Cyware Weekly Threat Intelligence - May 17–21

Weekly Threat Briefing • May 21, 2021
Weekly Threat Briefing • May 21, 2021
The Good
As we wait for the return of normalcy in our lives, we need good things in life. Like the smell of freshly brewed coffee and the news of ransomware gangs shutting down operations. Yes, that happened! Another notorious ransomware actor shut down shops and we are cheering! In other news, the CISA announced a new initiative to tackle security flaws a layer beneath the operating system.
The Bad
However, the respite is short-lived. The week saw an unnerving case of mixed-up video feeds because of an internal server flaw. Although poorly secured databases keep getting buried under other attacks, they continue to be a massive pain point for organizations. More than 20 apps were found leaking the personal information of tens of millions of users. It will be an injustice to end this blurb without talking about scams. This time families of missing people came under the radar of scammers.
New Threats
Leaked source codes serve as a base for the development of many new malware strains. One such instance this week was the new Simps botnet built using the codes of Mirai and Gafgyt. The MountLocker ransomware got a pretty nasty update and has come back with enhanced capabilities. Also this week, Magecart threat actors made news (again).