Cybersecurity Digest #50: 16/05/2022 – 27/05/2022

Cybersecurity news

• Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. While the vulnerabilities aren’t rated as critical, they are still significant on their own and can be abused by threat actors as part of exploit chains.
• A new ransomware named ‘Cheers’ has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers.
• Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma. The fact that it’s offered for sale also means that any malicious actor can purchase the builder and develop their own ransomware strains, turning it into a potent threat.
• A security researcher claims to have discovered an unpatched vulnerability in PayPal’s money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click.
• HP Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.
• Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

Cybersecurity Blog Posts

• Avinash Desireddy, Sr. Solutions Architect at Mirantis told about 3 key elements to protect a Kubernetes cluster.
• Tony Hadfield, Director Solutions Architect at Venafi told about recovering from a cybersecurity earthquake: the lessons organizations must learn.
• Microsoft Security Response Center specialist Andrew Paverd and independent researcher Avinash Sudhodanan studied 75 popular services and found vulnerabilities on 35 of them. Bugs allow hacking accounts even before they are registered.

Research and analytics

• Group-IB unveils its guide to the evolution of threat number one “Ransomware Uncovered 2021/2022”. The findings of the second edition of the report indicate that the ransomware empire kept its winning streak going with the average ransom demand growing by 45% to reach $247,000 in 2021.
• Worldwide, 60% of organizations say they are struggling to recruit cybersecurity talent, while 52% struggle to retain qualified people, according to a new report by Fortinet. The report is based on a survey of 1,223 IT and cybersecurity decision-makers across the globe.
• Zerto sponsored a recent study by IDC and found that 79% of those surveyed activated a disaster response, 83% experienced data corruption from an attack, and nearly 60% experienced unrecoverable data.
• New research from the Ponemon Institute reveals that nearly 60% of organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months. Email was revealed as the riskiest channel for data loss in organizations, as stated by 65% of IT security practitioners. This was closely followed by cloud file-sharing services (62%) and instant messaging platforms (57%).
• A case of software supply chain attack has been observed in the Rust programming languages create registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm Sentinel One dubbed the attack “Crate Depression”.
• 46% of IT, security, and cybersecurity leaders say they still store passwords in shared office documents. That’s despite an overwhelming 93% of respondents that require password management training, with 63% holding training more than once per year, according to a survey conducted by Pulse on behalf of Hitachi ID.
• Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months (Q1 2022 to Q1 2021), according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.

Major Cyber Incidents

• Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems. The attack has caused severe operational disruption of government services, as thousands of workstations have allegedly been locked by the threat actor.
• Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings.
• US car manufacturer GM disclosed that it was the victim of a credential stuffing attack that exposed some customers’ information and allowed hackers to redeem rewards points for gift cards.
• The Japanese-based media company Nikkey is focused on the business and financial industry disclosed a security breach, ransomware infected one of its servers at a Singapore branch. Nikkei reported the attack to Japanese and Singaporean authorities and is investigating the extent of the attack.
• The Chicago Public Schools has suffered a massive data breach that exposed the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack.