Cyware Weekly Threat Intelligence, November 07 - 11, 2022

Weekly Threat Briefing • November 11, 2022
Weekly Threat Briefing • November 11, 2022
Fighting cybercrime in today’s evolving threat landscape requires better visibility into attackers’ behavior. Keeping this in mind, MITRE Engenuity’s Center for Threat-Informed Defense has released an updated version of the Attack Flow project to boost the defense capability of organizations. In another development, a group of researchers has come up with a way to create One-Time Programs (OTPs) that could be used to prevent brute-force attacks.
Cybercriminals are always on the lookout for taking advantage of the latest events or trends and target as many users as possible. This week, Twitter was the target of multiple attacks, with one of them being aimed at high-profile personalities to steal their Blue Tick status and promote various scams. Meanwhile, a classic extortion scam against Magento merchants was reported, with attackers threatening to release the stolen data unless a ransom of $3,000 was paid. In another update, Medibank disclosed that the ransomware attack on its systems affected the personal information of over 9.7 million Australians.
LockBit 3.0 operators have got a new carrier in the form of Amadey Bot to deploy the ransomware on targeted machines. Previously, the ransomware was distributed via emails using various lures. There was also a spike observed in the distribution of Android banking trojans. While a group of five malware—Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy—was deployed via phishing emails to target customers from seven banks in India, the Vultur malware was seen propagating via fake utility apps that garnered over 100,000 downloads across the globe.