CyberIntelMag's Threat report

Weekly Cyber Threat Report, January 17-21, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

The good news: This week’s good news includes:

  • Google Project Zero found two zero-click flaws have been discovered in Zoom, a video conferencing app that could allow attackers to crash the service, execute arbitrary code, and steal sensitive information. The bugs were fixed by the company on November 24, 2021.
  • The Open Source Security Foundation (OpenSSF), GitHub, and Google announced the launch of Scorecards V4. The framework simplifies security automation and offers larger scaling, a new security check, and a new Scorecards GitHub Action.
  • Trend Micro analyzed the current threats and issued recommendations for protecting NAS devices in their paper Backing Your Backup: Defending NAS Devices Against Evolving Threats.”
  • The FBI said the developers of the Diavol ransomware are from the TrickBot Group, the creators of the TrickBot malware.
  • Reports come, some cybercriminals are becoming anxious about being tracked down by law enforcement following the high-profile arrests of suspected ransomware gang members.

The bad news: This week’s bad news includes:

  • Cyberespionage campaigns targeting renewable energy and industrial technology have been active since 2019. The campaign uses OSINT techniques to send phishing emails and visit compromised websites. Google Threat Analysis Group has recently reported similar phishing activity originating from APT28.
  • In Q4 2021, according to a report by Check Point, the top ten brands impersonated by phishing actors in Q4 2021 were DHL (23% of all phishing attacks globally), Microsoft (20%), WhatsApp (11%), Google (10%), LinkedIn (8%), Amazon (4%), FedEx (3%), Roblox (3%), Paypal (2%), and Apple (2%).
  • Earth Lusca threat actor has been seen carrying out attacks on various organizations, according to Trend Micro. The attackers are after sensitive information and monetary profits.
  • In the UK, children as young as nine have launched DDoS attacks in the past. Seeing this, the UK police have launched an initiative to prevent young people from getting involved in cybercrime. The National Crime Agency (NCA) jointly with schools broadband provider Talk Straight Group, Schools Broadband, will carry out a new education campaign.
  • Citizen Lab researchers analyzed the official app for the 2022 Beijing Winter Olympics and found it to be insecure and compromising privacy. The app collects sensitive information such as email addresses and phone numbers, and details about the device’s location and its cellular service provider. Researchers found the app vulnerable to exploitation due to weak SSL-based encryption and certification validation. 
  • A marketing firm RR Donnelly reported a suspected Conti ransomware cyberattack in December during which hackers stole the company’s data.
  • BlackBerry Research and Intelligence Team reported a new post-exploitation tool, Prometheus, offered on Russian hacker forums on a subscription-based crimeware-as-a-service (CaaS) model.
  • A now-fixed flaw in Box’s multifactor authentication (MFA) mechanism allowed an attacker to bypass authentication. The issue refers to a mixup of MFA modes when a hacker refuses to authenticate using SMS and, instead, uses an authenticator app. Box did not check that the account has not allowed using an authenticator app, and did not verify that the entered code belonged to the user attempting to log in.
  • Italian luxury fashion retailer Moncler said that its systems were hit by the AlphV/BlackCat ransomware attack in December after stolen files were published on the dark web.
  • Trend Micro says a new type of ransomware called White Rabbit could be a side-project of the FIN8 hacking group.
  • A new phishing campaign impersonates the US Department of Labor (DoL). The campaign uses over 10 phishing sites and asks recipients to submit job bids in an attempt to steal Office 365 credentials.
  • Ukraine Secret Service (SSU) said the recent attacks against Ukraine’s government websites and other critical infrastructure are part of one large campaign. Nearly 70 government websites went offline last week and this week, unknown hackers deployed data-wiper malware called WhisperGate on select government systems.
  • Bank Indonesia, the central bank of Indonesia, said its networks were hit in a ransomware attack last month.
  • Kaspersky linked the newly found MoonBounce firmware to the APT41 hacker group, which is a Chinese-speaking organization. Kaspersky called it “the most advanced” UEFI firmware implant they’ve seen.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.