A week in security (May 31 - June 6)

A week in security (May 31 – June 6)

Last week on Malwarebytes Labs, we looked at an interesting trend in facial recognition technology—hint: it’s a slow fade, the latest ransomware attacks on JBS and Steamship Authority, Cobalt Strike, a Coronavirus phishing campaign, WhatsApp’s decision to not limit app functionalities for non-compliant users after all, and a cyber threat report compiled by the National Crime Agency (NCA) in the UK.

We also analyzed Kimsuky, the APT that continues to attack the South Korean government, and the NSIS crypter along with its evolution.

Lastly, we recognized the cybersecurity challenges in SMBs and were in awe after the US Attorney’s office decided to investigate ransomware attacks the same way as terrorist attacks.

Other cybersecurity news

  • A phishing campaign launched off of the back of the recent ransomware attack against Colonial Pipeline weeks ago. The email, purporting to originate from a company’s “Help Desk”, is encouraging recipients to download a “ransomware system update” that’d prevent the company from getting attacked by ransomware. (Source: Inky)
  • Organizers of the Tokyo Olympics found themselves on the receiving end of a data breach. (Source: The Japan Times)
  • Fujifilm fell victim to a ransomware attack. (Source: InfoSecurity Magazine)
  • Those returning to the office were welcomed by—drumroll, please—phishing emails! (Source: Avanan)
  • According to researchers, a new ransomware variant called Epsilon Red is said to be hunting for unpatched Microsoft Exchange servers to exploit. (Source: Computing)
  • The UK government faced a backlash and legal challenge over its plan to share health service data with a third-party as part of its digitization effort. (Source: Computing)
  • A threat report from Thales revealed that, although the pandemic has transformed how we do work, cybersecurity is sadly not keeping up. (Source: TechRepublic)
  • Mustang Panda, a Chinese espionage campaign, is gaining access to official Southeast Asian government websites via a novel Windows backdoor. (Source: The Record)
  • JBS, the world’s largest meat supplier, is back to normal operations after a ransomware attack. (Source: Bleeping Computer)

Stay safe, everyone!