Cyware Weekly Threat Intelligence - September 06–10

Weekly Threat Briefing • September 10, 2021
Weekly Threat Briefing • September 10, 2021
The Good
Remember the HSE attack earlier this year? The Gardai confiscated all infrastructure related to the attackers. We have quite a new guidance issued by the CISA for organizations in the private and government sectors. The alert aims to reinforce cybersecurity resilience. In other news, researchers claim that training ML models on the visual representation of website code can improve the detection process of phishing websites.
The Bad
There’s no good way to say this, so here it goes - REvil is back. Two months back, the group suddenly disappeared and now its sudden reemergence is sparking concerns amongst the security community. Israel witnessed two unfortunate cyber incidents. In one of these incidents, cybercriminals stole the personal information of seven million Israelis. Talking about data theft, a hospital in Bangkok lost the personal and medical records of hundreds of thousands of patients.
A hacker allegedly stole the personal data of about seven million Israelis via a website used by different municipalities in the country. The data was stolen by hacking a website handled by municipalities. In another unfortunate cyber incident in Israel, Darkrypt actors leaked about 20TB of data containing personal details of students and lecturers at Bar Ilan University after the institution refused to pay $2.5 million in ransom.
New Threats
The week witnessed another new, massive-humongous-huge DDoS attack against Yandex, conducted by the M?ris botnet. As threat actors are evolving, so are their tactics. Ragnar Locker came up with one such extortion tactic in which they claimed to publish stolen data if victims contact law enforcement. However, we are yet to see them coming through. Coming to the topic of ransomware actors, a lot of them are paying for initial access, increasing the prevalence of initial access brokers.