Cyware Weekly Threat Intelligence, October 24 - 28, 2022

Weekly Threat Briefing • October 28, 2022
Weekly Threat Briefing • October 28, 2022
Another week, another series of significant developments were announced to bolster defense against cyberattacks. In a bid to encourage the deployment of threat detection technologies and systems, the White House launched a 100-day cybersecurity sprint for the chemical sector. As a part of this initiative, the government plans to incorporate best practices learned from the electricity, pipeline, and water industries. In other news, the Government Accountability Office (GAO) made three recommendations to improve the security posture of K-12 schools.
While the White House administration is making efforts to reduce cyber risks in critical infrastructure, new research revealed that industrial organizations remained the top target for ransomware attacks in the third quarter of the year. The list included several new groups such as Sparta Blog, BianLian, Donuts, Onyx, and Yanluowang. Even the education sector is under attack from ransomware gangs. Microsoft shared a new update on Vice Society ransomware activity by highlighting that the group is switching payloads to target schools and colleges worldwide. Furthermore, the Snatch ransomware group claimed responsibility for the attack on Kenosha Unified School District in Wisconsin.
Massive cryptomining campaigns exploiting a wide range of cloud computing infrastructures were identified this week. While one targeted vulnerable Docker and Kubernetes infrastructure to mine Monero cryptocurrency, the other abused GitHub, Heroku, and Buddy CI/CD services to mine crypto coins such as Tidecoin, Onyx, and others. The notorious Kimsuky APT also added three new Android malware to expand its attacks against South Koreans. In another update, Checkmarx researchers demonstrated a new attack technique dubbed RepoJacking that could lead to supply chain attacks.