Go to listing page

Cyware Weekly Threat Intelligence, August 30–September 03, 2021

Cyware Weekly Threat Intelligence, August 30–September 03, 2021

Share Blog Post

The Good

In today’s good part of the news, U.S. federal agencies have been nudged to upgrade their logging capabilities to boost their cyber readiness. Italy decided that it had had enough of cyberattacks and now has taken major steps to strengthen its defenses. You can now get a new device that would give an extra layer of security to your PC against malicious USB drives. 

  • The Office of Management and Budget ordered U.S. federal agencies to reinforce logging capabilities and help the government gain visibility to their cyber readiness program within 60 days.
  • Researchers at the U.K's Liverpool Hope University developed a new device that acts as a gateway or barrier between a USB drive and a computer to scan for malicious software.
  • The U.S. Department of Justice rolled out a fellowship program designed to boost legal talent that can help in ramping up legal action against cybersecurity threats in the U.S.
  • After continuous ransomware attacks on large companies, hospitals, and institutions in Italy, the country is looking forward to its newly established cybersecurity agency and the funds received from the EU to reinforce its defenses. 


The Bad

NFTs are all the rage now, which also means that cybercriminals are trying to abuse the trend for their gains. In one such instance, the famous street artist Banksy’s website was hacked and a fake NFT of his art was sold. Last week, we had talked about how ransomware gangs were shutting down operations for good. We have a piece of not-so-good news this week. Phorphiex botnet gang announced to shut down its operations but the malware code is up for sale. In other news, both Fujitsu and Puma had some of their data uploaded on a dark web forum. 

  • Autodesk revealed that one of its servers was infected with Sunburst malware. It further assured that no customer operations or Autodesk products were sabotaged during the attack.
  • A severe flaw in Atlassian’s Confluence Server and Confluence Data Center software was subjected to mass exploitation by hackers owing to the ease of developing a weaponized exploit.
  • Sophos laid bare details about dropper-as-a-service that uses disguised legit or cracked applications on to the victim’s systems. Some services were charging just $2 for 1,000 malware installs via droppers.
  • Attackers walked off with over $29 million in cryptocurrency assets from Cream Finance. Hackers used a reentrancy attack in its flash loan feature to steal AMP tokens and ETH coins.
  • Japanese company Fujitsu confirmed that 4GB of customer data was dumped on a cybercrime marketplace called Marketo. However, the site claims it also contains company data, budget data, and other reports. About 1 GB of data from sportswear manufacturer Puma, allegedly containing source code of internal management apps, was dropped for sale on an infamous cybercrime marketplace called Marketo.
  • A cyberattack at DuPage Medical Group laid bare sensitive data such as SSNs, diagnosis codes, treatment dates, and other details for about 600,000 patients.
  • The Indonesian COVID-19 test and trace app called eHAC was found leaking the personal data of about 1.3 million travelers via an unprotected server.
  • Bangkok Airways disclosed unauthorized third-party access to its information system that exposed sensitive records, including contact information, passport information, travel history, and credit card data, after a ransomware attack.
  • Operators of the Phorpiex botnet announced to close their operations and priced the malware source code to sell it on a dark web cybercrime forum.
  • An attacker intruded into the site of the artist Banksy and sold a fake NFT worth $336,000. The money has, however, been returned by the hacker.  


New Threats

This week brought along some vicious new threats in the form of new malware, scams, and vulnerabilities. A set of 16 vulnerabilities have been found to impact Bluetooth connectivity across millions of devices. A credential phishing scam has been spotted leveraging open redirector links, warned Microsoft. On the malware front, a new Mirai strain is being disseminated to conduct DDoS attacks. 

  • A newly discovered malware family, PRIVATELOG, and its installer, STASHLOG, have been found relying on the Common Log File System (CLFS) to conceal a second-stage payload in registry transaction files.
  • Academics discovered BrakTooth, a suite of 16 vulnerabilities, that impacts the Bluetooth software across billions of devices from Microsoft, Dell, and several Qualcomm-based smartphone models.
  • Researchers at TU Dresden, Germany, discovered that AMD’s Zen processor family is vulnerable to a Meltdown-like attack, enabling malware infection, unauthorized access, and more.
  • Scammers were observed distributing bogus emails about license renewal, missing information, and expiration in a phishing scam propagating across the U.S.
  • A new credential phishing campaign is using open redirector links in emails to trick users into visiting lookalike pages for legitimate services, such as Office 365, warned Microsoft.
  • A new variant of the Mirai botnet is being used in the wild to exploit a known command injection vulnerability affecting WebSVN. The main purpose of this new version of the botnet is to perform a variety of DDoS attacks.
  • A critical flaw in Microsoft Exchange Server, dubbed ProxyToken, can be abused to configure options of user mailboxes while defining the email forwarding rule, leading to email theft.
  • Intel 471 uncovered a new trend wherein cybercriminals are now acquiring native English-speaking talents to make their BEC scams more effective and persuasive.
  • A new financially motivated malware campaign by the FIN8 threat actor group was found distributing the Sardonic malware - a newer version of BADHATCH malware.

?

 Tags

dupage medical group
autodesk
braktooth vulnerabilities
sardonic backdoor
privatelog malware
phorpiex botnet
dropper as a service
mirai botnet
proxytoken vulnerability
cream finance
bangkok airways

Posted on: September 03, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.