CyberIntelMag's Threat report

Weekly Cyber Threat Report, March 29-April 1

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week we’ve seen new protection measures from VMWare, a glimpse of a US’s new cybersecurity policy, and more.

  • VMware has patched two severe vulnerabilities (CVE-2021-21975 and CVE-2021-21983) that could compromise administrator credentials in vRealize, its AI-based platform for managing cloud environments. The flaws related to the vRealize Operations Manager API. A penetration tester at Positive Technologies Egor Dimitrenko privately reported the vulnerabilities that have since been patched. 
  • The US Department of Justice (DoJ) charged almost 500 individuals for participating in COVID-19-related scams and other fraud. The criminals were charged for trying to obtain at least $569 million from consumers and the US government.
  • US Department of Homeland Security (DHS) called ransomware a national security threat and the state’s top priority. DHS Secretary Alejandro Mayorkas called ransomware attacks against hospitals, schools, and other critical infrastructures as “horrendous acts.” The US government is working on a dozen actions to be released soon in an upcoming executive order.

From the bad news:

This week brought more attacks on Microsoft Exchange Servers, new ransomware attacks on schools, new detected methods criminals use to deliver payloads and mine cryptocurrency, surprising news about GitHub’s Arctic Code Vault, and more.

  • The US Department of Justice warns of phishing campaigns in which bad actors trick people into handing over their personal information with the goal of stealing money. Attackers attract victims with false promises of cash rewards or prizes for filling out the fake surveys. 
  • Activision Blizzard’s security team said criminals hid malware inside cheat packages for its popular game Call of Duty: Warzone. The criminals distributed the cheats on popular cheating forums. Once it infected victims’ computers, the hackers could take control over it.
  • “Consumers receive the surveys via email and text message… They can choose from various free prizes, such as an iPad Pro,” the DOJ said.
  • A hacker has taken over a vaccine marketplace on the Dark Web, created fake orders and immediately canceled them to get refunds in Bitcoins earning a total worth of $752,000, according to Check Point Research. 
  • A developer Michael Voříšek detected malicious commits in php-src Git repository for PHP project. They were signed off by attackers under names of known maintainers and infected with a remote code execution backdoor.
  • Palo Alto reported Hancitor, an information stealer and malware downloader used by a threat actor designated as MAN1, Moskalvzapoe or TA511, has evolved to use tools like Cobalt Strike and a Noisy Network Ping Tool. Unit 42 researchers illustrated how the threat actor behind Hancitor uses the network ping tool in this week’s report.
  • BazarLoader malware started to distribute new malware TrickBot, IcedID, Gozi IFSB, and other malware. The attackers now using call centers to distribute payloads.
  • An anonymous source claimed Ubiquiti downplayed the impact of the previous attack and in fact suffered a massive data breach in which hackers had administrative-level permissions to databases and accessed S3 data buckets, application logs, databases, user credentials, and more.
  • Dutch researchers realized that GitHub’s Arctic Code Vault is storing sensitive patient medical records from multiple healthcare facilities. The leaked data will now be preserved for 1,000 years. The private data leaked on GitHub repositories last year and accidentally made its way into the open-source data collection.
  • Zimperium researchers reported a new Android spyware app disguising itself as a software update. The malware poses as a notification about an ongoing system update while exfiltrating user and system data. The app is distributed not via the official Google Play Store, but via a third-party repository.
  • Panasonic and McAfee to build a vehicle security operations center (SOC) to bolster early response security in smart vehicles to thwart physical attacks and cyber intrusions. McAfee plans to contribute to this project by sharing threat intel and general support to the SOC. Counterpoint Research forecasts over 125 million connected cars shipped worldwide by 2022.
  • Digital rights organizations in Eastern Europe alarmed about mass surveillance connected to the proliferation of surveillance cameras with facial recognition capabilities. The most controversial is the Huawei-based surveillance system and “credible reports” of the police’s use of facial recognition cameras in Belgrade to identify protestors.
  • Unit 42 researcher reported two dozen Docker Hub images with cryptomining malware that have been downloaded over 20 million times in the past two years. Malware mined for Monero, Grin (GRIN), and ARO (Aronium) cryptocurrencies with XMRig being the favorite tool.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.