CyberIntelMag's Threat report

Weekly Cyber Threat Report, April 19-23

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week, read about new IoT standards, new DoJ cybersecurity task force, US 100-day cybersecurity plan, and more stories below.

  • The FIDO Alliance announced a new open IoT standard which will simplify onboarding of devices to the cloud and on-premise management platforms. Developed together with experts from Intel, Qualcomm, and Intel and leveraging asymmetric public key cryptography the new standard will primarily provide the industrial IoT industry with a fast and secure way to onboard any device to any management system.
  • The US Department of Justice’s new task force has been announced that will counteract the proliferation of ransomware. It’s responsibilities would include takedown of command-and-control (C2) servers used by ransomware operators and legal seizure of funds generated by illicit means.
  • The new version 90.0.4430.85 of the Chrome browser for Windows, Mac, and Linux contains seven security fixes, including one for a 0-day vulnerability.
  • White House unveiled 100-day “sprint”, a plan to protect U.S. power grid that will likely take years to fully implement, experts say. The plan foresees creating a stronger relationship between national security agencies and private utilities that run the U.S. electrical system.
  • The UK government is preparing to face the security challenges that  IoT presents and is working on legislation and new security requirements for the manufacturers of IoT devices. 

From the bad news:

This week brought cryptomining botnet attacks on troubled Exchange servers, revelations about the true impact of the Codecov breach, REvil extorting Apple, among other important stories you can’t miss.

  • This week Reuters investigators have reported hundreds of customer networks have been breached as a result of last week’s breach of Codecov’s systems. As the scale of the impact of this supply chain attack turned out to be much greater than initially reported, the Codecov breach drew comparisons with the SolarWinds attacks.
  • A botnet named Sysrv, active since December 2020, targets enterprise web applications using exploits for old vulnerabilities or a brute-force attack, security researchers at Alibaba’s Aliyun, Juniper, and Lacework warned this week. Among the targeted web apps are Oracle, Weblogic, Atlassian Confluence Server, Apache Solr, PHPUnit, Apache Hadoop, and WordPress.
  • The REvil ransomware gang extorted Apple and demanded a ransom of $100 million after they unsuccessfully tried to get a ransom from Quanta Computer, a manufacturer of many of Apple’s products.
  • Trend Micro warned about Tor-based botnet malware that targets Linux and cloud management tools. Linux has been attracting more and more attention from cybercriminals, the security company reported.
  • Darkside ransomware gang is using a new extortion technique aimed at companies listed on stock markets. For money they can notify traders in advance – before a company is named a victim – so they can short its stock price. Whether the company had been breached or not doesn’t matter – the negative impact of having its name listed on the ransomware gang’s website would be enough to cause its stock price to drop.
  • RCE vulnerability in the central CocoaPods server potentially exposed data of up to three million mobile apps. The flaw went unnoticed since 2015 until it was patched shortly after disclosure. CocoaPods maintainer Orta Therox doesn’t think the CocoaPods Specs repo has been tampered with but advises devs to run checks and take protective measures.
  • Prometei, a cryptomining botnet, is exploiting unpatched Microsoft Exchange servers. The botnet spreads laterally within the network and installs a Monero miner.
  • ESET warned of attackers running ads for fake Microsoft Store, Spotify apps that distribute information-stealing Trojans. The malware attempts to steal the credit card info and passwords of the victims. 
  • A fake WhatsApp app that appeared last week, WhatsApp Pink, has been upgraded and now can automatically reply to Signal, Telegram, WhatsApp Business, Viber, and Skype messages.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.