Cyware Weekly Threat Intelligence, November 07 - 11, 2022

Weekly Threat Briefing • Nov 11, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Nov 11, 2022
Fighting cybercrime in today’s evolving threat landscape requires better visibility into attackers’ behavior. Keeping this in mind, MITRE Engenuity’s Center for Threat-Informed Defense has released an updated version of the Attack Flow project to boost the defense capability of organizations. In another development, a group of researchers has come up with a way to create One-Time Programs (OTPs) that could be used to prevent brute-force attacks.
The U.S. Department of Defense will publish a zero-trust strategy in the coming days, with a new look to achieve a new level of cybersecurity. The strategy comprises more than 100 activities, with suggestions to keep critical data secure.
The European Parliament has approved new cybersecurity rules to protect essential sectors such as energy, transport, banking, health, digital infrastructure, and public administration against cyber threats. This comes following the deteriorating security environment due to the Russia-Ukraine war.
MITRE Engenuity’s Center for Threat-Informed Defense (CTID) released an updated version of the Attack Flow project, which would allow defenders to gain better visibility into a potential threat. The project will help enable security teams to easily describe, display, and share sequences of adversary behavior.
A team of scientists from Johns Hopkins University and NTT Research proposed a new approach to build One-Time Programs (OTPs) using commodity hardware found in mobile phones and cloud computing services. Such programs are purported to have multiple uses, including the prevention of brute-force attacks and the strengthening of various authentication methods.
Cybercriminals are always on the lookout for taking advantage of the latest events or trends and target as many users as possible. This week, Twitter was the target of multiple attacks, with one of them being aimed at high-profile personalities to steal their Blue Tick status and promote various scams. Meanwhile, a classic extortion scam against Magento merchants was reported, with attackers threatening to release the stolen data unless a ransom of $3,000 was paid. In another update, Medibank disclosed that the ransomware attack on its systems affected the personal information of over 9.7 million Australians.
In an update on its data breach disclosure, Australian private health insurance provider Medibank revealed that the personal information of more than 9.7 million Australians was stolen in a ransomware attack last month. A ransomware gang known as BlogXX took credit for the attack and demanded a $10 million ransom payment. Since the firm refused to pay, the gang began leaking the stolen sensitive details of customers’ medical procedures on the dark web.
Researchers revealed that administrators of Magento-based online stores are being targeted in a classic extortion scam. The administrators are threatened with a message to release their companies’ data unless a ransom of $3,000 is paid.
Trend Micro researchers found a rise in the use of DeimosC2 framework among cybercriminals. The framework is being used as an alternative for the Cobalt Strike beacon to interact with victim computers.
Ukraine’s CERT detected a new spear-phishing campaign associated with the Armageddon group. The attackers posed as Ukraine’s SSSCIP agency to target Ukrainians.
Ukrainian hacktivists claimed to breach the Central Bank of Russia, stealing around 2.6 GB of files. The files contained details of the bank’s operations, its security policies, and the personal data of employees.
The LockBit ransomware group was found selling files stolen from German car parts giant Continental for $50 million. The hackers claim to have stolen a total of 40 GB of files and screenshots.
Cybercriminals are leveraging Twitter’s new $8 Blue Tick program to trick users into following their fake accounts that are peddling various kinds of scams. They are impersonating notable personalities and organizations to be granted a verified status.
In another incident, a fraud network made up of thousands of bogus Twitter accounts was found impersonating legitimate NFT stores to swindle users out of their cryptocurrency assets. These fake accounts prompted victims to share access to their wallets under the guise of minting a new NFT.
Online gamers were the target of a massive phishing campaign that leveraged YouTube videos offering cracked software for popular games. These cracked software distributed info-stealing malware to steal passwords, cookies, autofill information from browsers, and cryptocurrency wallet information.
Around 15,000 sites were compromised in a massive black hat SEO campaign that redirected visitors to false Q&A discussion forums. Security researchers believed that the goal of the threat actors was to generate enough indexed pages to increase the authority of the fake Q&A sites.
The FBI warned against tech support scammers impersonating financial institutions’ refund payment portals to gain remote access and harvest sensitive information from victims’ systems. The scam begins with attackers sending emails that ask victims to contact the attackers to claim a refund from a service.
LockBit 3.0 operators have got a new carrier in the form of Amadey Bot to deploy the ransomware on targeted machines. Previously, the ransomware was distributed via emails using various lures. There was also a spike observed in the distribution of Android banking trojans. While a group of five malware—Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy—was deployed via phishing emails to target customers from seven banks in India, the Vultur malware was seen propagating via fake utility apps that garnered over 100,000 downloads across the globe.