week in security

A week in security (May 10 – 16)

Last week on Malwarebytes Labs, we watched and reported on the Colonial Pipeline ransomware attack as developments of its story unfolded. This attack triggered the White House to refine a planned Executive Order on cybersecurity. We also profiled DarkSide, the ransomware responsible for the Colonial Pipeline attack, and the criminal gang behind it.

Speaking of ransomware, we spoke with Jake Bernstein, a cybersecurity and privacy attorney and our guest in the latest Lock and Code podcast episode, to talk about the legal ramifications ransomware-turned-data-breach victims may face when they have been successfully attacked.

We also highlighted “wormable” Windows vulnerabilities on last week’s Patch Tuesday updates; touched on FragAttack, a term used to describe newly found Wi-Fi vulnerabilities that basically affects all Wi-Fi devices; addressed the question “Why MITRE ATT&CK matters”; warned about Avaddon, a new ransomware campaign; raged about WhatsApp call and message features breaking unless you share data with Facebook; applauded game developers who included cybersecurity as part of the whole gaming experience, and went “ooh!” at a novel way someone can exfiltrate data out of air-gapped networks using iPhones and AirTags.

Our expert threat hunters also noted the increase in iPhone spam attacks and observed Magecart Group 12 continuing to go strong and using a PHP-based skimmer as a new tool.

Lastly, we talked about Wi-Fi and honeypots.

Other cybersecurity news

  • The group behind the Colonial Pipeline attack claimed to be behind the Toshiba attack and data breach. (Source: Kyodo)
  • DarkSide also netted Benntag, a chemical distribution company, and got paid for it—to the tune of $4.4M USD. (Source: BleepingComputer)
  • Imposter Amazon robocalls are reaching 150 million consumers per month, according to YouMail. (Source: PR Newswire)
  • Threat actors take advantage of routine site maintenance to get people to download malformed copies of MSI Afterburn from fake website. (Source: MSI News)
  • According to a report from Immersive Labs, 81 percent of software developers have knowingly released applications that are vulnerable. (Source: Immersive Labs)
  • Panda, a new information stealer, could nab account credentials of NordVPN, Telegram, Discord, and Steam users. It also goes after cryptocurrency wallets. (Source: The Coin Radar)
  • A report on TeaBot, an new Android malware targeting European banks, was released. (Source: Cleafy)
  • Users are at risk as they continue to use Windows 7, which has already reached its end of life. (Source: Security Brief)

Stay safe!