Cyware Weekly Threat Intelligence, September 27-October 01, 2021

Weekly Threat Briefing • Oct 1, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Oct 1, 2021
The Good
October is finally here! Temperatures are finally cooling down, but cybersecurity is officially heating up as '18th National Cybersecurity Awareness Month' kicks off. To start with some great initiatives, the CISA along with other law enforcement agencies have released self-assessment tools and solutions to protect organizations against insider threats and VPN attacks respectively. In other news, the UK government has launched a new emergency hotline to tackle surging financial scams in the country.
A new emergency hotline has been launched to tackle the rising financial scams in the U.K. The service will work in a similar way to non-emergency police or NHS services.
The CISA has launched multiple prevention and detection tools as well as solutions to mitigate the rising risk of insider threats and attacks on VPNs. Additionally, they have released guidance on securing critical assets.
The Security Service of Ukraine (SSU) experts took down an illegitimate network of call centers located in Lviv following the discovery of a scam. The perpetrators behind this scam used covert channels to get in touch with customers and deceived them in a fraudulent scheme for investing in cryptocurrency.
The Bad
There were some bad moments in the cyber ecosystem which made organizations more alert and proactive in securing their systems. New threat actors, named Wintervivern and ChamelGang, with distinguished capabilities were spotted by researchers. Ransomware threat actor groups expanded their scope by launching attacks against hundreds of bookstores across Europe.
A data breach at FarFaria resulted in the leak of 38 GB of data due to a misconfigured MongoDB database.
Researchers detected several sophisticated cyberespionage campaigns from new threat actor groups, namely Wintervivern and ChamelGang. While the former targeted European governments, the latter was held responsible for attacks on an energy company.
Around 15 Russian financial organizations were targeted in DDoS attacks between August and September this year. While the attacks were serious, the attackers failed to disrupt the performance of credit institutions.
Hundreds of bookstores across multiple countries in Europe were crippled following a ransomware attack. The impacted store chains include Libris, Aquarius, Malperthuis, Donner, Atheneum, and Bookhandels.
The Conti ransomware gang claimed attacks on JVCKendwood by stealing 1.7TB of data. The gang further went on to upgrade its tactic by hiring affiliates to demolish backups.
Transportation organizations such as Forward Air and Navistar were affected in different security breach incidents that affected the sensitive details of their customers and employees.
New Threats
The discovery of new malware also raises the security concern of organizations. Among the new malware uncovered this week includes Tomiris, FoggyWeb, and Sarwent. The Mirai and FormBook also got a makeover to launch more sophisticated attacks.