Cyware Weekly Threat Intelligence - August 12–16
Weekly Threat Briefing • Aug 16, 2024
We use cookies to improve your experience. Do you accept?
Weekly Threat Briefing • Aug 16, 2024
In a landmark move, the UN has unanimously passed its first-ever cybercrime treaty, laying the groundwork for a unified global response to cyber threats. This historic treaty, now headed to the General Assembly for final approval, empowers authorities to access electronic evidence across borders, marking a significant step toward enhanced international cybersecurity collaboration. NIST has set a new milestone by formalizing the world’s first post-quantum cryptography standards. Designed to protect against the impending quantum computing era, these standards ensure data integrity in the face of future quantum threats.
NIST formalized the world's first post-quantum cryptography standards to protect systems and data from future quantum threats. The new NIST standards aim to help organizations transition to quantum-secure encryption before this occurs. Three post-quantum cryptography standards have been finalized by NIST after public consultation. These include a key-encapsulation mechanism standard, a lattice-based digital signature standard, and a stateless hash-based digital signature standard. These standards contain the computer code for encryption algorithms and instructions for implementation on various devices.
The FBI announced the dismantling of the Radar/Dispossessor ransomware operation, which targeted small to mid-sized businesses and organizations across the U.S., Europe, and other regions. The group, possibly formed by former LockBit affiliates, used similar tactics and infrastructure. Law enforcement agencies in the U.S., the U.K, and Germany collaborated to take down servers and domains associated with the group.
The White House and the DHS are teaming up on an $11 million initiative to understand the use of open-source software in critical infrastructure and enhance its security. The effort, known as the Open-Source Software Prevalence Initiative, aims to identify open-source software components in areas like healthcare, transportation, and energy production for better national cybersecurity. Recommendations from the cybersecurity community include securing package repositories, strengthening the software supply chain, increasing education initiatives, and replacing legacy software.
FortiGuard Labs uncovered a persistent ValleyRAT malware campaign specifically targeting Chinese-speaking users. Researchers detected a new variant of the Gafgyt botnet, which exploits machines with weak SSH passwords to expand its network and mine cryptocurrency using GPU power. Google’s Pixel devices were found to have shipped with a dormant app called Showcase.apk, which exposes them to potential security risks.
In the realm of new threats, Sophos identified the new EDRKillShifter tool being used by cybercriminals in a recent attempted ransomware attack. This tool is engineered to disable endpoint protection software by exploiting vulnerable drivers. Microsoft's August 2024 Patch Tuesday update addressed 90 vulnerabilities across various products, with seven classified as critical. CERT-UA issued a warning about a new phishing campaign that impersonates the Security Service of Ukraine to distribute the ANONVNC malware, enabling unauthorized access to infected computers.