CyberIntelMag's Threat report

Weekly Cyber Threat Report, May 10-15

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week, we learned about the new EO from President Biden, hacker forums banning ransomware-related topics, Cloudflare’s goodbye to CAPTCHA among other stories.

  • Two major cybercrime forums have banned ransomware topics and ads, among reasons “ideological differences” and “increased media attention” after the latest high-profile attacks. Russian-language cybercriminal forum XSS banned ransomware groups from making posts about ransomware sales, ransomware rental, and ransomware affiliate programs on the forum. And Exploit, a major cybercrime forum, has announced that ransomware ads – about hires of affiliates, Ransomware-as-a-Service (RaaS) services, and other services – would now be banned.
  • After the high-profile cyberattacks against US state and private organizations this year, US President Biden signed an executive order that urges improving the US cyber defenses against cyberattacks. The policy foresees a requirement for information and operational technology service providers to share information, creating a “Cyber Safety Review Board,” and adopting Zero Trust Architecture among other directives. 
  • Linux said it’s already prepared for Biden’s cybersecurity challenge. After President Joe Biden signed on May 12th an executive order to improve the federal cyber defenses, and specifically the requirements related to open-source software, Linux Foundation said in a blog post its communities have already built solutions that support this EO and offered some other ways to assist in its implementation in the future.
  • Cloudflare is playing with the idea of using security keys instead of the CAPTCHA, one of the most irritating aspects of the Web. “CAPTCHAs are effectively businesses putting friction in front of their users,” Cloudflare said. Cloudflare proposes using security keys as a way to prove we are human. 

From the bad news:

This week brought reports about high-profile attacks from DarkSide gangs, a new Codecov victim, Apple’s eyebrow-raising concealment of information from its users, and other important stories you can’t miss.

  • DarkSide, the Russian-speaking ransomware group shut down a major US pipeline last week and forced the company to temporarily freeze IT systems. This resulted in fears about fuel supply shortages and panic buying in some US cities. Several days following the attack, an insider came out saying Colonial Pipeline paid the hackers $5 million in ransom money soon after the attack began but it couldn’t prevent the disruption.
  • Toshiba’s European business unit has become a new victim of DarkSide affiliates. Toshiba Tec Corp reported a cyberattack on its European subsidiaries that disrupted its operations in Europe. The company can’t confirm if any customer-related information had leaked, but the hackers claim to have stolen over 740GB of data from Toshiba.
  • Researchers observed a new campaign faking Zix online email authentication solution to target Office365 users with the goal of stealing their credentials. The attack reached 5,000 to 10,000 mailboxes; however, Zix Corp said only a subset of these emails reached Zix customers. Abnormal Security cybersecurity company found out about the scam when one of its customers reported a scam email that came from one of its vendors, Authentic Title, LLC., an whose email account the hackers had previously compromised.
  • Ireland’s Health Service Executive (HSE), which oversees healthcare and social services across Ireland, had to shut down its IT systems following a ransomware attack. HSE assured Ireland’s COVID-19 vaccination has not been affected by the incident. The National Ambulance Service is operating as normal as well. BUt some outpatient appointments have been canceled. It is not known what ransomware has hit HSE.
  • Threat actors abused the Microsoft Build Engine (MSBuild) to deploy remote access tools (RATs) and information-stealing malware. “While we were unable to determine the distribution method of the .proj files, the objective of these files was to execute either Remcos or RedLine Stealer,” Anomali’s researchers said.
  • The cybersecurity firm Rapid7 revealed it had been hit in the Codecov supply-chain attack. The company said their use of the infected Bash uploader was limited to testing and build tooling internally and wasn’t used on any CI server, so the attacker didn’t access the product code. The investigation revealed no other corporate systems or production environments had been compromised.
  • Volue, a Norwegian green energy solutions provider, has been hit by a ransomware attack this week. The company has already started restoring systems from backups that were not affected by the attack. 
  • Emails presented in the Epic Games lawsuit showed Apple management decided to be silent about the 2015 iOS hack. At the time, Apple knew about 2,500 malicious apps downloaded a total of 203 million times by 128 million users worldwide but chose not to notify affected users. The mass hack involved as many as 4,000 fake apps. 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.