Go to listing page

Cyware Weekly Threat Intelligence, May 24–28, 2021

Cyware Weekly Threat Intelligence, May 24–28, 2021

Share Blog Post

The Good

This section today is just like chicken soup for your cyber soul. Let's start with the security directive by DHS to pipeline companies that will assist their teams in reporting and mitigating threats to their networks. Kudos to the stakeholders for another step in the right direction. The underground cybercrime economy has been hit with yet another crackdown by French intelligence and law enforcement authorities who shut down the Le Monde Parallèle (The Parallel World) marketplace.

  • The U.S. Coast Guard announced the establishment of its first-ever red team under the Cyber Operational Assessments Branch to bolster the Coast Guard’s cyber defenses.
  • The DHS will be issuing a security directive to pipeline companies that will assist their teams in reporting cybercriminal activities within their network to mitigate threats.
  • The FBI is planning on sharing compromised passwords with Have I Been Pwned’s ‘Password Pwned’ service. This would enable users and admins to check for passwords that have been used for malicious intents. 
  • The French National Directorate of Intelligence and Customs Investigations seized their third dark web marketplace, known as Le Monde Parallèle (The Parallel World).
  • The post-quantum cryptography standard, a years-long project by the federal government, is to be finalized later this year. It is believed that quantum computing will be able to tear through existing pubic key encryption algorithms.

The Bad

Government entities are always lucrative targets for cybercriminals because of the sensitive nature of the data handled by them. This week, the Belgian Interior Ministry was found to have been hit by a cyberespionage campaign by foreign threat actors. It seems that even though we are not talking about the SolarWinds attacks anymore, the attackers behind it are working hard on making headlines. They went ahead and targeted 150 entities across the world. It is already established that exposed databases are one of the major cybersecurity concerns in today’s time. However, organizations need to step up their security game and not leave low-hanging fruits for cybercriminals.

  • Fujitsu was forced to temporarily shut down its ProjectWEB SaaS platform after cyberattacks on multiple Japanese government entities, including the Ministry of Land, Infrastructure, Transport and Tourism; the Ministry of Foreign Affairs; the Cabinet Secretariat; and the Narita Airport. 
  • Microsoft discovered the Russia-based APT29 threat actor targeting around 150 government agencies, consultants, think tanks, and NGOs in at least 24 nations. This group was responsible for the SolarWinds attack.
  • A cyberespionage campaign hit the Belgian Interior ministry in 2019 and was uncovered this March. Federal authorities had launched an investigation to identify the origin of the operation, which data had been hacked, and whether a foreign state was involved.
  • Private patient info was released to media outlets by hackers who targeted hospitals in New Zealand’s Waikato district. The attack took place last week and the hackers gained unauthorized access to documents containing names, phone numbers, and addresses of patients and staff.
  • Around 200,000 patients and employees of Rehoboth Mckinley Christian Health Care Services (RMCHCS) were affected due to a data breach. 
  • Bose Corporation suffered a data breach that occurred due to a ransomware attack in March. The personal information—social security numbers, compensation information, and other HR-related information—of some of its current and former employees was accessed by the attackers. 
  • A database belonging to Bergen Logistics remains exposed for public access without any security authentication. It includes 467,979 records, containing names, addresses, order numbers, and email addresses, all relevant to shipments and customers. 
  • Indonesia’s government admitted to the leak of the personal data of millions of citizens on the RaidForums dark web market. The data was stolen from a national health insurance scheme Badan Penyelenggara Jaminan Sosial (BPJS).

New Threats

A novel data theft technique was discovered in 2015 which came to be known as Rowhammer. As chips are shrinking, Rowhammer attacks are getting harder to stop with another new attack technique discovered this week. We also witnessed the transformation of a wiper to malware. This new malware wants to make chaos and not money. In a new vulnerability discovery, Apple’s new M1 chips were found to be riddled with a new bug at the hardware level.

  • The BazarLoader backdoor has returned in a new campaign that masquerades as a fake movie-streaming service BravoMovies. 
  • Apple M1 chips are being bugged by a newly found M1RACLES bug. Tracked as CVE-2021-30747, the bug allows two apps running on the same device to exchange data between one another via a secret channel at the CPU level.
  • Steam is being targeted by a new type of phishing attack. The important aspect of the scam is that the URL includes a secured padlock, which convinces the users into believing that the website is safe.
  • New details have emerged about the TeamTNT hacking group that has targeted close to 50,000 IPs in a lesser-known worm-like attack between March and May. Most of the compromised Kubernetes nodes are from China and the U.S.
  • A new cyberespionage campaign is making the rounds in which SolarMarker backdoor pretends to be a legit PDFescape Installer to bypass security solutions. 
  • Evil Annotation and Sneaky Signature are two recently discovered exploits that can be weaponized against certified PDFs to alter arbitrary content. Twenty-four popular PDF tools are vulnerable to either one or both the flaws.
  • Google security experts demonstrated another variant of the Rowhammer attack dubbed Half-Double that capitalizes on newer DRAM chips to alter the contents of memory.
  • The Iranian hacking group Agrius has come up with a new destructible wiper malware Apostle that includes the functionality of wiper and ransomware. This new malware primarily focuses on cyberespionage and destruction.
  • A new, sophisticated malvertising campaign has been spotted that propagates the weaponized AnyDesk installer. 
  • Check Point Research and Kaspersky uncovered a campaign, probably by Chinese threat actors, targeting Uyghurs via phishing documents branded with the United Nations Human Rights Council (UNHRC) logo.

 Tags

bergen logistics
fujitsu projectweb platform
bose corporation
m1racles vulnerability
sneaky signature attack
bazaflix
agrius
half double technique
evil annotation attack

Posted on: May 28, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!