CyberIntelMag's Threat report

Weekly Cyber Threat Report, November 29 – December 3, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news: The good things that happened this week includes the introduction of a new law in the UK regarding default passwords, Finland issuing a warning about Flubot spyware, FBI detaining a US citizen for hacking and extorting the same IT firm where he works, and others.

  • The UK government has issued a new law requiring all new smart gadgets to have unique passwords and be unable to be reset to factory default settings. This rule also states that at the point of sale, makers must disclose and keep consumers informed on the minimum time required for security fixes and upgrades.
  • Interpol supervised Operation HAEICHI-II, an international operation that resulted in the arrest of 1,003 people tied to different cyber-crimes such as romance scams, investment frauds, online money laundering, and illicit online gambling. Police from twenty nations engaged in the law enforcement operation.
  • In an effort to alert Android users, the National Cyber Security Center of Finland has issued a critical notice to warn about a broad campaign intended to infect them with the Flubot financial malware, which is distributed via text messages received from compromised smartphones.
  • CISA has issued recommendations for safeguarding business mobile devices. By following best practices for protecting corporate-managed mobile devices, it is intended to assist firms in eliminating vulnerabilities and improve overall company defenses.

From the bad news: The bad incidents that occurred this week involve WIRTE hacking group targeting Middle East’s government, law, and financial entities, Chinotto multi-platform malware being used to target journalists, Panasonic admitted cyberattack and data breach, and many more.

  • Since 2019, the hacking group WIRTE has been linked to a government-targeting campaign that uses malicious Excel 4.0 macros. The main targets are high-profile governmental and corporate companies in the Middle East, while specialists have uncovered targets in other areas. WIRTE’s phishing attempts include Excel spreadsheets that deploy malware payloads by running harmful macros on recipients’ PCs.
  • Symantec researchers recently discovered that a threat actor, previously linked to the Thieflock ransomware operation, may now be employing the Yanluowang malware in a series of cyberattacks against American businesses.
  • FBI alleges that in December 2020, an IT firm’s Amazon Web Services (AWS) cloud administrator “repeatedly abused” access credentials, including access to the company’s AWS and GitHub servers, to extract proprietary information. In January 2021, he sent an anonymous ransom note to his firm, demanding payment of 50 bitcoin, which was worth around $1.9 million at the time.
  • North Korean state hacking gang APT37 targets South Korean journalists, human rights activists, and defectors using spear-phishing emails, watering holes, and smishing attacks, distributing malware known as Chinotto that may infect Android and Windows devices. This backdoor was distributed to victims’ systems months after the original cyberattacks.
  • Panasonic confirmed that its network was illegally accessed during a cyberattack earlier this month. In a statement, the Japanese company stated that it swiftly reported the illicit access to the proper authorities and implemented security remedies, including steps to prevent external network access.
  • A newly discovered that at least one school district in the United States has been attacked and extorted by the “Sabbath” (aka UNC2190) ransomware group. Sabbath ransomware is a concern partly because it has managed to elude detection owing to various factors. The gang has modified its equipment to avoid being discovered, including the Cobalt Strike Beacon remote control tool.
  • In the first half of 2020, four new malicious frameworks engineered to attack air-gapped networks were discovered, raising the total number of such toolkits to 17, and providing adversaries with a mechanism to conduct cyber espionage and exfiltrate confidential information.
  • Phishing actors have quickly taken advantage of introducing the Omicron COVID-19 variant, using it as bait in their phishing emails operations. The receivers of these emails are promised a free Omicron PCR test to help them get around restrictions.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.