Cyware Weekly Threat Intelligence, June 13 - 17, 2022

Weekly Threat Briefing • June 17, 2022
Weekly Threat Briefing • June 17, 2022
A good cybersecurity model helps government and private organizations stay ahead of cyberattacks. Taking an initiative in this aspect, the Coalition to Reduce Cyber Risk (CR2) has collaborated with 37 tech leaders to sign a pledge that aims at improving cybersecurity standards. In parallel, the CISA has announced that the Cybersecurity Maturity Model Certification (CMMC) 2.0 is in the process of making and will be launched in 2023.
The Coalition to Reduce Cyber Risk (CR2) along with 37 tech leaders from across eight countries have signed a pledge to improve cybersecurity standards and incorporate them into policies and controls. The adoption of these standards among companies and government agencies is expected to mitigate cyber risks and facilitate economic growth.
The Cybersecurity Maturity Model Certification (CMMC) 2.0 is in the process of making and will be launched in 2023, revealed CISA officials. The model aims to bring a unified security standard among contractors linked to the US Department of Defense (DoD).
Malwarebytes took down several IP addresses of scammers associated with a profitable IP2Scam tech support campaign. The campaign, which was active since last year, redirected users to fake warning pages via malicious ads.
The House appropriations subcommittee has approved a budget of $2.9 billion for CISA in Homeland Security FY2023 Budget Print. The fund will be used to support the agency’s security, infrastructure security, emergency communications, integrated operations, and risk management.
The recently discovered Atlassian Confluence flaw remains under attack. Reports suggest that ransomware groups have jumped on the bandwagon to exploit the flaw and launch widespread attacks. Meanwhile, the Sandworm APT used the Follina vulnerability as an attack vector to infiltrate the networks of multiple media organizations in Ukraine. The Monkeypox outbreak has caught the attention of phishers and is now being used as a lure in phishing campaigns.
The Gallium APT group has been linked to a new attack campaign that distributed a new remote access trojan named PingPull. The attacks were aimed at financial and government organizations in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam.
Check Point researchers uncovered a new Iranian-based spear-phishing attack targeting former Israeli officials, high-ranking military personnel, think tanks, research fellows, and Israeli citizens. The attack hijacked existing email conversations of several trusted parties to trick the recipients. Associated with Phosphorous APT, the ultimate goal of the attack was to pilfer PII and other identity documents.
Phishers are using the Monkeypox outbreak as a new lure to trick users into sharing their personal information. They are sending phishing emails to company employees for ‘mandatory monkeypox safety awareness training.’
AvosLocker and Cerber2021 are among the first few ransomware groups that were found exploiting the recently disclosed RCE vulnerability affecting Atlassian Confluence Server to gain access to corporate networks. They used the POC exploits of the flaw to launch attacks.
A misconfigured Travis CI API had leaked thousands of authentication tokens and other security-sensitive secrets. Many of these leaks could allow hackers to access the private accounts of developers on GitHub, Docker, AWS, and other code repositories.
Ukraine CERT has warned that the Russian hacking group Sandworm is exploiting the Follina vulnerability in a new campaign to target various media organizations in Ukraine. The campaign is carried out via phishing email and has targeted more than 500 recipients.
Yuma Regional Medical Center (YRMC) notified over 700,000 patients about a ransomware attack that occurred in April. The investigation determined that attackers gained unauthorized access to the network and stole files containing certain patient information including names, social security information, and health insurance information.
Health plan provider Kaiser Permanente also disclosed a data breach that affected the personal and health information of up to 70,000 patients. The incident took place in early April.
Around 32 GB of sensitive data stored in an unsecured database of the Uganda Securities Exchange (USE) was left exposed on the internet. The leaked data included the full name, address, date of birth, phone number, email address, and bank details of customers from across the globe..
CHI Health disclosed a third-party data breach that affected the personal data of its patients. The data included names, medical codes, phone numbers, email addresses, dates of birth, and gender of patients. Attackers had hacked the vendor, MCG Health LLC, on March 25.
Belarusian hacktivist group Cyber Partisans released 1.5 TB of data which they claimed is phone calls between the Belarusian Ministry of Internal Affairs from foreign embassies and consulates inside Belarus.
Almost 1.3 million patients belonging to the Texas Tech University Health Services Center have been added as victims of the ransomware attack at Eye Care Leaders in December 2021.
Shoprite Group, a large supermarket chain serving multiple countries across southern Africa suffered a ransomware attack by the group RansomHouse. The data compromise may have affected some customers who engaged in money transfers to and within Eswatini, Namibia, and Zambia.
An unprotected Elasticsearch server belonging to Malaysia-based StoreHub company had reportedly exposed data of about 1 million customers. The leaked data also included information from thousands of retail stores and restaurants.
A new threat to the security of cryptographic software has come to the notice of researchers. Called Hertzbleed, the attack can enable attackers to steal full cryptographic keys by exploiting flaws in modern Intel and AMD processors. There is also an update on the recent activities of the BlackCat RaaS operation. Microsoft revealed that several cybercrime gangs such as DEV-0237 and DEV-0504 have been hiring the ransomware service to launch attacks. Additionally, the BlackCat group has taken its extortion tactic to a new level to put more pressure on victims. A new phishing tool capable of spoofing Microsoft Office and Google is also gaining traction among cybercriminals.