CyberIntelMag's Threat report

Weekly Cyber Threat Report, May 24-28

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week, we’ve learned about the first court ruling of its kind about the UK’s mass surveillance program, arrests of smishing actors, a collaboration between the FBI and Have I Been Pwned, and more.

  • Following a cyberattack on Belgiums parliament and scientific institutions, the country’s security council approved a new strategy to strengthen its digital defenses. The report, which was released on Thursday, identified six strategic areas that the center will focus on in the next five years.
  • The UK’s Government Communications Headquarters violated the rights of its citizens through its bulk interception program in 2013, the European Court of Human Rights ruled on Wednesday. The court ruled that the program was incompatible with the right to privacy. The court found that the bulk interception program did not contain enough “end-to-end” safeguards to protect the public’s rights.
  • Eight arrests have been made of individuals suspected of sending out “smishing” texts that posed as from the Royal Mail in the UK. The arrests were done by city police units known as the Dedicated Card and Payment Crime Unit (DCPCU) jointly with Royal Mail and telecom firms.
  • The FBI will share compromised passwords it finds in breaches with the Have I Been Pwned service. THe services’ owner, Troy Hunt, has open-sourced its project and made Password Ingestion API that will allow law enforcers to easily feed passwords into the service’s database.

From the bad news:

This week has brought reports about new types of attacks and malware, new statistics about the rise of ransomware and cryptojacking, breaches at Bose and Russian and Japan governments, flaws in Fortinet and Pulse Secure aplliaces, and other important stories you can’t miss.

  • Attackers can exploit new security weaknesses in Bluetooth Core and Mesh Profile to carry out man-in-the-middle attacks, the Carnegie Mellon CERT Coordination Center alerted this week. Devices that support the Bluetooth Core and Mesh specifications are vulnerable to BIAS attacks, Bluetooth Impersonation attacks that allow a malicious actor to create a secure connection without having to authenticate the victim’s key.
  • The UK’s National Crime Agency said that the rise in ransomware attacks was causing “significant harm.” The annual report by the NCA details how the number of ransomware attacks and their severity have grown significantly over the last year, and they rank among the most serious crimes that cause harm to society.
  • Around 3,000 accounts were targeted by a phishing campaign that reached governments and non-profit organizations in 24 countries. According to Microsoft, the campaign was carried out by Nobelium, a Russian group that’s backed by the Russian government. Hackers gained access to the email marketing platform of USAID, Constant Contact.
  • The study conducted by Palo Alto Networks researchers showed that their honeypot that resembled a Docker daemon was attacked 850 times in March to April 2021. Most of the attacks were cryptojacking.
  • FireEye’s Mandiant disclosed a set of critical vulnerabilities in Pulse Secure, which could allow attackers to execute zero-day attacks against organizations that rely on the software. One of the most critical vulnerabilities is CVE-2021-22893, which could allow unauthentic attackers to execute arbitrary code.
  • Bose has notified New Hampshire’s officials that its employees’ personal information was compromised in a “sophisticated” ransomware attack. Bose did not reveal the exact nature of the attack or the group that perpetrated it.
  • Google researchers have shown a new type of Rowhammer attack that can tamper with data stored in memory. A new technique called Half-Double is a type of hammering that uses the weak coupling between memory rows that are not adjacent. Measures like Target Row Refresh (TRR) is ineffective against this attack.
  • Fujitsu said criminals breached several government offices in Japan in a supply-chain attack. The intruders gained inside information by infiltrating Fujitsu’s information-sharing app, ProjectWEB, and stole critical data.
  • Fake human rights NGO with the UN logo has been targeting Uyghurs in China with repeated cyberattacks. Kaspersky Lab’s GReAT team says the campaign targets the Turkic ethnic group in Xinjiang, China, and is presumably the work of a Chinese-speaking threat actor.
  • In a report released last week, Russia’s government said that unidentified foreign hackers have infiltrated and stolen information from the country’s federal executive agencies. The attacks were carried out in 2020, according to a joint report by Rostelecom-Solar and the NKTsKI.
  • The FBI believes that state-sponsored attackers gained access to a local government’s website through a Fortinet firewall. The APT group “almost certainly” exploited a Fortigate appliance to gain access to a webserver hosting a US government domain.


About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.