Weekly Cyber Threat Report, Mar 1-5

Weekly Cyber Threat Report, March 1-5

Welcome to CyberIntelMag’s weekly roundup! A place where you can read the most important stories in the cybersecurity world from the past week.

From the good news:

This week we’ve seen the NSA state the importance of zero-trust within networks, a new online self-assessment tool for micro-businesses, a free ransomware protection service to US hospitals, and more free privacy tools.

  • The NSA published a document that explains the benefits of choosing a zero-trust model and advises how to implement it within one’s networks.
  • Microsoft launched Secured-core Server and Edge Secured-core to IoT devices and servers. Both deliver advanced and simplified security and have preventative defense capabilities. 
  • Queen Mary University of London researchers developed COVIDGuardian, a tool that identifies security and privacy risks in COVID-19 contact tracing apps. The first tool of its kind, it alerts to threats such as malware, embedded trackers, and privacy issues.
  • US hospitals got free ransomware protection service when the US Center for Internet Security (CIS) has launched the Malicious Domain Blocking and Reporting (MDBR) to help US private hospitals to protect against ransomware and cyber-attacks.
  • With support from GCHQ, the UK’s National Cybersecurity Center has launched a new online self-assessment tool for micro-businesses and sole traders that advises on ways to enhance cybersecurity. 
  • Scientists came up with a faster system to generate cryptography keys. It generates entirely random numbers at approximately 100 times the speed of the fastest random number generator systems, using a single, chip-scale laser.
  • Microsoft released urgent patches following exploitation of vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019. Exchange Online is not affected.
  • CERT-EU and ENISA signed a Memorandum of Understanding as an outcome of the Cybersecurity Act with the goal to detect and fortify the synergies between the two agencies and to build and strengthen the cybersecurity capabilities in the EU.

From the bad news:

This week brought a new victim of Accellion-related attacks, a big number of data breaches, new strains of Solarwinds-linked malware, and new sophisticated malware delivery methods.

  • American telecommunications provider T-Mobile has experienced a data breach in which attackers were able to port mobile numbers.
  • Microsoft and FireEye reported three new malware strains associated with attacks on SolarWinds’ Orion software. They are dubbed Sunshuttle (GoldMax), GoldFinder and Sibot.
  • Scammers are targeting investors in a sophisticated BEC scam. The scam begins with a phishing email that urges to send money due to fake “capital call” notices.
  • Threat actors use a new Dependency Confusion vulnerability to target Amazon, Zillion, Lyft, and Slack NodeJs apps and steal Linux/Unix password files.
  • Users of AOL mail have been targeted in a new phishing campaign that steals users’ login names and passwords by scaring recipients of upcoming account closure.
  • CallX, a California-based telemarketing company and marketing platform, has been storing 114,000 client files on an unsecured AWS S3 bucket.
  • Gootkit RAT has been using SEO to distribute malware Gootkit which deployed malware payloads in South Korea, Germany, France, and North America.
  • Russian cybercriminal forum Maza, formerly known as Mazafaka, leaked 2,000 accounts
  • Tether, a cryptocurrency company, experienced a data breach and received a ransomware demand of 500 Bitcoin ($24 million).  Tether said important documents had been exposed that would “harm the Bitcoin ecosystem” but refused to pay a ransom. 
  • The UK-based data analytics agency Polecat held to ransom due to an unsecured server that has exposed 30TB of business records. The agency harvests tons of public information relating to firearms, politicians, racism, Covid-19, and healthcare.
  • Mariana Tek, a US-based fitness management platform, exposed 1.5+ million records – usernames, full names, residential and email addresses, phone numbers, account balances, etc.
  • Across Asia, ObliqueRAT, a notorious remote access Trojan (RAT), is hiding in benign image files on compromised websites. 
  • Universal Health Services (UHS), one of the U.S.’s largest providers of healthcare services, reported the ransomware attack last fall caused $67 million in pre-tax losses.
  • Ryuk ransomware was detected with worm-like capabilities, the French National Agency for the Security of Information Systems (ANSSI)  reported. A sample of Ryuk can spread automatically within infected networks.
  • Intezer Lab showed that SunCrypt ransomware may be an updated version of the QNAPCrypt ransomware, as there are strong technical similarities in code reuse and techniques.
  • Lithuania’s State Security Department accused hacker groups linked to Russian intelligence of cyber-attacks against top Lithuanian officials and decision-makers and of using its state infrastructure to conduct attacks on other targets working in COVID-19 vaccine research.
  • Cybersecurity firm Qualys is the latest victim of Accellion-related attacks. Allegedly the company’s purchase orders, invoices, tax documents, scan reports, and other files have been stolen.
  • WizCase security team reports a large data breach: millions of records such as passwords and payment data belonging to Ringostat, a company based in Ukraine, has been exposed and vulnerable online.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.