Cyware Weekly Threat Intelligence, November 23 - 27, 2020

Weekly Threat Briefing • Nov 27, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Nov 27, 2020
The Good
Cybercrimes may be financially beneficial to adversaries, however, sometimes they pay a price for their criminal activities. Threat actors have been arrested on several occasions this week. Three Nigerian nationals were arrested for participating in BEC scams. Congress passed a significant cybersecurity bill regarding the safeguarding of 5G wireless networks.
A joint investigation by Interpol, Nigeria Police, and Group-IB led to the arrest of three Nigerian nationals suspected of participating in a huge BEC ring. The scam involved 26 different malware and around 50,000 victims have been identified so far.
The cyberworld witnessed a new development when the Government Accountability Office in the United States made recommendations that policymakers should consider the creation of cybersecurity standards to guarantee a safe rollout of 5G wireless networks.
Congress passed a cybersecurity bill aiming to enhance the safeguards of IoT devices. The bill encourages the notion of protecting federal agencies and leveraging the purchasing power of the federal government to encourage manufacturers to assume the same benchmarks.
The Bad
It is not all sunshine and rainbows in the cyberworld. This week threat actors launched several successful attacks on Peatix and Belden. Moreover, unprotected databases have become a huge issue since cyber criminals take every advantage of those, as the case with Spotify.
Baltimore County Public Schools suffered a ransomware attack, resulting in shutting down of all the schools. The attack crippled the school network system. However, the ransom money demanded has not been disclosed by the school authorities yet.
Security firm Sophos is contacting a small subset of its customers about a security breach that occurred due to a misconfiguration issue. The exposed information includes the first name, last name, email address, and contact phone number of customers.
Belden suffered a data breach that affected the data of some current and former employees, as well as limited company information. However, the firm revealed that the breach did not impact production in manufacturing plants, quality control, or shipping.
Another data breach at Peatix impacted the data of more than 4.2 million registered users. The user data was accessed by the threat actor via ads posted on Instagram stories, Telegram channels, and several other hacking forums.
Pickle Finance fell victim to a hack that resulted in the loss of about $20 million associated with users’ funds in DAI tokens. The attackers exploited the vulnerability in DAI PickleJar using fake swaps.
Over 380 million records belonging to Spotify service were leaked via an unprotected Elasticsearch database. However, the origin of the database is unknown.
Ransomware gangs are targeting tax software files in an attempt to harvest highly sensitive data. The most prominent ransomware families involved in this scam include Mount Locker and LockBit.
Louisiana State University medical centers underwent a cyberattack, exposing thousands of patient data. The exposed data is suspected to consist of patient names, medical record numbers, dates of birth, SSNs, account numbers, and insurance identification numbers, among others.
The personal and health information of more than 16 million Brazilian COVID-19 patients were leaked online. This was caused by a hospital employee who uploaded a spreadsheet on GitHub containing usernames, passwords, and access keys to sensitive government systems.
New Threats
New malware, namely WAPDropper grabbed the limelight this week. The TrickBot gang keeps on innovating and evolving with the launch of its hundredth version. Furthermore, multiple smart doorbells have been uncovered to have critical bugs.