Cyber Bites

Google's Threat Analysis Group (TAG) has new initial access broker that it alleges is closely affiliated to a Russian cyber-crime gang infamous for its Conti and Diavol ransomware operations. The financially motivated threat actor, dubbed Exotic Lily, has been detected exploiting a recently patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444). The exploit is part of phishing campaigns involving 5000 business proposal-themed emails every day to 650 targeted, global organisations. "Initial access brokers...

In the wake of the Ukraine-Russia conflict, cyber-criminals have begun to impersonate legitimate aid organisations in order to steal financial donations intended for the Ukrainian people. The discovery comes from new research by managed detection and response provider, Expel. The company's security operations centre (SOC) analysed attack vectors and incident trends for its February Attack Vectors Threat Report, finding several phishing emails referencing the invasion of Ukraine to target cryptocurrency. Subjects lines of malicious emails included "Help...

A relatively new Ransomware, LokiLocker, uses the standard extortion-through-encryption racket but also incorporates disk-wiper functionality. Double extortion soared in popularity last year, with ransomware gangs stealing files before encrypting them to threaten victims with a sensitive data leak if they didn't pay up. BlackBerry Threat Intelligence is warning that LokiLock, first seen in August 2021, now features an "optional wiper functionality" to put increased pressure on victims. Instead of using the threat of leaking a...

New research suggests that mobile applications boasting tens of millions of downloads are leaking sensitive user data due to the misconfiguration of back-end cloud databases, according to Check Point. Check Point's three-month study began with a simple query on VirusTotal for mobile apps listed on the malware scanning service that communicates with the Firebase cloud database. Using this method, the vendor discovered 2113 mobile apps that had their Firebase back-end exposed due to misconfigurations. The vendor...

The Rehab Group, one of the State’s largest disability services provider, been hit with a cyber-attack. The organisation notified the Data Protection Commissioner (DPC) that some of its systems have been compromised. The group informed the Data Protection Commissioner (DPC) that some of its systems have been compromised by malware. In a statement, the group said: “We have convened our serious incident management team and are working with cyber security experts to resolve this issue. The...

The German BSI has warned against the use of Kaspersky antivirus security products as the company is headquartered in Russia. The BSI suggested moving away from any Kaspersky product to another vendor, as the company may be forced to carry out offensive cyber operations by the Russian state. The BBC translated the BSI announcement: "A Russian IT manufacturer can carry out offensive operations itself, be forced against its will to attack target systems, or be...

A cyber attack on South Denver Cardiology Associates (SDCA) may have exposed the protected healthcare information (PHI) of thousands of cardiac patients. The healthcare provider issued a notice to its patients, disclosing that its network had been breached in January 2022. The perpetrator(s) are as yet unknown, gaining access to files containing information on 287,652 patients during the attack. SDCA said: “On January 4 2022, we identified unusual activity within our computer network. We immediately initiated our...

Security researchers have discovered the fourth destructive malware variant targeting Ukrainian machines so far this year. ESET claimed to have made the find yesterday, noting that the “CaddyWiper” malware was seen on a few dozen systems in a “limited number” of organizations. The malware erases user data and partitions information from attached drives. It also doesn't share any code similarities with previous variants discovered by ESET, namely  HermeticWiper and IsaacWiper. Beyond this, the code is not...

Businesses in Asean have placed cybersecurity squarely on the agenda, with business leaders discussing plans to plug existing gaps and adopt next-generation capabilities. This focus has been prompted by 94% of organisations in the region reporting a climb in cyberattacks last year, with 24% seeing at least 50% increase in disruptive attacks. 92% of Asean businesses believe that cybersecurity is a priority for their business leaders, according to a survey by Palo Alto Networks. The...

A new report Accenture suggests that cyber-criminals have split into pro-Ukraine and pro-Russia factions, with the latter focusing on western critical national infrastructure (CNI). The consulting giant's Accenture Cyber Threat Intelligence (ACTI) arm has warned that the recent ideological split could mean increased risk for Western organizations, as pro-Kremlin groups morph into quasi-activists. Government, media, finance, insurance, utilities and resources organizations should prepare for more attacks, said ACTI. “This targeted intent has led some actors...