CyberIntelMag's Threat report

Weekly Cyber Threat Report, November 1 – November 05, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week, there was much good news, including police apprehending suspected ransomware hackers worldwide, Microsoft issuing a warning about increasing password leaks of cloud accounts, Microsoft Defender for Windows being overhauled, Android’s November patch resolving actively exploited kernel problems, and others.

  • Police arrested 12 cybercriminals for coordinating ransomware attacks on critical infrastructure and major corporations. Since 2019, their attacks have affected the lives of nearly 1,800 people in 71 countries. This arrest will convey a message that cybercriminals are on the radar.
  • Kaspersky has patched the vulnerability, CVE-2021-35053, leading to an unbootable system. The issue starts when Kaspersky’s email address is used in Microsoft phishing messages. The problem affects Kaspersky Anti-Virus, Internet Security, Total Security, Small Office Security, Security Cloud, and Endpoint Security solutions for Windows.
  • Businesses having up to 300 employees will be able to get enterprise-grade endpoint protection from Microsoft. It’ll be “Defender for Business,” an easy-to-use and cost-effective tool. Customers will be able to purchase it as a stand-alone service from Microsoft for $3 per user each month.
  • Google addressed actively exploited kernel problems through one of the latest Android updates. Not only this, the November patch fixed 17 additional issues in the kernel and vendor components. 2021-11-01, 2021-11-05, and 2021-11-06 are the dates for Android updates in November.

From the bad news:

The last week’s bad news includes fake Minecraft alt records used to target gamers, a healthcare system in Canada being affected by a cyberattack, a severe cyberattack affected the National Bank of Pakistan, the energy industry being targeted through mobile phishing operations, and others.

  • In Japan, a new variant of the Chaos ransomware is circulating. It encrypts Minecraft players’ data to ask for ransom. Threat actors use text files known as ‘alt lists,’ which allegedly include stolen Minecraft user credentials but are actually Chaos ransomware executables.
  • Microsoft issued an alert regarding the security of cloud accounts. The company says that more and more hackers are using the password spraying method to carry out cyberattacks. Their attacks usually employ the same password when switching from one account to another.
  • Since the commencement of the COVID-19 epidemic, global supply networks have been severely disrupted. Now, they are targeted by cybercriminals, especially ransomware attackers. They are selling access to multinational shipping and logistics firms
  • Mekotio, a complex banking Remote Access Trojan (RAT), targets victims in Brazil, Chile, Mexico, Spain, and Peru. It is now back with new strategies for avoiding detection. Phishing emails with links to or malicious attachments are one of Mekotio’s infection vectors. The payload is contained in a ZIP archive attachment.
  • Hackers accessed mySA Gov accounts. Hackers gained access to these accounts because users used the same or a similar password for their mySA Gov account as they did for another website. The hackers then accessed some mySA GOV accounts using the credentials they had gotten from an unrelated website.
  • The National Bank of Pakistan was cyber-attacked recently. The attack caused damage to the bank’s backend systems, which included servers that link the bank’s branches, core infrastructure that manages the bank’s ATM network, and mobile apps.
  • Of all the industries’ personal targeted through mobile phishing operations, attacks on energy industry employees have increased by 161 percent. This rise happened in the first half of 2021. After energy, banking, pharmaceuticals, government, and manufacturing industry personal were targeted the most.
  • A cyberattack in Canada disrupted the entire healthcare system. This attack led to the closure of regional health systems’ networks and the cancellation of thousands of medical appointments. A lot of affected health facilities have reverted to using pen and paper.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.