Cyware Weekly Threat Intelligence - March 6–10

Weekly Threat Briefing • Mar 10, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Mar 10, 2023
The White House unveiled its budget proposal for the fiscal year 2024, which includes $3.1 billion for cybersecurity. A portion of the allocated amount will be used to strengthen the CISA’s intelligence collection and analysis capabilities. There’s also an emergency amendment issued by the TSA in the wake of persistent threats against the aviation sector in the U.S. It requires aircraft and airport operators to improve their cyber defense, which would involve proper network segmentation and cyber policies to protect OT systems.
Meanwhile, a wave of third-party breaches through vendors and software flaws has led to several recurring incidents. While AT&T alerted its nine million customers that some of their personal data were exposed after a marketing vendor was hacked in January, the Community Health System reported that attackers got unauthorized access to patients' data by exploiting a flaw in GoAnywhere MFT. Ransomware mayhem continued throughout the week as attackers disrupted the services and IT systems of a city in Virginia and a community school in Minneapolis.
A new version of the Soul malware was spotted using a unique feature, called radio silence, to stay connected with its operators while staying under the radar. The malware variant is currently being used against government organizations in Vietnam, Thailand, and Indonesia. A piece of caution for those using DrayTek routers. It is recommended to upgrade the routers because a sophisticated HiatusRAT malware is using them to build its army of bots.