Cyware Weekly Threat Intelligence - September 13–17
Weekly Threat Briefing • Sep 17, 2021
We use cookies to improve your experience. Do you accept?
Weekly Threat Briefing • Sep 17, 2021
The Good
This week’s newsletter brings its share of good news. A ransomware decryptor came as a welcome gift for the victims of REvil ransomware. The U.S., the U.K, and Australia made a historic pact to collaborate on cybersecurity capabilities and several other critical technology areas.
The U.K, the U.S., and Australia announced a trilateral security and defense agreement. Named AUKUS, the pact requires the nations to collaborate in areas such as AI, quantum computing critical technology, cyber capabilities, and defense-related supply chains.
Microsoft announced that users will no longer have to memorize or save passwords as it plans to go passwordless for Microsoft accounts in the coming weeks.
Bitdefender released a free master decryptor against REvil ransomware, which enables victims encrypted before July 13 to recover their files for free.
Under the Mutually Agreed Norms for Routing Society (MANRS), the Internet Society announced to launch an Equipment Vendor Program. This program aims to decrease the most common threats to the internet routing system.
A six-kilometer-long optical fiber with a hollow core has been found to be effective in conducting Quantum Key Distribution (QKD). The QKD protocol is unhackable and can efficiently protect sensitive data from intruders.
The Bad
The week won't be complete without mentioning attacks on healthcare facilities. A cyberattack in May resulted in the exfiltration of all patient data from Desert Wells Family Medicine. The threat of unsecured databases has not been eliminated yet as evident from the leak of 61 million users' data because of an exposed database at GetHealth. Also, Olympus suffered a ransomware attack by the infamous BlackMatter threat actor and its networks were knocked offline.
Desert Wells Family Medicine reportedly lost all data—names, birth dates, addresses, billing account numbers, medical record numbers, and treatment information— entered into its EHR systems due to a cyberattack in May. In another incident, LifeLong Medical underwent a series of ransomware attacks that affected the personal data of over 100,000 patients.
Customer care giant TTEC was hit by a suspected ransomware attack launched by the Ragnar Locker gang. The group is known for demanding millions of dollars in ransom.
The Anonymous hacktivist group claimed to have pilfered about 180GB of data from web hosting provider Epik. The stolen data includes sensitive records of the provider’s clients and their domains.
Experts uncovered a phishing scam wherein hackers masqueraded as officials from the U.S. Transportation Department to acquire login credentials of targeted firms. The Department of Justice and Constitutional Development of South Africa suffered a ransomware attack that knocked off several of its IT services, including the national bail services.
An unsecured database at GetHealth exposed the health-related data of over 61 million users, pertaining to wearable technology and fitness services, including Fitbit, Google Fit, and Strava.
The U.S. FTC released alerts against fraudsters imitating potential romantic partners on online dating apps to carry out extortion targeting the LGBTQ+ community.
An attack by the BlackMatter ransomware group against Olympus servers crippled its computer networks across Europe, Middle East, and Africa.
A long-running campaign against the aviation sector has finally been linked to a Nigerian threat actor. Dubbed Operation Layover, the campaign has been running for at least two years.
New Threats
This week presented us with Operation Harvest, a long-term cyberespionage campaign by a Chinese threat actor. The attackers had been able to stay undetected for quite some time. In another vein, Grief ransomware has followed the footsteps of Ragnar Locker and became the second gang threatening to leak all stolen data if victims contact data recovery experts. The ZLoader trojan is back in a new campaign leveraging fake Google ads.