Cyware Weekly Threat Intelligence, December 14 -18 , 2020

Weekly Threat Briefing • Dec 18, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Dec 18, 2020
The Good
It’s true that governments have always faced an uphill battle against cyberattackers. Despite the continuing struggles, the governments and federal agencies are putting forward new cybersecurity strategies that are designed to enhance security across different infrastructures.
A new EU Cybersecurity Strategy has been released to bolster Europe’s collective resilience against cyber threats. The strategy is applicable across the electricity grid, banks, planes, public administrations, and hospitals in Europe.
The NIST has drafted a set of guidelines for federal agencies on improving the cybersecurity of IoT devices. The four new documents are drafted with the goal that IoT devices are integrated into the security and privacy controls of federal information systems.
California’s Attorney General has proposed new changes in the California Consumer Privacy Act (CCPA) that will allow consumers to better handle their personal information.
The Bad
Amid new strategies, the cyber landscape saw a major assault from the Russian hacking group in the form of a sophisticated supply chain attack that impacted several public and private firms. Additionally, ransomware operators continued the menace by targeting Habana Labs and Hurtigruten.
Intel-owned AI processor developer Habana Labs suffered an attack from Pay2Key ransomware that stole business documents and source code images related to the firm. The stolen data also included Windows domain account information, DNS zone information for the domain and a file listing from its Gerrit development code review system. Norwegian cruise company Hurtigruten also disclosed being targeted in a ransomware attack that seized several sensitive data in exchange for ransom.
Popular digital media service, Spotify, suffered a data breach for the third time after it inadvertently exposed the personal information of its business partners. The incident occurred due to a security vulnerability in its system.
The week witnessed a massive supply chain attack on SolarWinds’ Orion platform that was used by several U.S government agencies and private firms such as Boeing, AT&T, and Ford. To prevent the spread of the attack, researchers from Microsoft and FireEye came up with a killswitch from SUNBURST backdoor that was used widely in the campaign. In another supply chain chaos, Vietnam Government Certification Authority (VGCA) was attacked to distribute Phantom spyware.
Cybercriminals breached multiple content management systems to gain access to 22 different websites operated by Lithuania’s public sector. The attackers published articles containing misinformation on the sites. Missouri also came under the attack of ransomware operators who disrupted multiple services and systems.
California-based Sonoma Valley Hospital notified 67,000 patients about a cyberattack that exposed their personal data. The hospital had shut down systems to prevent the spread of the attack.
Unprotected online storage devices tied to hospitals and medical centers all over the world had left 45 million medical scans exposed to the internet. Not only these scans were available online over the past twelve months, but malicious folks had also accessed those servers and poisoned them with apparent malware.
Details of 1.9 million members of the Chinese Communist Party were leaked on a hacking forum in the form of a CSV file. The exposed records included name, sex, organization, hometown, ID, address, mobile number, and education details.
New Threats
In new threats, the week witnessed the discovery of two new attack techniques, named SocGholish and AIR-FI, that can be leveraged to target a specific set of devices. New malware in the form of spyware and trojan were also leveraged for targeting different organizations.