Cyware Weekly Threat Intelligence - October 11–15

Weekly Threat Briefing • Oct 15, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Oct 15, 2021
The Good
Federal agencies have amped up their cybersecurity defenses as cybercriminals continue to run rampant. The CISA issued a guide that federal agencies can follow to secure their networks and block unauthorized remote users. In this week’s update of who arrested who, Ukrainian law enforcement arrested an individual responsible for turning thousands of devices into a botnet.
The U.K's NCSC released updated guidance for employees using their personal devices for work. It encompasses the zero trust architectural approach and security challenges with BYOD.
The White House sanctioned an order allowing the CISA to assess existing endpoint security deployments across federal agencies.
The CISA released a new guidance document for federal agencies on how to secure networks while blocking remote users from illegally accessing internal resources.
The Australian government laid out its Ransomware Action Plan, featuring a new set of standalone criminal offenses for ransomware actors, including those who target critical infrastructure.
Ukrainian police detained a cybercriminal accused of turning 100,000 devices into a botnet to launch DDoS attacks and other malicious activities on behalf of his clients.
Researchers at Purdue University created a self-aware algorithm that can fend off hacking attempts. This model sends one-time signals to each component and converts them into active monitoring systems.
The Bad
The education sector continues to be a lucrative target for threat actors as certain miscreants disabled the IT systems of the University of Sutherland. In a concerning turn of events, security agencies confirmed silent attacks on three water and wastewater treatment facilities in the U.S. And, Olympus fell again as unknown hackers took down its IT systems.
Thingiverse, a platform for sharing user-created digital design files, exposed a 36GB MySQL database containing 228,000 unique email addresses and user PII.
The University of Sutherland in the U.K was hit by a cyberattack that tore down its IT systems. Online lectures remain inaccessible.
According to a new report from Approov, APIs used in Fast Healthcare Interoperability and Resources (FHIR) apps are vulnerable to abuse, putting 4 million patient and clinician records at risk.
A misconfigured Elasticsearch storage blob at Brazilian e-commerce firm Hariexpress exposed about 1.8 billion records, containing PII of customers as well as sellers.
Unknown hackers allegedly targeted Olympus, forcing it to shut down its IT systems in the U.S, Latin America, and Canada.
Microsoft reported a 2.4 Tbps DDoS attack via a botnet composed of about 70,000 devices, targeted at an Azure customer in Europe.
Oregon Eye Specialists laid bare personal, financial, and medical information of customers in a breach involving unauthorized activity on employee email accounts.
A joint advisory by the FBI, CISA, NSA, and EPA revealed that hackers attacked three U.S. water and wastewater treatment facilities this year. The attacks hit facilities in Nevada, Maine, and California in March, July, and August, respectively.
A ransomware attack against the Hillel Yaffe Medical Center in Israel forced it to cancel non-urgent procedures as IT systems were disabled.
Acer confirmed being hit by a security breach after hackers put over 60GB of company data, including customer details and login information, on sale on an infamous underground forum.
New Threats
Another ransomware emerged to warn victims against seeking help from law enforcement. Dubbed Yanluowang, this ransomware family has launched highly targeted attacks against large enterprises. The FreakOut botnet is on its mission to compromising as many systems and deploying cryptominers. A new ALPACA TLS attack is being conducted due to wildcard TLS certificates. The warning came from the NSA.