Cyware Weekly Threat Intelligence, February 01 - 05, 2021

Weekly Threat Briefing • Feb 5, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Feb 5, 2021
The Good
Good news travels like molasses, nonetheless, it travels. This week has brought us some good news in its bounty. Another ransomware bit the dust. Another dark web marketplace was shut down. It seems like we are finally gaining some momentum in the race against threat actors.
Operators behind the Fonix ransomware shut down their operation and released the master decryption key for free to the infected users.
A coordinated law enforcement operation successfully shut the shop for ValidCC, a dark web marketplace involved in trading stolen payment card data for more than six years.
IBM announced to offer $3 million in grants to six school districts in the U.S. to help them prepare for and defend against cyberattacks.
As part of efforts to addressing account takeovers by OGUsers, Twitter, Instagram, TikTok, and other platforms are reclaiming the hordes of stolen accounts and sending cease and desist letters to the hackers.
The Bad
By now, it has started feeling like a normal year in the sense that we are witnessing multiple breaches a week. Some unsecured database. Just the usual, you know? Also, Babuk Locker is moving pretty fast for a newly born ransomware. Maybe it’s time Spotify addresses its security concerns after being attack for the second time in three months.
The UK Research and Innovation (UKRI) is dealing with a ransomware attack that encrypted data and impacted two of its services.
British services business Serco has been hit by the Babuk Locker ransomware, impacting the firm’s European operations. The ransomware operators have further claimed to copy more than 1TB of data after hacking the network for about three weeks.
The data of 3.2 million DriveSure clients was available on Raidforums hacking forum late last month. The information exposed included names, addresses, phone numbers, email addresses, IP addresses, car makers, car service records, dealership records, and car models.
Washington’s State Auditor office has suffered a data breach that exposed the personal information of 1.6 million employment claims. Threat actors exploited a vulnerability in a file transfer service from Accellion to breach the data.
An unsecured Microsoft Azure blob was found leaking images of hundreds of passports and identity documents of journalists and volleyball players from around the world.
Spotify suffered another credential-stuffing attack in a span of three months. Experts surmise more than 100,000 customers could face account takeover.
Estate agent Foxtons Group is under pressure due to a data leak incident. Reports claim that thousands of customer card and personal details have been uploaded to a dark web site.
Oxfam Australia has launched an investigation after its customer database containing 1.7 million customer details and donor information was put on sale on the dark web.
A mysterious hacking group has targeted BigNox, a company that makes the NoxPlayer Android emulator, in a highly-targeted supply chain attack.
New threats
It is an especially warm January, but the new threats that you are going to read in here might give you a chill. The evolution graph of Agent Tesla is on the rise. Trickbot is getting stronger and stronger. Kubernetes clusters are facing new sophisticated threats. You are warmed up enough. Here are other threats that this week sailed through.