Cyware Weekly Threat Intelligence - June 14–18

Weekly Threat Briefing • Jun 18, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jun 18, 2021
The Good
“You're gonna clap your hands, Gonna wanna dance when you hear it.” Because we have loads of good news to give your morning a fresh start. Another ransomware has locked up its business and sent the decryption keys for its victims. A change of heart? Perhaps not! In a latest technological advancement researchers developed a smart home system that doesn’t eavesdrop on your conversations. There cannot be a good end to the week without cybercriminals being punished for their deeds. Microsoft broke up the cloud infrastructure used by BEC scammers.
The NSA has released mitigations and best practices for system admins to follow in order to secure Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems.
Thousands of online marketplaces parading as pharmacies were taken down by Interpol in Operation Pangea XIV. These marketplaces pushed fake and illicit medicines and drugs as well as fake COVID-19 testing kits.
One of the most prolific ransomware of our times—Avaddon—announced shutting down its operations and providing a decryption tool for free. The file was sent to BleepingComputer and had decryption keys for all 2,934 victims.
Ukrainian police allegedly busted members of the Cl0p ransomware gang that extort money from foreign businesses, located specifically in the U.S. and South Korea.
Researchers at the University of Rochester devised an approach called TimeCache that protects against side-channel attacks like evict+reload and Spectre, with a tiny performance impact.
Microsoft researchers disrupted the cloud-based infrastructure used by BEC scammers in a recent large-scale attack campaign aimed at Office 365 users.
Researchers at the University of Michigan developed a system called PrivacyMic that can filter out audible sounds, thereby offering more security and privacy to users of smart home systems.
The Bad
When an organization is repeatedly hit by cyberattacks, it raises some serious questions about its security posture and what it is doing to protect sensitive information. Take the case of Carnival Corporation. The firm has been hit with security breaches multiple times in the past couple of years, with the latest one this week. Once again, we cannot escape from the news of misconfigured databases as Cognyte left bare billions of records exposed. The monumental SITA breach has finally been attributed to the APT41 threat actor.
The Polish parliament stated that individuals and institutions were targeted in a series of cyberattacks. The incident follows the breach of the private email account of the head of the prime minister’s office.
Around 20GB of confidential files containing personal information—full names, physical addresses, purchase details, phone numbers, and email addresses—of retail customers was exposed due to an unprotected Amazon AWS bucket. In the same vein, a misconfigured database belonging to Cognyte had exposed more than 5 billion records for three days before security professionals secured it.
An online database containing 204GB of data belonging to CVS Health disclosed over a billion records due to a misconfiguration issue. The data includes production records of visitor IDs, session IDs, and device access information.
The TA402 threat actor group, also known as Molerats and GazaHacker, was found responsible for a cyberespionage campaign targeting government agencies in the Middle East.
Scammers were spotted sending fake replacement devices to Ledger customers affected in a recent data breach in an attempt to steal from their cryptocurrency wallets. Although the device looked legitimate, the printed circuit board was modified.
Taobao, Alibaba’s shopping operation, suffered a data breach exposing the usernames and phone numbers of a billion users. The information was lifted from the site by a crawler developed by an affiliate marketer.
NFT creators and digital artists were targeted in a Redline malware campaign, enabling the threat actor to swipe the former’s profits. According to reports, the attacker impersonated NFT creators and approached Twitter users with business deals that tricked them into downloading and running a malware-laced file.
A security vulnerability in the Peloton Bike+ and Peloton treadmill equipment could expose gym users to a variety of cyberattacks. The flaw has no CVE details and can allow a hacker to gain remote root access to the Peloton’s tablet. A patch has been issued.
The data breach at SITA, a global IT service provider for 90% of airlines worldwide, was traced back to the Chinese state-sponsored threat actor APT41 by the Group-IB team.
Carnival Corporation suffered a data breach wherein attackers gained access to its email accounts and customer and employee data. The data included names, addresses, phone numbers, dates of birth, passport numbers, health information, and in some special cases, social security numbers.
New Threats
Well well well, what do we have here? A novel malware has been discovered that doesn’t fit any typical malware motive, as of now. It instead tries to ban software piracy! A new Mirai variant has been found that scans Tenda routers for uncommon flaws. Finally, we have an opportunistic hacker trying to fly under the name of DarkSide to misdirect the defenders.