Cyware Weekly Threat Intelligence - February 13–17

Weekly Threat Briefing • Feb 17, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Feb 17, 2023
Cybercrime has become a big illicit business in the digital world and, therefore, it is very important to fortify the underlying cyber infrastructure in critical sectors. Lately, the White House has taken two new initiatives to improve the security of data stored or transmitted within critical systems. While one of them encourages the use of post-quantum cryptography to encrypt sensitive data such as medical and personal information of users, the other aims to mandate the use of only .gov and .mil domains for official government communications.
The aviation industry across the globe saw some major cyberattacks this week, impacting their regular operations and online services. While the operations at airport websites in Germany had gone for a toss following DDoS attacks, a data breach at Scandinavian Airlines exposed the contact and payment details of some of its passengers. In another instance, an unsecured Elasticsearch database became the reason for a data leak incident at an AI media manipulation service.
Public cloud infrastructures are at risk more than ever as several new threat actor groups have begun taking an aim at them. A newly found WIP26 threat group was seen heavily relying on Microsoft Azure, Google Firebase, and Dropbox to drop malware against its targets in the Middle East. Meanwhile, the lesser-known 8220 Gang has also adopted a new tactic to exploit cloud app vulnerabilities in an attempt to expand its cryptomining attacks. In another concerning news, the mayhem caused by ESXIArgs ransomware continues to panic organizations as the attackers take aim at hundreds of entities in Europe.