CyberIntelMag's Threat report

Weekly Cyber Threat Report, October 18 – October 22, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week’s good news includes new security tools and initiatives from Microsoft, the US’ ban on software export, Google’s first Android vulnerability rewards program, and more.

  • The US government announced a ban that forbids US companies from exporting software and hardware that could be used to fuel authoritarian practices, hacking activities, and human rights abuse. The rule thus bans the export of cybersecurity tools for National Security (NS) and Anti-terrorism (AT) reasons.
  • Two Eastern European men were sentenced to prison for bulletproof hosting services and helping multiple cybercrime operations to target US organizations. They were given Racketeer Influenced Corrupt Organization (RICO) charges.
  • Google has launched its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000. Together with several recent enhancements in Android 12, this is expected to boost the platform’s overall security. “We’re offering a reward of up to $250,000 for a full exploit on a Pixel device running Android Enterprise,” Google announced.
  • Microsoft has issued fixes for multiple known printing issues on Windows 11 with its KB5006746 cumulative update preview on Thursday. It is intended for customers who want to test fixes and performance improvements coming on November 9th, as part of next month’s Patch Tuesday.
  • Microsoft has announced the public preview of end-to-end encryption (E2EE) for one-to-one Microsoft Teams calls. Now, the real-time media flow (i.e., video and voice data) will be encrypted, so that private discussions remain private, with no way for intermediate parties to decrypt them.
  • After an increase in the number of threats against nonprofit foundations globally, Microsoft introduced a new suite of tools. The new suite is designed to protect nonprofits from threats such as cyberattacks from nation-states.

From the bad news:

We’ve learned about campaigns targeting YouTube creators, new troubles for REvil, new attacks on Acer, AMD chips, new malicious NPM packages, and more.

  • Youtube platform was involved in two malicious campaigns this week. In one, YouTube videos are being abused by a threat actor to distribute malware, such as password-stealing trojans. In another one, hackers are hijacking YouTube channels of creators using “Cookie Theft” method, also known as ‘pass-the-cookie attack, after luring them with collaboration opportunities. The stolen accounts were later used for fraudulent activities.
  • Sentinel Labs threat experts provided proof that Karma ransomware is a new variation of the original JSWorm, a strain that later evolved into Nemty, then Nefilim, Fusion, Milihpen, and Gangbang.
  • According to a new poll of 300 IT decision-makers in the United States conducted by ThycoticCentrify, 64 % of orgs had been targets of ransomware attack in the last 12 months, and 83 % of them ended up paying the ransom.
  • A hacker gang has launched a second cyberattack against Acer, less than a week after the first one. Identified as ‘Desorden,’ the actor claimed they had hacked Acer India’s servers and stolen data, including client information.
  • The REvil ransomware operations halted again after someone hacked their Tor payment gateway and data leak site. Its Tor sites were taken down after a threat actor linked to the REvil operation claimed that the group’s domains had been hacked.
  • LightBasin threat actor has been attacking the telecom industry and stealing valuable information, such as subscriber information and call metadata. The identities of the entities targeted were not disclosed, and the findings did not link the cluster’s activities to a specific country.
  • German researchers described new attack methods abusing the previously discovered Meltdown and Spectre flaws, which opens the door for new side-channel attacks aimed at widely used AMD chips.
  • Three JavaScript libraries were discovered on the official NPM package repository that were confirmed to be crypto-mining malware. 
  • Staff in the financial services sector were targeted in a large phishing campaign, which used ‘weaponized’ Excel sheet. The Excel files could evade malware detection systems because they contain “extremely lightweight” embedded macros, according to ET Labs.
  •  A new rootkit was identified which was signed with a valid digital signature by Microsoft. It targeted Chinese gamers and transferred their traffic to attackers’ websites for over a year.
  • Evil Corp has launched a new ransomware variant called Macaw Locker. The move is aimed at evading US sanctions that prevent them from receiving ransom payments.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.