Cyware Weekly Threat Intelligence - January 03–07
Weekly Threat Briefing • Jan 7, 2022
We use cookies to improve your experience. Do you accept?
Weekly Threat Briefing • Jan 7, 2022
The Good
Let us welcome you to the first weekly threat briefing of the year. The week started with the display of a new technique by a group of academics from UCSB to detect and mitigate inconsistencies in smart contracts. We are quite aware of the dire situation of the healthcare sector when it comes to ransomware threats. Therefore, the HSCA trade group published two guides that would help healthcare providers and manufacturers ensure patient safety.
The Healthcare Supply Chain Association (HSCA) rolled out two guides that discuss privacy and cybersecurity in medical devices. The guides are aimed at healthcare delivery organizations and manufacturers. They would encourage providers and manufacturers to ensure patient privacy and safety and contain recommendations for medical terms and conditions.
Researchers from the University of California, Santa Barbara, (UCSB) developed a scalable technique to scrutinize smart contracts and remove state-inconsistency vulnerabilities. The process assisted them in identifying 47 zero-day bugs in the Ethereum blockchain. Dubbed Sailfish, the technique audits the smart contract’s source pre-deployment and delivers a bug-free contract as smart contracts are not readily upgradable.
The DHS and DOT received a letter from various U.S. senators requesting details about the nation’s transportation infrastructure cybersecurity. The letter seeks information on the steps taken by the DHS and DOT to meet their six responsibilities as per the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021.
The Bad
Platforms for online collaboration and productivity have become an innate part of the lives of most professionals in recent times. Now, cybercriminals were found exploiting Google Docs to deliver malicious phishing websites to users through a quite innovative method that leverages the Comment feature. A New Mexico County government fell prey to a ransomware attack, resulting in the shutdown of public offices in three major cities. It was not very sunny in the healthcare sector as the Broward Health hospital system underwent a huge data breach incident.
An AWS S3 bucket leak affected the sensitive data—API keys, user data, internal messaging systems, and cloud systems—of gaming giant SEGA. in addition to this, other leaked data include multiple sets of AWS keys providing access to all of SEGA Europe’s cloud systems, MailChimp and Steam API keys, and hundreds of thousands of the Football Managers forum members’ data.
A ransomware attack crippled the IT network of the Bernalillo County government in New Mexico, resulting in the shutdown of government buildings and public offices across Albuquerque, Los Ranchos, and Tijeras. The name of the ransomware remains unknown and the attack has severed county employees from accessing local government databases, making it impossible to work with the public.
A report by New York’s OAG states that around 17 well-known online retailers, restaurant chains, and food delivery services were targeted in credential stuffing attacks over the past several months. The OAG confirmed the attacks after investigating thousands of posts containing credentials of more than 1.1 million customer accounts.
A wave of phishing attacks identified in December was found targeting Outlook users by exploiting a flaw in Google Docs’ Comments feature. This enabled the attackers to send malicious links to more than 500 inboxes across 30 tenants, while the attackers used over 100 different Gmail accounts.
Nearly 70 investors fell victim to a long-running internet-based fraud operation that tricked them with various investment opportunities. The victims were directed to 150 different fraudulent sites as a part of the scam carried out by a cybercriminal posing as FINRA broker-dealers. The scam went on for eight long years and the attackers gained over $50 million from the investors.
Researchers decoded the modus operandi of a malicious hacking group Elephant Beetle that has been active in several organized financial-theft operations for at least four years. The attackers targeted organizations in the retail and banking sector to steal funds by diverting transactions. The threat actor leverages an arsenal of 80 novel tools and scripts.
The Broward Health hospital system notified more than 1.3 million patients and staff members about a data breach that affected their personal data. The incident took place in October 2021 and the compromised data included names, addresses, phone numbers, social security numbers, and bank account information of individuals.
Russian embassy diplomats were targeted by a cyberespionage campaign linked to the Konni threat group, over the New Year holiday. The campaign was active since December 20, 2021, and propagated via phishing emails that used the New Year Eve 2022 festivity as a decoy theme.
More than 100 real estate websites belonging to Sotheby’s were infected with web skimmer malware via the Brightcove cloud video platform. The skimmer was designed to gather users’ personal information and credit card details. The threat actors appended the skimmer scripts in a video.
Finalsite, a U.S.-based digital marketing and communications solutions provider to schools, suffered a ransomware attack resulting in thousands of school websites going offline. Around 8,000 schools across 110 countries are claimed to use services provided by the company. However, no evidence of data theft has yet been found.
**New Threats **
It is time to pay closer attention to iPhone security as a new attack technique, dubbed NoReboot, was revealed that enables attackers to fake a restart on your iPhone, impeding the deletion of the malware from your device. New year, new scams. This week, a scam was found targeting Austin inhabitants, leveraging fake QR codes at public parking meters. A new Zloader campaign was also observed exploiting Microsoft’s Signature Verification.