Cybersecurity Digest #61: 17/10/2022 – 31/10/2022

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • CYFIRMA Research team has seen an uptick in threat actor orchestrated cyber campaigns aimed at stealing confidential and sensitive information. Infostealers like “Prynt” are used to exfiltrate information as the first step leading into orchestration of sophisticated attacks which may include deployment of ransomwares.
  • In the first half of 2022, the total attack count and average attack size increased by 75.6% compared to the second half of 2021, according to a new Nexusguard study published in the DDoS Statistical Report for 1HY 2022.
  • Sonatype, a DevOps security firm, said it had discovered 97,334 malicious libraries in several programming ecosystems in 2022. That number has increased from about 12,000 last year, accounting for almost 633% of incidents during the calendar year, the company said in a report on the state of the software supply chain.
  • CloudSphere has published the results of its EOL Management and Risk for IT Assets study, which shows how confident people are about which end-of-life (EOL) applications or those close to EOL pose a significant risk to business.
  • The threat intelligence group PAN Unit42 has published a report on Ransom Cartel, a group of data extortionists that appeared in December 2021 and which, according to researchers, may be a cover for the old group of ransomware REvil.
  • According to a new Trend Micro report, after a short break, the Black Basta group resumed the spread of the QAKBOT malware. In the detected campaign, attackers distribute QAKBOT via SmokeLoader, Remote and malicious spam, and then deploy the Brute Ratel framework as a second-stage payload.
  • Security researchers from SafeBreach Labs have discovered a new PowerShell backdoor that was able to bypass dozens of malware scanners used by VirusTotal. The secrecy of the tool makes its status “completely undetectable”. Researchers believe it was used to detect about 100 victims.
  • 96% of open source Java downloads with known cybersecurity vulnerabilities could have been avoided because a better version was available, but it was not used. The annual State of the software supply chain report from Sonatype revealed a massive surge in open source supply, demand, and malicious attacks in addition to outdated open source downloads, which led to exploitation of vulnerabilities.
  • According to a study of employees, senior managers and business leaders, as well as information security directors conducted by Encore, half of employees may quit after a cyber attack and only a third said they would stay. At the same time, a significant number of business leaders either cannot be open about their employees, or potentially even hide security gaps.
  • CheckPoint’s latest brand phishing report for the third quarter of 2022 shows the brands that criminals most often imitated in their attempts to steal personal information or payment data of individuals in July, August and September. DHL took the first place in the third quarter, accounting for 22% of all phishing attempts worldwide.

Major Cyber Incidents