Weekly Cyber Threat Report, Mar 1-5

Weekly Cyber Threat Report, March 8-12

Welcome to CyberIntelMag’s weekly roundup! A place where you can read the most important stories in the cybersecurity world from the past week.

From the good news:

This week we’ve seen a new tool from Microsoft to protect from spreading attacks on its Exchange Servers, new free security tools for developers, a new privacy feature for WhatsApp, and more.

  • Microsoft updated its Microsoft Safety Scanner (MSERT) tool to add capabilities to detect web shells used by hackers in attacks on Exchange Servers. It scans a computer looking for malware and automatically removes the detected malware.
  • Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari browsers to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. The bug has affected billions of Apple devices.
  • The Cybersecurity and Infrastructure Security Agency (CISA) will start to manage the official .gov top-level domain in April to raise the security of the domains used by government websites.
  • The Linux Foundation announced the sigstore project to allow software developers to securely and for free sign software artifacts such as release files, container images, and binaries.
  • Facebook’s WhatsApp is working on a new security feature to encrypt user chat backups in Google Drive and Apple iCloud to make them accessible only by the users themselves. The new password protection feature has been reported by WABetaInfo.

From the bad news:

This week brought more Accellion attacks, more Microsoft Exchange server breaches, a few malicious apps on app stores, new malware families, and new ways attackers use to deliver their payloads.

  • Check Point Research team described a new dropper Clast82 that distributed financial Trojans AlienBot Banker And MRAT to multiple malicious and legitimate apps on the Play Store.
  • An iOS application called either “Automatic call recorder” or “Acr call recorder” was found exposing the conversations of thousands of its users. By using a proxy tool an attacker could get access to 130,000 voice recordings amounting to about 300 Gb of private data.
  • Microsoft warned that hackers are using new ransomware DearCry to target unpatched Microsoft Exchange servers.
  • A report from ESET says at least 10 state-backed hacking groups are now exploiting the flaws in unpatched Microsoft Exchange servers. 
  • Norway’s parliament announced on Friday it became the latest victim of Microsoft Exchange vulnerabilities and lost data in a cyberattack on Thursday. Earlier this week, the European Banking Authority reported a hack that exploited flaws in Microsoft Exchange Servers that forced to turned off its email systems. The banking authority said personal data hosted on servers “may have been obtained by the attacker.”
  • The US-based Flagstar Bank became the latest victim of Accellion-related attacks exploiting a zero-day vulnerability. An unauthorized party accessed some of Flagstar’s information, but the bank’s operations had not been impacted.
  • A ransomware attack hit more than 700 of the Spanish government labor agency (SEPE) offices across Spain and forced it to shut down its systems.
  • A US hacker collective hijacked footage from 150,000 security cameras manufactured by Verkada that are used at banks, jails, schools, carmaker Tesla, among others. They said they did this to fight state surveillance.
  • Intezer reported a new backdoor targeting Linux endpoints and servers. Intezeer believed “RedXOR” is operated by Chinese nation-state actors.
  • A report from Trend Micro says WannaCry and EternalBlue keep being the most prevalent threats in 2021 after they had long been patched by Microsoft.
  • Proofpoint reported the TA800 threat group is spreading the NimzaLoader malware loader in spear-phishing emails and that it is likely used to download Cobalt Strike.
  • New research by Sygnia provides evidence that the North Korean Lazarus Group uses the MATA framework to deliver TFlower ransomware.
  • SpiderLabs at Trustwave detected a new malspam campaign is spreading NanoCore, a remote access Trojan (RAT), in icon files.
  • ESET researchers exposed security and privacy issues with internet-connected sex toys from two popular brands, WOW Tech Group and Lovense. We-Vibe Jive and Lovense Max were found vulnerable to MiTM attacks.
  • A number of Czech officials have been targeted by hackers in “a massive cyber attack on public administration systems.” The servers remained operational and there was little damage done because there was a backup system in place.
  • Scottish University of the Highlands and Islands (UHI), and earlier Irish Queen’s University in Belfast and English University of Central Lancashire in Preston reported incidents that forced the universities to shut down their campuses. The authorities could not confirm if the attacks were linked.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.