Cyware Weekly Threat Intelligence - September 06–10
Weekly Threat Briefing • Sep 10, 2021
We use cookies to improve your experience. Do you accept?
Weekly Threat Briefing • Sep 10, 2021
The Good
Remember the HSE attack earlier this year? The Gardai confiscated all infrastructure related to the attackers. We have quite a new guidance issued by the CISA for organizations in the private and government sectors. The alert aims to reinforce cybersecurity resilience. In other news, researchers claim that training ML models on the visual representation of website code can improve the detection process of phishing websites.
Kaspersky released a safety guide for Android users detailing how alternative downloading or installation of apps from stores other than Google Play jeopardize their data and money.
A paper published by security researchers from the University of Plymouth and the University of Portsmouth found a way to speed up the detection of phishing websites. According to the paper, ML models trained on the visual representation of website codes can enhance the accuracy and speed of the process.
The Biden Administration released multiple documents that serve as guidelines for agencies to implement cybersecurity architectures by the end of fiscal 2024. The documents will be out for public comment from October 01.
The Irish Gardai confiscated the cyberinfrastructure of the group involved in the HSE cyberattack earlier this year. Officials seized domains via which hackers made 753 attempts via ICT systems worldwide.
A Ukrainian individual has been indicted by the U.S. Department of Justice for brute-forcing computer login credentials and then selling them in underground marketplaces.
The CISA published new guidelines for both private and government organizations to follow while outsourcing to managed service providers. This guidance is aimed at boards of directors and senior executives, network and system administrators, and procurement professionals.
The Bad
There’s no good way to say this, so here it goes - REvil is back. Two months back, the group suddenly disappeared and now its sudden reemergence is sparking concerns amongst the security community. Israel witnessed two unfortunate cyber incidents. In one of these incidents, cybercriminals stole the personal information of seven million Israelis. Talking about data theft, a hospital in Bangkok lost the personal and medical records of hundreds of thousands of patients.
A hacker allegedly stole the personal data of about seven million Israelis via a website used by different municipalities in the country. The data was stolen by hacking a website handled by municipalities. In another unfortunate cyber incident in Israel, Darkrypt actors leaked about 20TB of data containing personal details of students and lecturers at Bar Ilan University after the institution refused to pay $2.5 million in ransom.
A cybercriminal, allegedly from the Groove ransomware gang, dumped approximately 500,000 Fortinet VPN login credentials on a hacker forum and a telegram channel for free.
Personal and medical records of over 40,000 patients at Bhumirajanagarindra Kidney Institute Hospital, Bangkok, were stolen by a cybercriminal. A similar incident impacted Phetchabun Hospital last Sunday.
An unidentified hacker group hijacked a Russian government website and launched Bitcoin giveaway scams, wherein they asked users to install an application to qualify for schemes.
A massive DDoS attack hobbled Australia and New Zealand Banking Group’s New Zealand site and NZ Post due to an issue at one of its third-party providers.
Researchers noted that the leak site and other sites connected to the REvil ransomware group are back online, suggesting the group’s resurgence after it disappeared following the Kaseya attack.
Days after eHAC’s leak in Indonesia, another COVID-19 tracking app in the country named PeduliLindungi exposed personal data and vaccination information of residents, including that of the President.
A security misconfiguration in the storage servers of Texas Right to Life laid bare the personal data of at least 300 job applicants, via their resumes.
The visa website of the French government experienced a foreign intrusion that led to the exposure of personal data of about 8,700 users. Authorities denied the leak of any sensitive details.
The United Nations admitted to having suffered a data breach in April. Intruders accessed its networks, leading to further intrusions.
New Threats
The week witnessed another new, massive-humongous-huge DDoS attack against Yandex, conducted by the M?ris botnet. As threat actors are evolving, so are their tactics. Ragnar Locker came up with one such extortion tactic in which they claimed to publish stolen data if victims contact law enforcement. However, we are yet to see them coming through. Coming to the topic of ransomware actors, a lot of them are paying for initial access, increasing the prevalence of initial access brokers.