SAN MATEO, CA, June 27, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- Log4Shell vulnerability continues to be exploited
- 40 organizations compromised by Conti ransomware in one month
- Chinese hackers cover espionage with ransomware attacks
- Hackers steal $100 million in crypto
- President Biden signs cyber bills into law
- Microsoft reports increased Russian cyber espionage
- Microsoft Exchange servers hacked by ToddyCat gang
- US bank breach affects 1.5 million
- Phishing campaign carries Cobalt Strike
- Cyberattack in Israel results in false rocket warning sirens
Log4Shell vulnerability continues to be exploited
CISA has issued a warning with regard to last year’s Log4Shell exploit and its continued use among cybercriminals. CISA is recommending to organizations that have continued to use unpatched VMware servers to consider them hacked and immediately initiate incident response procedures. When Log4Shell was discovered last December, it immediately triggered a wave of state-sponsored hacking and ransomware attacks. Read more.
40 organizations compromised by Conti ransomware in one month
Ransomware gang Conti, which seems to be partially dismantled after its official endorsement of Russia’s war against Ukraine resulted in leaked internal documents revealing the group’s inner workings, remains active. The group has compromised 40 firms just within the last month, signaling that Conti remains an effective and prolific cybercrime organization in spite of the leak. Read more.
Chinese hackers cover espionage with ransomware attacks
Chinese hacking groups are deploying ransomware attacks in an effort to hide their cyber espionage operations, according to threat analysts at Secureworks. The campaigns see sensitive information stolen from targeted organizations with ransomware being used to obscure the intentions of the hackers and potentially cover their tracks. Read more.
Hackers steal $100 million in crypto
Blockchain Harmony has reported that its Harmony bridge, used to move coins between different blockchains, has been hacked. The criminals have made off with around $100 million in crypto, further reinforcing the notion that bridges are a weak security link in the cryptocurrency ecosystem. Read more.
President Biden signs cyber bills into law
President Biden has signed into law two bills aimed at bolstering cybersecurity measures across federal, state and local government organizations. The bills, both bipartisan, contain language that will allow cybersecurity professionals to gain experience by rotating through various federal agencies and strengthen the lines of communication between federal and local cybersecurity offices. Read more.
Microsoft reports increased Russian cyber espionage
Microsoft has reported that instances of Russian cyber espionage carried out against the US and its allies has been on the rise. The efforts, according to the report, have a 29% success rate with regard to penetrating a target. Of those successfully hacked targets, about 25% have their data stolen. Read more.
Microsoft Exchange servers hacked by ToddyCat gang
For over a year, a new APT gang called ToddyCat has been targeting Microsoft Exchange servers in Europe and Asia. ToddyCat prefers high profile victims such as military and government organizations. While the gang’s targets and behavior imply a link to other Chinese-backed gangs, researchers are not currently sure where ToddyCat is based. Read more.
US bank breach affects 1.5 million
Flagstar Bank has reported that it experienced a data breach in December of 2021. The bank was scant on details, revealing little about the nature of the exposure and what personal information may have been illegally accessed. Illegal use of the breached data has not been seen, according to a statement from the bank. Affected customers are being offered free credit monitoring services. Read more.
Phishing campaign carries Cobalt Strike
A new phishing campaign has been discovered that is injecting devices with Matanbuchus malware, dropping Cobalt Strike beacons onto compromised hardware. The campaign uses emails that appear as though they are responses to previous conversations and include “Re:” in the subject line. The emails contain a ZIP folder containing malicious code. Read more.
Cyberattack in Israel results in false rocket warning sirens
Initially believed to be a system malfunction, the Israel National Cyber Directorate (INCD) has reported that false rocket warning sirens were the result of a cyberattack. Unconfirmed reports imply that the attack is of Iranian origin. Israel has been preparing and bolstering its defenses to prevent Iran from continuing to antagonize their infrastructure. Read more.