Cyware Weekly Threat Intelligence, January 04 - 08, 2021

Weekly Threat Briefing • Jan 8, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jan 8, 2021
The Good
With attackers leaving no stone unturned to make the cyberworld chaotic, government agencies also try to keep pace by issuing guidelines and mitigations for improving organizations’ security posture. While the White House released the standards for the U.S. maritime transportation system for threat information sharing, the NSA issued guidelines for network security analysts and system administrators to mitigate risks posed by weak encryption protocols.
A National Maritime Cybersecurity Plan was rolled out that will set standards for the U.S. maritime transportation system for threat information sharing, creating a cybersecurity workforce, and establishing a risk framework in ports.
The NSA released guidance to help network security analysts and system administrators in detecting and replacing outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants.
The U.S. government announced Hack the Army 3.0 bug bounty program—scheduled to take place between January 6 and February 17—with a goal of helping the U.S. Army secure its digital assets against cyberattacks.
The Bad
With good, comes the bad. On one hand, Nissan and Microsoft disclosed incidents that resulted in source code leaks, while on the other, more than 200 million records of Chinese citizens were put on sale on a Russian dark web forum. Further, ransomware incidents and phishing scams from the week reflected the rugged cybersecurity posture of a few firms.
A threat actor posted data of 10,000 American Express credit card holders on a hacker forum for free. The data exposed includes names, full addresses, phone numbers, and dates of birth of customers.
Nissan this week revealed leaking the source code of mobile apps and internal tools due to a misconfiguration issue in one of its Git repositories, a Bitbucket instance. Hackers shared it in the form of torrent links on Telegram channels and hacking forums.
During an ongoing investigation into the Microsoft supply chain attack, the firm revealed that the hackers were able to view unspecified source code during the attack. The attacks that allegedly began around March were linked to Russian state-sponsored cyberespionage gang APT29 (aka Cozy Bear).
Security researchers reported that the China-based APT27 threat actor group is behind ransomware attacks that encrypted several core servers for at least five companies in the online gambling sector.
ShinyHunters is now selling databases comprising data of over 10 million users belonging to three more Indian companies on a dark web forum. The affected companies are ClickIndia, ChqBook, and WedMeGood. Earlier, the hacker group was responsible for the data breach at Juspay.
Over 200 million records related to Chinese citizens have been put on sale on a Russian dark web forum. Researchers claim that the data might have been stolen from multiple popular Chinese services, including Gongan, County, Weibo, and QQ.
Around 3GB archive of data belonging to the U.S.-based auto parts shop, NameSouth, was publicly leaked by the NetWalker gang, following a failed ransom negotiation. The trove contained financial and accounting data, credit card statements, employee PII, and various legal documents.
Security researchers stumbled across a scammer group that has been impersonating Singapore government officials in an attempt to pilfer banking information from users. The group claims to be impersonating government agencies such as the police or Ministry of Manpower over the calls or texts.
Security experts found the Ben-Gurion University of the Negev compromised and in the hands of cybercriminals that had already impacted several servers during a routine scan at the facility.
A hacker group, dubbed Spiderz, allegedly hacked into Hezbollah's Al-Qard Al-Hassan financial organization and laid bare sensitive information of several clients and the organization’s annual budget.
The PYSA ransomware actors released data they, allegedly, stole from the Hackney Council, London, during an attack from last year. This includes sensitive personal data of staff and residents.
New Threats
The new year has brought a flood of new threats. In the first week of the year, researchers discovered a new RAT called ElectroRAT that can target Windows, Linux, and macOS systems. Moreover, the first new ransomware family of 2021, Babuk Locker, was identified which has compromised the Windows Restart Manager of corporate victims.