Cyware Weekly Threat Intelligence, January 11 - 15, 2021

Weekly Threat Briefing • Jan 15, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jan 15, 2021
The Good
The cybersecurity space witnesses its fair share of ups and downs every week. However, slowly but steadily, researchers and law enforcement authorities are gaining ground on threat actors. In one positive development, Europol cracked down on the largest illicit underground marketplace known as DarkMarket.
Europol cracked down on DarkMarket, allegedly one of the world’s largest illegal marketplace on the dark web. The group has arrested an Australian citizen living in Germany in connection to the case.
A free decryptor for the DarkSide ransomware will allow victims to recover their files without paying a ransom. The ransomware has been active since August 2020 and has generated millions of dollars for its operators.
The Bad
While we have all left 2020 behind, threat actors are still on a constant prowl. This week witnessed several high-profile security incidents impacting the likes of the United Nations, Reserve Bank of New Zealand, and private firms like Capcom and Ubiquiti.
A group of researchers was able to gain access to the repositories of the United Nations as part of the Vulnerability Disclosure Program. This resulted in the leak of several user credentials, including over 100,000 private records for the United Nations Environmental Programme employees.
New Zealand’s central bank underwent a data breach after an attacker gained unauthorized access to a third party file sharing service used by it.
Ubiquiti suffered a security breach that occurred due to unauthorized access to some of its systems. The exposed information includes name, email address, phone number, home address, and one-way encrypted passwords.
Chinese social media firm Socialarks suffered a data leak leading to the exposure of over 400GB of personal data due to an unsecured Elasticsearch database.
Capcom suffered a security breach by Ragnar Locker, affecting the personal data of up to 400,000 gamers.
The European Medicine Agency (EMA) revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December were leaked online.
A campaign dubbed Operation Spalax is using a trio of remote access trojans to steal confidential information from Columbian companies.
A website named SolarLeaks was found selling data claimed to be stolen from companies affected by the SolarWinds attack. The stolen data on the website allegedly belongs to Microsoft, Cisco, FireEye, and SolarWinds.
Conti ransomware struck again, this time affecting OmniTRAX. Following the attack, the threat actors have leaked around 70GB of the stolen data.
An unsecured Microsoft Azure Blob belonging to Nohow International was exposed online for a week before it was secured. The database contained sensitive documents of over 12,000 U.K workers.
New Threats
The year has barely started and with it came along various new threats. Several attack campaigns and malware saw new updates for greater damage, including the OSAMiner, Rogue RAT, and Ursnif trojan. A Chinese APT group was associated with a new campaign against organizations in Hong Kong and Russia.