Cyware Weekly Threat Intelligence, July 04 - 08, 2022
Weekly Threat Briefing • Jul 8, 2022
We use cookies to improve your experience. Do you accept?
Weekly Threat Briefing • Jul 8, 2022
In a new stride taken toward protecting cryptographic security protocols from quantum computing-powered cyberattacks, the NIST has reportedly added four new encryption algorithms that will be used for protecting digital signatures and access to websites. In a big relief, victims infected by AstraLocker and Yashma ransomware will now be able to decrypt files without paying any ransom.
NIST has selected four encryption algorithms—CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+—that will withstand attacks from quantum computers. While CRYSTALS-Kyber will be used for access to websites, the other three are to protect digital signatures.
Emsisoft has released a free decryption tool for victims affected by AstraLocker and Yashma ransomware. The tool will also work for those victim systems that have been compromised via Windows Remote Desktop Protocol.
The FBI will launch a cybersecurity awareness campaign in North Carolina. The campaign will run through the month of September and aims at educating private and public sector organizations about the growing threat of cyberattacks.
Moving on to the bad, data breach incidents exposing users and other sensitive information have put multiple firms like Marriott International, Eye Care Leaders, and American Marriage Ministries under the scanner of federal authorities. Meanwhile, Crema Finance became the latest victim of a DeFi hack, enabling hackers to steal $8.78 million worth of cryptocurrencies.
American Marriage Ministries (AMM) disclosed a data breach incident that affected the data of about 185,000 officiants and 15,000 married couples as well as their wedding guests. This occurred due to an unsecured Amazon bucket that contained around 630 GB of data.
Military entities located in Bangladesh remain a primary target of the Bitter APT group, SECUINFRA has reported. The attacks are launched using malicious Office document files.
Solana-based liquidity protocol Crema Finance lost more than $8.78 million worth of cryptocurrencies after hackers attacked the platform. The attackers used the infamous flash loan trick to manipulate the prices of assets before stealing the assets.
The Marriott hotel chain has suffered another data breach incident that allowed attackers to exfiltrate around 20GB of data, including customer credit card details. Threat actors used social engineering to trick an employee into providing access to the computer.
Threat actors impersonated the Ministry of Human Resources of the UAE government to target individuals and businesses in the Middle East in a large-scale phishing attack. They had created fake domains and websites to defraud users.
A data breach at Eye Care Leaders affected 92,361 patients’ data belonging to Missouri-based Mattax Neu Prater Eye Center. The adversary gained unauthorized access to the system and deleted system configuration files and databases.
TA578 group is leveraging fake copyright infringement complaints to target website owners to disseminate IcedID, BumbleBee, and BazarLoader malware. The campaign has been active for over a year.
A misconfigured Amazon S3 bucket resulted in the exposure of 3TB of airport data. The exposed information included employee PII and other sensitive company data, affecting at least four airports in Colombia and Peru.
In a new discovery, the notorious AsyncRAT was found infecting vulnerable MySQL servers. The malware was distributed via a crack program of commercial software hosted on malicious websites.
Websites, phone lines, and online services of College of the Desert were knocked out following a ransomware attack. While the college continues to experience a system-wide outage, it notes that programs such as Canvas, Adobe, and Microsoft Teams are still available to students.
Software repositories and code samples are being actively abused to automate cyberattacks and this is evidenced by two cryptomining incidents that were observed this week. The week also witnessed an explosion in ransomware attacks across the globe as federal authorities and researchers release technical details and activities of Maui, HavanaCrypt, Hive, RedAlert, and AstraLocker ransomware. In a new twist, the infamous Conti group has also brought on board the TrickBot trojan to launch stealthy attacks against Ukrainians.