Cyware Weekly Threat Intelligence - May 24–28

Weekly Threat Briefing • May 28, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • May 28, 2021
The Good
This section today is just like chicken soup for your cyber soul. Let's start with the security directive by DHS to pipeline companies that will assist their teams in reporting and mitigating threats to their networks. Kudos to the stakeholders for another step in the right direction. The underground cybercrime economy has been hit with yet another crackdown by French intelligence and law enforcement authorities who shut down the Le Monde Parallèle (The Parallel World) marketplace.
The U.S. Coast Guard announced the establishment of its first-ever red team under the Cyber Operational Assessments Branch to bolster the Coast Guard’s cyber defenses.
The DHS will be issuing a security directive to pipeline companies that will assist their teams in reporting cybercriminal activities within their network to mitigate threats.
The FBI is planning on sharing compromised passwords with Have I Been Pwned’s ‘Password Pwned’ service. This would enable users and admins to check for passwords that have been used for malicious intents.
The French National Directorate of Intelligence and Customs Investigations seized their third dark web marketplace, known as Le Monde Parallèle (The Parallel World).
The post-quantum cryptography standard, a years-long project by the federal government, is to be finalized later this year. It is believed that quantum computing will be able to tear through existing pubic key encryption algorithms.
The Bad
Government entities are always lucrative targets for cybercriminals because of the sensitive nature of the data handled by them. This week, the Belgian Interior Ministry was found to have been hit by a cyberespionage campaign by foreign threat actors. It seems that even though we are not talking about the SolarWinds attacks anymore, the attackers behind it are working hard on making headlines. They went ahead and targeted 150 entities across the world. It is already established that exposed databases are one of the major cybersecurity concerns in today’s time. However, organizations need to step up their security game and not leave low-hanging fruits for cybercriminals.
Fujitsu was forced to temporarily shut down its ProjectWEB SaaS platform after cyberattacks on multiple Japanese government entities, including the Ministry of Land, Infrastructure, Transport and Tourism; the Ministry of Foreign Affairs; the Cabinet Secretariat; and the Narita Airport.
Microsoft discovered the Russia-based APT29 threat actor targeting around 150 government agencies, consultants, think tanks, and NGOs in at least 24 nations. This group was responsible for the SolarWinds attack.
A cyberespionage campaign hit the Belgian Interior ministry in 2019 and was uncovered this March. Federal authorities had launched an investigation to identify the origin of the operation, which data had been hacked, and whether a foreign state was involved.
Private patient info was released to media outlets by hackers who targeted hospitals in New Zealand’s Waikato district. The attack took place last week and the hackers gained unauthorized access to documents containing names, phone numbers, and addresses of patients and staff.
Around 200,000 patients and employees of Rehoboth Mckinley Christian Health Care Services (RMCHCS) were affected due to a data breach.
Bose Corporation suffered a data breach that occurred due to a ransomware attack in March. The personal information—social security numbers, compensation information, and other HR-related information—of some of its current and former employees was accessed by the attackers.
A database belonging to Bergen Logistics remains exposed for public access without any security authentication. It includes 467,979 records, containing names, addresses, order numbers, and email addresses, all relevant to shipments and customers.
Indonesia’s government admitted to the leak of the personal data of millions of citizens on the RaidForums dark web market. The data was stolen from a national health insurance scheme Badan Penyelenggara Jaminan Sosial (BPJS).
New Threats
A novel data theft technique was discovered in 2015 which came to be known as Rowhammer. As chips are shrinking, Rowhammer attacks are getting harder to stop with another new attack technique discovered this week. We also witnessed the transformation of a wiper to malware. This new malware wants to make chaos and not money. In a new vulnerability discovery, Apple’s new M1 chips were found to be riddled with a new bug at the hardware level.