Cyware Weekly Threat Intelligence - March 13–17

Weekly Threat Briefing • Mar 17, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Mar 17, 2023
This week, the CISA launched a pilot program to help critical infrastructure organizations deal with ransomware threats. Created under the purview of recent incident reporting legislation, and in collaboration with the FBI, the program will be used to warn organizations about the vulnerabilities lurking in their systems and software, along with the remedies to reduce the impacts of ransomware attacks. Meanwhile, the NSA and the SEC also released two different cybersecurity guidelines in an effort to improve the security posture of organizations in several critical sectors.
The CISA unveiled a new program named ‘The Ransomware Vulnerability Warning Pilot’ in an effort to protect critical infrastructure entities from ransomware attacks. Under this program, the law enforcement agency will warn organizations about commonly exploited vulnerabilities in ransomware attacks and provide actionable information to reduce the impact. The effort will be coordinated by the Joint Ransomware Task Force.
The NSA this week released the ‘Advancing Zero Trust Maturity throughout the User Pillar’ cybersecurity information sheet to help system operators mature ICAM capabilities. The guidance is aimed at reducing the impact of cyber threats on the nation’s critical infrastructure and Defense Industrial Base (DIB) systems due to immature capabilities in ICAM.
The SEC proposed new cyber incident reporting rules for a range of financial organizations. The new rules make it mandatory for some financial organizations to annually test and review the effectiveness of their cybersecurity policies and procedures. In case of an attack, organizations are required to report within 48 hours of detecting the incident.
Researchers at Kaspersky got hold of a cache of 258 private keys that enabled them to generate a decryption tool for the MeowCorp ransomware. The ransomware had emerged after the source code for Conti was leaked last year in March and targeted around 257 victims. The decryption key can help hundreds of victims recover their files for free.
Remember the GoAnywhere MFT zero-day vulnerability that the Cl0p ransomware group had exploited to compromise over 130 organizations? This week, a data security firm confirmed that it was among those affected companies. Meanwhile, the LockBit group has set a ransom payment deadline for a SpaceX supplier following which it plans to auction the stolen 3,000 proprietary schematics of SpaceX. Besides these, researchers spotted a wave of phishing attacks that capitalized on the recent crisis at SVB to target its customers.
Coming to new threats, researchers reported the first-ever Dero cryptojacking operation that was orchestrated against exposed Kubernetes clusters. In separate news, Microsoft warned of high-volume AiTM attacks facilitated by a phishing kit from DEV-1101. In addition to these, several new malware, GoatRAT, HinataBot, and dotRunpeX to name a few, were uncovered this week in different cyberespionage campaigns across the globe.