Cyware Weekly Threat Intelligence, January 11 - 15, 2021

Weekly Threat Briefing • January 15, 2021
Weekly Threat Briefing • January 15, 2021
The Good
The cybersecurity space witnesses its fair share of ups and downs every week. However, slowly but steadily, researchers and law enforcement authorities are gaining ground on threat actors. In one positive development, Europol cracked down on the largest illicit underground marketplace known as DarkMarket.
The Bad
While we have all left 2020 behind, threat actors are still on a constant prowl. This week witnessed several high-profile security incidents impacting the likes of the United Nations, Reserve Bank of New Zealand, and private firms like Capcom and Ubiquiti.
A group of researchers was able to gain access to the repositories of the United Nations as part of the Vulnerability Disclosure Program. This resulted in the leak of several user credentials, including over 100,000 private records for the United Nations Environmental Programme employees.
New Zealand’s central bank underwent a data breach after an attacker gained unauthorized access to a third party file sharing service used by it.
Ubiquiti suffered a security breach that occurred due to unauthorized access to some of its systems. The exposed information includes name, email address, phone number, home address, and one-way encrypted passwords.
Chinese social media firm Socialarks suffered a data leak leading to the exposure of over 400GB of personal data due to an unsecured Elasticsearch database.
Capcom suffered a security breach by Ragnar Locker, affecting the personal data of up to 400,000 gamers.
The European Medicine Agency (EMA) revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December were leaked online.
A campaign dubbed Operation Spalax is using a trio of remote access trojans to steal confidential information from Columbian companies.
A website named SolarLeaks was found selling data claimed to be stolen from companies affected by the SolarWinds attack. The stolen data on the website allegedly belongs to Microsoft, Cisco, FireEye, and SolarWinds.
Conti ransomware struck again, this time affecting OmniTRAX. Following the attack, the threat actors have leaked around 70GB of the stolen data.
An unsecured Microsoft Azure Blob belonging to Nohow International was exposed online for a week before it was secured. The database contained sensitive documents of over 12,000 U.K workers.
New Threats
The year has barely started and with it came along various new threats. Several attack campaigns and malware saw new updates for greater damage, including the OSAMiner, Rogue RAT, and Ursnif trojan. A Chinese APT group was associated with a new campaign against organizations in Hong Kong and Russia.