Cyware Weekly Threat Intelligence - June 06–10

Weekly Threat Briefing • Jun 10, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jun 10, 2022
Another week, another round of major crackdowns was observed in the cyber world. The U.S. law enforcement agencies seized the operation of the SSNDOB marketplace that was used for trading the personal information of millions of Americans. In another success story, Microsoft dismantled the activities and infrastructure associated with the Bohrium and Polonium threat groups.
The U.S. law enforcement agencies announced the takedown of the SSNDOB marketplace that was used for trading the personal information of millions of Americans. The market had generated over $19 million in revenue by selling the personal details of approximately 24 million individuals.
Microsoft has successfully disrupted multiple cyber operations associated with Bohrium and Polonium threat actor groups. In the case of Bohrium, the tech giant took down 41 domains that were to establish a C2 infrastructure for deploying malicious tools. On the other hand, more than 20 malicious OneDrive apps used in Polonium's attacks were suspended.
Researchers have designed a new privacy framework, dubbed Peekaboo, that can help address the data-sharing concerns across IoT devices. The framework operates on the principle of data minimization, which refers to the practice of limiting the collection of data on a need basis.
Security incidents exposing millions of sensitive data remained a top concern among security experts. Two of these incidents affected the personal data of students in India, Israel, and the U.S. The compromised data included the full names, email addresses, phone numbers, and credit card details of students. Meanwhile, NFT users and cryptocurrency investors again lost their funds to hackers following the attacks at Bored Ape Yacht Club (BAYC) and Maiar.
Tenafly Public Schools had to go back to paper, pencils, and overhead projectors following a ransomware attack. Additionally, this led to the cancellation of exams for all of the district’s high school students.
The Vice Society ransomware group has claimed responsibility for the recent cyberattack on the city of Palermo in Italy. The attack occurred last week and all internet-relying services remain unavailable.
MyEasyDocs, an India-based online document verification platform, exposed 30GB of data owing to a misconfigured Azure server. This included both personal and financial information of over 50,000 students from India and Israel.
A large-scale phishing operation tricked a million users on Facebook and Messenger into sharing their credentials and seeing advertisements. The campaign operators used these stolen accounts to send further phishing messages to their friends, generating significant revenue via online advertising commissions.
Avast researchers exposed a crypto stealing campaign—FakeCrack— that leveraged Google search results for pirated copies of the CCleaner Pro Windows optimization program to infect as many victims as possible.
Malicious hackers again managed to steal 32 NFTs (worth more than $250,000) from Bored Ape Yacht Club (BAYC) by compromising the Discord account of one of its community managers. The threat actors used this compromised account to send a phishing link, which was later used to gain access to BAYC owners’ cryptocurrency wallets. Among the NFTs compromised in the hack were 1 Bored Ape, 2 Mutant Apes, 5 Otherdeeds, and 1 Bored Kennel.
An unprotected Elasticsearch database had exposed 5GB of personal data belonging to over 30,000 students. The unprotected database apparently belongs to account holders of Transact Campus, which works with higher education institutions in the U.S.
Malwarebytes Labs identified a new malvertising campaign that leads to a fake Firefox update. The template seems to be inspired by the one propagated by the SocGhoulish threat actors.
A security incident at Shields Health Care Group resulted in the exposure of the data of two million patients from 60 healthcare providers. This is the largest healthcare data breach reported this year.
Maiar—a decentralized exchange (DEX)—went offline temporarily after hackers hacked into the platform by exploiting a flaw. This enabled them to steal an estimated $113 million from the exchange.
The CISA, along with the NSA and the FBI, issued a joint advisory to warn organizations about the rising cyberespionage attacks by Chinese threat actors. The attacks are going on since 2020 and are aimed primarily at the telecommunications sector.
While enterprises are still waiting for a patch to address the recently disclosed Follina vulnerability, more malware operators have moved in to exploit it. Security experts lately observed several cyber-espionage campaigns exploiting the flaw to deliver QBot and AsyncRAT, among other malware. In other new threats, new capabilities have been added to BlackBasta ransomware and Emotet trojan to ensnare a new range of devices and users.