Cyware Weekly Threat Intelligence - May 23–27
Weekly Threat Briefing • May 27, 2022
We use cookies to improve your experience. Do you accept?
Weekly Threat Briefing • May 27, 2022
Collective defense strategies are the need of the hour as countries continue to deal with a wide range of cyberattacks. Taking an initiative along these lines, leaders from the U.S., India, Japan, and Australia have announced the new Quad Cybersecurity Partnership program that focuses on fortifying software, supply chain management, and user data. In parallel, the U.S. has also set up a Joint Ransomware Task Force to tackle illegal cryptocurrency activities related to ransomware.
Leaders from the U.S, Australia, India, and Japan have entered into a partnership to work together on several cybersecurity initiatives centered around fortifying software, supply chains, and user data. The Quad leaders are committed to improving the collective cybersecurity infrastructure by sharing threat information and identifying potential risks in supply chains.
Interpol and cops in Africa arrested a Nigerian man suspected of running a multi-continent cybercrime ring named SilverTerrier. The gang made use of phishing emails and social engineering tactics to steal sensitive information or wire funds to the scammer.
The U.S. has announced the launch of the Joint Ransomware Task Force, which will be headed by the CISA and the FBI. The main purpose of the task force is to disrupt ransomware activities and confiscate crypto assets routed through the blockchain.
The NCSC-U.K issued the fifth edition of its Active Cyber Defense report that revealed the rise in phishing emails masquerading as vaccine appointments. These emails were designed to harvest financial and personal information from users.
Credential stuffing attacks remained the top highlight of this week as General Motors and Zola reported the repercussions of such attacks. As a result, threat actors were able to access users' accounts and redeem gift card points. The education sector has also been asked to be on alert as reports from the FBI suggest that cybercriminals have put over 30,000 email account credentials—stolen from different colleges and universities—for sale on various dark web forums. The agency noted that these credentials can open doors for spear-phishing attacks, ransomware attacks, or other types of intrusions in the future.
Coming to new threats, a newly found Cheerscrypt malware joined the league of ransomware families targeting virtual machines. Similar to other ransomware, it employs the double extortion scheme to coerce its victims into paying the ransom. The relatively new Nokoyawa ransomware has also been improved with new features to target Windows users. Meanwhile, the ERMAC Android banking trojan has expanded its capabilities in version 2.0, enabling its operators to steal account credentials and crypto wallets from over 400 applications.