Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
From the good news:
This week, we’ve learned about Microsoft’s IoT deal, Interpol’s operation, USDJ’s seizure of USAID attackers’ domains, and more.
- The international police agency (Interpol) reported that from September 2020 to March 2021 it has made an intercept of over $83 million that was stolen by cybercriminals from victims of cybercrime. About 40 law enforcers of various agencies in the Asia Pacific participated in the Operation HaECHI-I.
- The US Department of Justice has seized two domains used in a phishing campaign against USAID. Largely attributed to Russia’s Foreign Intelligence Service, the campaign leveraged compromised USAIDs email account to launch mass email campaigns targeting various political groups in Europe.
- Hewlett Packard fixed a critical zero-click flaw in HPE Systems Insight Manager (SIM), its server management software (SMS). The issue allowed an attacker to perform a remote code execution without requiring interaction from a user.
- Microsoft acquired ReFirm Labs to strengthen its Internet of Things (IoT) security offerings. Microsoft hopes ReFirm’s Binwalk will help secure and protect IoT devices and allow to easily analyze and protect firmware.
From the bad news:
This week has brought reports about malware attacks on FUJIFILM and JBS, new attacks on US hospitals, new malware and vulnerabilities, and other important stories you can’t miss.
- FUJIFILM has announced it experienced a ransomware attack and had to shut down its network. Previously, FUJIFILM said it was infected with Qbot Trojan last month.
- A cybersecurity attack at JBS, the world’s largest meat producer, affected multiple facilities globally. Later, the FBI has identified the hacker group REvil as the perpetrator of the JBS ransomware attack.
- A new campaign discovered by Cisco Talos uses the Necro Python bot shows how an actor can easily modify the functionality of their bots to infect vulnerable systems. The bot’s operators added new capabilities and now the bot has exploits for more than 10 different web applications and the SMB protocol. The firm’s new threat report also demonstrates several techniques of the MITRE ATT&CK. framework.
- Researchers warned that new vulnerabilities in the Realtek RTL8170C Wi-Fi module can be exploited to gain elevated privileges and modify wireless communications. The exploitation of the Wi-Fi module would allow complete control of the device’s OS. The flaws affect all embedded and IoT devices that use the RTL8710C module to connect to a Wi-Fi network. An attacker would have to be on the same network as the devices that use the module.
- The University of Florida Health system was hit by a cyberattack that prevented its staff from accessing email and other data. Due to the nature of the incident, Central Florida has suspended access to some of its systems, and they have implemented backup procedures to ensure the security of all data and networks.
- The new malware known as SkinnyBoy is used by Russian hackers to infiltrate sensitive orgs. The threat actor, which is also known as Fancy Bear, Sofacy, Strontium, Sednit, and PwnStorm, used SkinnyBoy in the intermediary stage of an attack, an advanced attack tool that can collect details about a target and retrieve its next payload.
- Researchers warn about two new ransomware gangs, known as Prometheus and Grief. Prometheus (Prom) has already stolen data from the Mexican Government becoming the first cybercriminal group to hit a major country in Latin America. And Grief has stolen data from a few organizations. It uses a website that prevents researchers from indexing its content for research purposes.
- A new backdoor that’s connected to China’s threat actor SharpPanda has been used in cyberespionage campaigns. CPR researchers stated that the campaign was developed to compromise the systems of the Southeast Asian Foreign Affairs Ministry. The US has blamed Russia-based actors for the attack on the world’s biggest beef producer.
- The Swedish Public Health Agency said that its database of infectious diseases, which was targeted by hackers last week, had been shut down. SmiNet, which is used to store information about COVID-19 infections, went offline on Thursday due to attacks.
- Qihoo 360 NETLAB described a new backdoor Facefish that steals sensitive information and executes arbitrary commands on Linux systems.
- Another US hospital, which is known for its high-quality care, was hit by a ransomware attack that encrypted patient information. With over 3,000 affiliated physicians, Scripps Health operates five hospitals and 19 outposts across California.