Share Blog post
- North Carolina started a cybercrime hotline following the rise in financial losses owing to COVID-19 related cyber scams. State residents have reported COVID-19- related fraud losses of over $4 million since March, according to FTC data.
- The U.S. Government Accountability Office (GAO) called out the Federal Aviation Administration to take action to protect modern commercial airplanes from cyberattacks. The agency warned that if avionics systems are not properly protected, they could be at risk of a variety of cyberthreats.
- The U.K. government announced plans to implement advanced offensive and defensive cyber capabilities to disrupt the critical infrastructure of adversaries. This initiative will be primarily steered by GCHQ.
- The Singapore government introduced a new list of security requirements for home routers that will come into action from April 13 next year. The enhanced requirements include unique login credentials for each device, minimum password strength, disabling of system services, and download of firmware updates.
- Ransomware attacks continued to freeze their targets’ operations by encrypting their systems. This week, the affected organizations include the names of Ubisoft, Crytek, Software AG, and Seyfarth Shaw.
- A cyberattack on Barnes and Noble’s Nook services disrupted users’ ability to access Nook libraries, their previous purchases, and more. Malware infection on POS systems was claimed to be the reason behind the attack.
- Several government agencies across the globe also came under attack in different incidents. The targeted agencies include the foreign ministry in Norway, Hackney Council in London, and two government departments in Iran.
- The week also witnessed several unsecured database instances, exposing a wide range of sensitive data belonging to different firms. The impacted organizations were teamDigital, Intcomex, Broadvoice, and Panion.
- Cybercriminals stole more than $22 million in user funds in multiple campaigns targeting Electrum wallet app for more than two years. The attack was carried out through a social engineering technique, wherein users received a false message for updating their wallets.
- A threat actor group named Spectre123, allegedly leaked sensitive data from NATO and Havelsan online. The documents included work files, proposals, contracts, 3D designs, resumes, excel sheets containing raw materials information, and financial statements.
- Joker’s Stash dark market forum was abuzz after a hacker dumped card details for 3 million Dickey’s Barbecue Pit users. The data, which was compromised between July 2019 and August 2020, was sold for a median price of $17 per card.
- The use of fake Windows themes is becoming popular among malicious hackers. The week witnessed two cybersecurity incidents where boobytrapped Windows updates and fake Windows Defender Antivirus themes were used to spread Emotet and QBot, respectively.
- The Mirai botnet emerged this week in the form of four new variants. Additionally, researchers observed that the botnet was exploiting two new command injection vulnerabilities in the wild.
- A new framework, named SolarSys, was observed to be actively used in Brazil. The framework was primarily used to distribute trojans.
- Researchers came across a complex cryptomining campaign that marked the return of Lemon Duck malware. It stole computer resources to mine the Monero currency. The malware was propagated through RTF files using email, psexec, WMI, and SMB exploits.
- Despite a major takedown attempt, the TrickBot trojan made a comeback after its operators replaced its disrupted backend infrastructure with a new one. The gang also revamped the BazarLoader malware to deploy Ryuk ransomware on high-value targets.
- After going through several attack patterns, researchers claimed Thanos ransomware to be a creation of the MuddyWater threat actor group.
- The Silent Librarian is back in action, targeting universities across the globe in a massive spearphishing campaign. The group’s primary focus is on universities in the U.S., the U.K., Canada, Australia, and the Netherlands.
- Researchers noticed a new financially-motivated hacking group, FIN11, that was behind pharmaceutical companies and other healthcare targets during the COVID-19. The group’s tactics and techniques overlap with the group known as TA505.
- A new report highlights that ransomware operators are buying network access credentials, vulnerable endpoints, and compromised employee accounts to simplify their attack process. Access to these entities is priced between $300 and $10,000.
Posted on: October 16, 2020
Get the Weekly Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...