Cyware Weekly Threat Intelligence, May 10 - 14, 2021

Weekly Threat Briefing • May 14, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • May 14, 2021
The Good
Good cybersecurity comes by putting the right strategies and processes into practice and the U.S. government is taking steps to bolster the cybersecurity posture of various public sector organizations. With a new presidential executive order, the country has rolled out several proactive measures to bolster its cybersecurity defense systems. On the other side of the pond, the U.K's NCSC announced a cyber threat warning tool to enable proactive security measures.
The U.S. President has signed an executive order on strengthening the country’s cybersecurity defenses. The order comes as a response to the recent SolarWinds and other significant attacks carried out by foreign threat actors.
Google, Mozilla, and security firm Cure53 are in the process of developing an API that sanitizes HTML input strings and prevents cross-site scripting (XSS) attacks. The API will be integrated into future versions of Mozilla Firefox and Google Chrome browsers.
The U.K’s National Cyber Security Center has announced a free cyber threat warning tool that gives timely notification about possible incidents and security issues. The tool, called Early Warning, is the latest Active Cyber Defence service from the NCSC.
The Bad
Well, all is not good in the cyber threat landscape as long as ransomware gangs continue to wreak havoc on organizations. This week, the threat just grew stronger as two big organizations ended up paying ransoms amounting to millions of dollars to recover decryption keys. What’s worse is that researchers dug up data leak sites of 34 ransomware groups that included data for 2,103 organizations, which emphasizes the scale of this threat.
The University of California confirmed being affected by the breach involving the Accellion FTA service. As a result, the hackers accessed a heap of personal information on students, current and former employees, and other individuals who participated in UC programs.
Babuk ransomware claimed to breach and steal PII of employees, product schematics, financial data, and more from Yamabiko. In other ransomware attacks, two business giants —Colonial Pipeline and Brenntag—reportedly paid over $4 million each in return for decryption keys. Additionally, Volue, a Norwegian software company, reportedly became a victim of a ransomware attack that led to the shut down of the affected applications.
Medical records of roughly 200,000 U.S. military veterans were exposed online by United Valor, a North Carolina-based firm working for the Veterans Administration.
The City of Tulsa was crippled by a ransomware attack, impacting the government’s network and knocking off their official websites offline. Moreover, Ireland’s Health Service Executive (HSE) was forced to shut down its computer systems after it suffered a cyberattack. The attack is being characterized as a ransomware hack
A group of researchers tracked down data leak sites for 34 ransomware groups who have, so far, leaked the data for 2,103 organizations.
Microsoft warned about a massive BEC campaign that targeted over 120 organizations across industries with a gift card scam that involves typo-squatted domains.
A cryptocurrency scam that hit some members of Reddit’s WallStreetBets forum resulted in a loss of $2 million. Criminals misled people in a fake transaction on Telegram.
ATC Transportation experienced a data incident involving theft of personal information of some current and former employees and applicants.
New Threats
Adding more headache for researchers, a new Android banking trojan called TeaBot and the new Lorenz ransomware were spotted in new campaigns across several countries to accomplish their operators’ malicious motives. Last but not least, WiFi devices are now at more risk as the new FragAttacks come under the scrutiny of security experts.