processors were uncovered this week. Researchers demonstrated that these attacks—dubbed Scheduler Queue Usage via Interference Probing (SQUIP) and AEPIC Leak—could enable attackers to pilfer sensitive information. A new browser-based attack that abuses the weaknesses of HTTP-request handling has also come to light and it can put popular websites, such as Amazon, at risk.