Cyware Weekly Threat Intelligence, August 24 - 28, 2020

Weekly Threat Briefing • August 28, 2020
Weekly Threat Briefing • August 28, 2020
The Good
With cyberattacks becoming more sophisticated, addressing them with robust cyber technologies is the need of the hour. Realizing the pressing priority, researchers have come up with two new Artificial Intelligence (AI) techniques to ward off cyberattacks on medical devices and supercomputers. Moreover, the Cybersecurity and Infrastructure Security Agency (CISA) proposed five strategic initiatives to secure 5G networks from unwanted threats.
The Bad
In addition to the developments and discoveries, , the cyber ecosystem witnessed some terrible cyberattacks this week. The notorious Lazarus threat actor group was found responsible for an ongoing cryptocurrency mining campaign that has been active since 2018. The campaign is carried out through LinkedIn. Meanwhile, the REvil ransomware gang claimed attacks on Valley Health Systems and stole information related to its clients, employees, and patients.
New Zealand’s stock exchange resumed trading after facing disruptions due to DDoS attacks for four consecutive days. There is no clarity on who was behind the attacks.
REvil ransomware gang claimed to have stolen sensitive data after an attack on Valley Health Systems. The compromised data includes information related to its clients, employees, and patients.
The operations of Australian IT vendor, Data#3, were temporarily disrupted due to a cyber incident. The company contacted 28 of its impacted customers to inform them about the mishappening.
College of the Desert became the victim of an attack that brought down email and web services. However, there was no evidence of compromise of any personally identifiable information. In a different incident, a malware attack resulted in the shutdown of virtual classes held by Rialto Unified School District. The malware was specifically designed to disrupt, damage, and gain unauthorized access to the computer systems.
In an advisory, Autodesk warned users about hackers using a PhysPluginMfx MAXScript exploit that can corrupt 3ds Max settings, run malicious code, and propagate to other MAX files on a Windows system. These malicious codes are capable of collecting passwords from web browsers such as Firefox, Google Chrome, and Internet Explorer.
The recently discovered DarkSide ransomware claimed its first attacks on a North American land developer, Brookfield Residential. The operators stole more than 200GB data from the firm and posted a portion of it to extort the victim.
An ongoing cyberespionage campaign linked with the Lazarus threat actor group was found to be active since 2018. The campaign, which is carried out through Linkedin, has targeted businesses in at least 14 countries including the U.K. and U.S.
New Threats
Talking about new threats, a group of threat actors were observed modifying their evasion techniques to bypass email security tools. Attackers were spotted using HTML/CSS and Unicode tricks to fool users into believing a spoofed email is legitimate. Additionally, new details about two threat actor groups—BeagleBoyz and UltraRank—were revealed. While BeagleBoyz attacked financial institutions, UltraRank stole credit card details from hundreds of e-commerce sites.