Cyware Weekly Threat Intelligence - May 31–04

Weekly Threat Briefing • Jun 4, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jun 4, 2021
The Good
Ransomware has become a scourge that is not going away anytime soon. As many organizations are not prepared to respond to such threats, the active involvement of law enforcement authorities can be a major help. Along similar lines, the U.S. Department of Justice has taken steps to prioritize ransomware-related investigations. Public schools are having a hard time with ransomware threats too. Now, IBM has announced a grant to aid K-12 schools in bolstering their defenses.
The U.S. DOJ seized two C&C and malware distribution domains that were used as part of a recent phishing attack against the U.S. Agency for International Development (USAID).
IBM announced a $3 million grant to U.S. public K-12 schools to help school officials bolster their defenses while proactively responding to cyberattacks, especially by ransomware operators.
Under its Operation HAECHI-I, Interpol claimed to intercept $83 million in funds from being transferred from victims' accounts to the attackers behind various financial cybercrimes.
The U.S. Department of Justice announced to elevate investigations of ransomware attacks to a similar priority as terrorism in the wake of the recent attacks on critical infrastructure and government agencies.
Microsoft brought together 15 policy makers across seven Asia Pacific markets, including South Korea, Singapore, Indonesia, to enable threat intelligence sharing amongst their respective public sectors.
The Bad
Cyberattacks are bad. Period. But, attacks on food supply chains are the worst! The FBI finally found the Sodinokibi gang responsible for the deleterious attack on JBS Foods. After the Scripps Health attack, another hospital network fell victim to a ransomware attack and had to resort to pen and paper. A notable scam—Walmart phishing campaign—has been observed that aims to steal credentials for identity theft.
An unprotected Elasticsearch database caused AMT Games to accidentally leak profiles of nearly six million players associated with the “Battle for the Galaxy” game. The database contained 1.5TB of data.
A misconfigured database, containing names, IP addresses, and payment information of the customers, belonging to DDoS-Guard was put on sale on a cybercrime forum. The entire set is being auctioned off at a starting price of $350,000.
The FBI held the Sodinokibi ransomware group responsible for the attacks on JBS Foods. The attack impacted production plants located in the U.S., Australia, and Canada.
Google ads are being infected with malicious packages of AnyDesk, Dropbox, and Telegram apps to distribute Redline, Taurus, Tesla, and Amadey trojans.
The Swedish Public Health Agency shut down SmiNet after being the target of several hacking attempts. No evidence of unauthorized parties accessing sensitive information has been found so far; investigation ensues.
A subscribe-unsubscribe spam campaign is making the rounds, attempting to confirm valid email accounts that can used in future phishing and spam campaigns. These emails ask the recipients to subscribe or unsubscribe from an unnamed service.
A Walmart phishing campaign is underway that attempts to steal users’ personal information. The ultimate goal of the campaign is to collect information to conduct identity theft attacks.
The U.K’s largest independent furniture retailer, Furniture Village, confirmed being hit by a cyberattack. Backend systems, including delivery, phones, and payments systems, still suffer outage.
The Steamship Authority, Massachussets’ largest ferry service, was hit by a ransomware attack, disrupting some operations.
UF Health Central Florida witnessed a blow to its IT network caused due to a ransomware attack. UF Health The Village Hospital and UF Health Leesburg Hospital are incapable of accessing their computer systems and email because of the attack.
New Threats
While last week we witnessed Nobelium’s attempts to create headlines with new attacks, this week the group went a step further by using a poisoned update installer. Antivirus solutions now have a new enemy in the form of two new attack techniques - Cut-and-Mouse and Ghost Control. Let’s end this section by informing you of two emerging ransomware, called Prometheus and Grief. These two groups have already made their name in the cybercrime world with numerous attacks in recent months.