Cybersecurity Digest #24: 26/04/2021 – 14/05/2021

Cybersecurity News

  • Babuk ransomware readies ‘shut down’ post, plans to open source malware. After just a few months of activity, the operators of Babuk ransomware briefly posted a short message about their intention to quit the extortion business after having achieved their goal. Unlike other gangs that chose to release decryption keys or even return the collected ransoms, Babuk’s final gesture is to pass the torch to others.
  • Google has announced the release of Chrome 90.0.4430.212 for Windows, macOS and Linux. The new update contains patches for 19 vulnerabilities, 15 fixes were contributed by external researchers.
  • Pradeo team has come across an advanced mobile attack campaign that uses a phishing technique to steal victims’ credit card details and infects them with a malware that impersonates the Android Google Chrome app. The malware uses victims’ devices as a vector to send thousands of phishing SMS. Pradeo’s researchers qualified it as a Smishing trojan.
  • Microsoft has released an open-source tool called Counterfit that helps developers test the security of artificial intelligence (AI) systems. Microsoft has published the Counterfit project on GitHub and points out that a previous study it conducted found most organizations lack the tools to address adversarial machine learning.
  • The team behind Exploit, a major cybercrime forum used by ransomware gangs to hire affiliates and advertise their Ransomware-as-a-Service (RaaS) services, has announced that ransomware ads are now banned and will be removed.
  • Newly discovered Wi-Fi security vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) are impacting all Wi-Fi devices, including computers, smartphones, and smart devices, going back as far as 1997. Three of these bugs are Wi-Fi 802.11 standard design flaws in the frame aggregation and frame fragmentation functionalities affecting most devices, while others are programing mistakes in Wi-Fi products.

Cybersecurity Blog Posts

Research and analytics

  • Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. BadAlloc – memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks.
  • The 2021 Cybersecurity Career Pursuers Study performed by (ISC)² provides insights on how to successfully staff up a balanced and diverse cybersecurity team with a broad range of skills. Too many organizations have unrealistic expectations for the positions they are trying to fill. They either overload job descriptions with too many responsibilities or set unrealistic experience requirements for entry-level and even mid-career jobs.
  • Check Point’s 2021 Cyber Security Report reveals extent of global cyber pandemic and shows how hackers and criminals exploited COVID-19 pandemic in 2020 to target all business sectors and highlights the key tactics used, from cloud exploits to phishing and ransomware.
  • According to Apple official website, Apple protected users from more than $1.5 billion in potentially fraudulent transactions in 2020 in total.
  • According to new data from app analytics firm Flurry, only 4% of iPhone users in the United States have opted into app tracking since Apple released App Tracking Transparency as part of iOS 14.5. That number goes up a little when considering international users – 11% of users worldwide have allowed apps to track them.
  • Splunk has published Threat Hunter Intelligence Report for May 2021. In this month’s issue, they took a look at some of the most prevalent types of malware, covered tips for data protecting and highlighted a few other threats and threat actors you should know about.
  • Through surveying hundreds of respondents, the Synack Signals in Security Report 2021 documents the impact of the pandemic on cybersecurity professionals and their organizations. only measures of security return-on-investment (ROI) and the team’s budgetary discipline increased in priority in 2021. Of respondents, 18% answered that the security team’s ability to stay within budget had become the most significant yardstick by which security performance is measured, while 16% stated that the ROI on security investment is the most important.
  • CISA released Analysis Reports on New FiveHands Ransomware to provide analysis of the threat actor’s tactics, techniques, and procedures as well as indicators of compromise (IOCs). These reports also provide CISA’s recommended mitigations for strengthening networks to protect against, detect, and respond to potential FiveHands ransomware attacks.

Major Cyber Incidents

  • A gang of hackers that stole over 250 gigabytes of data from the Metropolitan Police in the US capital has published 22 documents with officers’ personal details and said it will release passwords if a ransom wasn’t paid.
  • Colonial Pipeline, which accounts for 45% of the East Coast’s USA fuel, experienced a ransomware attack which forced the company to temporarily close down its operations and freeze IT systems to isolate the infection. While pipelines are now back in business, it will be days before normal service resumes — and the issues surrounding supply have already caused panic buying across some cities in the United States.
  • Hackers gain access to the personal data of thousands of Glovo customers. A breach in the access to Glovo’s platform would have allowed a hacker to gain access to the personal data of customers and employees. The number of accounts affected is still unknown.
  • Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. the Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA’s Asian operations.
  • Brazil’s Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack that encrypted employee’s files and forced the courts to shut down their network. Soon after the attack started, the official TJRS Twitter account warned employees not to log in to the TJ network’s systems locally or via remote access.
  • Toshiba Tec Corp, which makes products such as bar code printers and is valued at $ 2.3 billion, was hacked by DarkSide – the group widely believed to be behind the recent Colonial Pipeline attack, its French subsidiary said.