Cyware Weekly Threat Intelligence, March 08 - 12, 2021

Weekly Threat Briefing • Mar 12, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Mar 12, 2021
The Good
In the cyber world, the fight against major security threats and risks requires organizations to work together. This week, we witnessed the combined efforts of a U.S. federal government agency and dozens of states to bust a multi-million dollar fraud operation. The open-source community also saw the launch of a new project aimed at improving the adoption of secure code signing.
The Linux Foundation rolled out the sigstore project to offer a secure environment to the software supply chain by enabling the easy adoption of cryptographic software signing by developers.
The U.S. Department of Justice confiscated the fifth domain faking the official site of Regeneron Pharmaceuticals involved in COVID-19 vaccine development.
The FTC collaborated with nearly 40 U.S. states to put an end to a major charity fraud operation that scammed victims of more than $110 million via deceptive charitable fundraising calls.
The Bad
Meanwhile, SolarWinds attacks have taken a backseat, while the Accellion breach has become the mega-breach of the week. Amidst all this, it is raining attacks on Microsoft Exchange servers, with the Norwegian Parliament getting breached for the second time in a span of six months. Sometimes the line between hacktivism and cybercrime gets extremely blurred, which happened in the case of Verkada security cameras breach.
The Norwegian Parliament suffered an attack for the second time in six months. The attack was carried out by exploiting a vulnerability in Microsoft’s Exchange software.
An attack by Ryuk ransomware affected more than 700 government agencies across Spain. While the agencies are working on restoring the affected systems, officials claimed that personal data, payroll, and unemployment benefits were not affected by the attack.
A ransomware attack paralyzed the systems at Oloron-Sainte-Marie hospital in Southwest France. The incident took place on March 8, following which the gang is demanding a ransom of $50,000 in Bitcoin.
The European Banking Authority (EBA) is another victim affected by the exploitation of vulnerabilities in Microsoft Exchange. As a part of security measures, the firm had pulled its email servers offline to contain the attack.
The University of Texas suffered a network outage due to a malicious intrusion. Emails and the server hosting the university’s website were affected by the incident, forcing faculty and students to communicate via blackboard.
Flagstar Bank was added to a list of companies breached due to an Accellion software zero-day vulnerability. So far, the reported victims include Qualys, the Reserve Bank of New Zealand, the Australian Securities and Investment Commission, and Transport for New South Wales, among others.
Video surveillance and AI security-based firm Verkada was allegedly breached by a member of the hacktivist group APT 69420 Arson Cats. Video feed from almost 150,000 cameras around the world was leaked. The videos were later posted on Twitter with the OperationPanoticon hashtag.
The University of Central Lancashire, along with the University of Highlands and Queen’s University, was hit by a series of cyberattacks. This had affected the systems and other communication devices of these universities.
At least 30,000 U.S. organizations have been hacked in a widespread attack that abused four previously known zero-day vulnerabilities found in Microsoft Exchange Server. The flaws are tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.
New Threats
Several new threats emerged this week featuring the use of new tactics and techniques. A new malware popped up that has been written in the Nim programming language. A hybrid malware with both cryptominer and ransomware capabilities became the double trouble as it infected thousands of devices in just two months.