Cyware Weekly Threat Intelligence - October 02–06

Weekly Threat Briefing • October 6, 2023
Weekly Threat Briefing • October 6, 2023
As part of the ongoing cyber initiatives sweeping across the federal government, the GSA, the DoD, and NASA proposed new information-sharing and incident-reporting requirements for federal contractors. One of these requirements includes the development and maintenance of SBOMs for all software used as part of a federal contract. Some prominent cybercrime takedowns have also been reported this week. One such operation dismantled a large cybercriminal network that had raked in $277 million worth of crypto assets from over 3,200 victims.
As we celebrate Cybersecurity Awareness Month, there’s a piece of warning for all those who are looking for jobs online. Scammers were found running multiple mass-scale recruitment scams to steal sensitive information and cryptocurrency from job seekers. There are new victim updates around the MOVEit data breach too; Sony and Arietis Health confirmed being targeted by the Cl0p ransomware. In another distressing news, many Fortune 1000 companies were found at risk of attacks as researchers identified nearly 100,000 internet-exposed Industrial Control Systems (ICSs).
Meanwhile, the discovery of new sets of malicious packages on open-source platforms continued to add to the burgeoning supply chain threats. In one incident, around 272 malicious Python packages were used in a campaign to steal data and cryptocurrency from targeted systems. Separately, over three dozen npm packages were deployed by cybercriminals. Furthermore, a lesser-known LightSpy malware capable of pilfering payment details from WeChat Pay was discovered by researchers. Lastly, beware of widespread stream-jacking attacks that are gaining traction on YouTube.