Go to listing page

Cyware Daily Threat Intelligence, May 10, 2022

Cyware Daily Threat Intelligence, May 10, 2022

Share Blog Post

Recovering from ransomware attacks is unarguably one of the most challenging steps as it involves people, processes, and tools to contain the infection. However, the recovery becomes difficult when it costs a bomb. The recuperations proved hard for a college in Central Illinois that is on the brink of closure after serving for around 150 years. 

An unpatched flaw has always served threat actors in accomplishing their malicious attempts and this time, researchers reported active exploitation of a critical vulnerability found in the F5 BIG-IP systems. A massive phishing campaign aimed at several German organizations in the automotive sector was also unearthed by researchers that distributed various types of info-stealing malware.  


Top Breaches Reported in the Last 24 Hours


Lincoln College to close
Lincoln College is on the brink of closure amid efforts to recover from a ransomware attack that occurred in December 2021. The 150-year-old college was hit by ransomware on December 19 and this affected its IT systems from recruitment, retention, and fundraising departments. The system outage lasted for one and a half months.  

RuTube site targeted
Hackers hacked and defaced Russian TV to show pro-Ukrainian messages. Additionally, RuTube video streaming site announced that its site went offline after suffering a cyberattack. Visitors were shown a message stating that the ‘site is undergoing technical work.’ However, the service says that all user content and data remain untouched by the attackers. 

Costa Rica government agencies targeted
The recent Conti ransomware attack spurred a state of emergency in Costa Rica. Following the attack, the threat actors leaked the data that they claimed to have stolen in the breach. The incident has impacted the Ministry of Labor and Social Security, the Ministry of Science, Innovation, Technology and Telecommunications, and the National Meteorological Institute, among others. 

Phishing email targets German organizations
Several German organizations in the automotive sector were targeted in a month-long phishing campaign. The attacks were designed to deploy various types of info-stealing malware. The threat actors behind the operation registered multiple lookalike domains so that they can be used later to send phishing emails.  

Top Vulnerabilities Reported in the Last 24 Hours


Microsoft mitigates SynLapse flaw
Microsoft has mitigated a security flaw affecting Azure Synapse and Azure Data Factory. It could be successfully exploited to launch remote code execution attacks. Tracked as CVE-2022-29972 and codenamed SynLapse, the flaw was first reported in January. The issue stems from the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR). 

F5 BIG-IP system flaw exploited 
Threat actors are actively exploiting a remote execution flaw found in F5 BIG-IP systems. It is one of the flaws that was patched by the vendor recently, along with 43 other vulnerabilities. Tracked as CVE-2022-1388, the critical flaw has a CVSS score of 9.8. 

Top Scams Reported in the Last 24 Hours


NCSC takes action against scams
The National Cyber Security Center (NCSC) revealed that it removed a total of 2.7 million scams, illicit domains, and phishing services in 2021. In one incident, the NCSC highlighted that it stopped potential victims from parting away with £5 million in a scam that also asked for their personal information. Additionally, over 1,400 NHS-themed phishing campaigns were taken down by the NCSC. 

 Tags

central illinois
rutube video streaming site
lincoln college
synlapse
costa rica
f5 big ip systems

Posted on: May 10, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.