Cyware Weekly Threat Intelligence, August 24 - 28, 2020

Weekly Threat Briefing • Aug 28, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Aug 28, 2020
The Good
With cyberattacks becoming more sophisticated, addressing them with robust cyber technologies is the need of the hour. Realizing the pressing priority, researchers have come up with two new Artificial Intelligence (AI) techniques to ward off cyberattacks on medical devices and supercomputers. Moreover, the Cybersecurity and Infrastructure Security Agency (CISA) proposed five strategic initiatives to secure 5G networks from unwanted threats.
The Australian state of New South Wales announced an investment of AU$60 million (~USD 44 million) to improve the state’s cybersecurity capabilities. The funding, which spans over the next three years, will be used to protect existing systems, deploy new technologies, and increase the cyber workforce.
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) outlined five strategic initiatives to secure the country’s U.S 5G networks against cyber threats. This will include the development of 5G policy and standards capable of stopping malicious actors from influencing the design of new systems.
MITRE released a new Shield framework to help organizations actively detect and counter intruders on their networks. The framework includes different tactics to detect, disrupt, and contain attacks from intruders.
Researchers at Ben-Gurion University of the Negev developed a new AI technique to protect medical devices from malicious operating instructions in a cyberattack as well as other human and system errors. The technology will help analyze the instructions sent from PC to connected devices, detecting the presence of any anomalous code.
In yet another research, computer scientists designed a new AI system to identify and prevent malicious codes from hijacking supercomputers to mine cryptocurrencies.
The Bad
In addition to the developments and discoveries, , the cyber ecosystem witnessed some terrible cyberattacks this week. The notorious Lazarus threat actor group was found responsible for an ongoing cryptocurrency mining campaign that has been active since 2018. The campaign is carried out through LinkedIn. Meanwhile, the REvil ransomware gang claimed attacks on Valley Health Systems and stole information related to its clients, employees, and patients.
New Zealand’s stock exchange resumed trading after facing disruptions due to DDoS attacks for four consecutive days. There is no clarity on who was behind the attacks.
REvil ransomware gang claimed to have stolen sensitive data after an attack on Valley Health Systems. The compromised data includes information related to its clients, employees, and patients.
The operations of Australian IT vendor, Data#3, were temporarily disrupted due to a cyber incident. The company contacted 28 of its impacted customers to inform them about the mishappening.
College of the Desert became the victim of an attack that brought down email and web services. However, there was no evidence of compromise of any personally identifiable information. In a different incident, a malware attack resulted in the shutdown of virtual classes held by Rialto Unified School District. The malware was specifically designed to disrupt, damage, and gain unauthorized access to the computer systems.
In an advisory, Autodesk warned users about hackers using a PhysPluginMfx MAXScript exploit that can corrupt 3ds Max settings, run malicious code, and propagate to other MAX files on a Windows system. These malicious codes are capable of collecting passwords from web browsers such as Firefox, Google Chrome, and Internet Explorer.
The recently discovered DarkSide ransomware claimed its first attacks on a North American land developer, Brookfield Residential. The operators stole more than 200GB data from the firm and posted a portion of it to extort the victim.
An ongoing cyberespionage campaign linked with the Lazarus threat actor group was found to be active since 2018. The campaign, which is carried out through Linkedin, has targeted businesses in at least 14 countries including the U.K. and U.S.
New Threats
Talking about new threats, a group of threat actors were observed modifying their evasion techniques to bypass email security tools. Attackers were spotted using HTML/CSS and Unicode tricks to fool users into believing a spoofed email is legitimate. Additionally, new details about two threat actor groups—BeagleBoyz and UltraRank—were revealed. While BeagleBoyz attacked financial institutions, UltraRank stole credit card details from hundreds of e-commerce sites.