2nd October – Threat Intelligence Report

/in


For the latest discoveries in cyber research for the week of 2nd October, please download our Threat_Intelligence Bulletin.

TOP ATTACKS AND BREACHES

  • Check Point researchers have detected a phishing campaign exploiting popular file-sharing program Dropbox. The threat actors use legitimate Dropbox pages to send official email messages to the victims, which will then redirect the recipients to credential stealing pages.
  • Japanese entertainment giant Sony, as well as major Japanese telecom provider NTT Docomo have been the victims of ransomware attacks during the past week. The ‘ransomed.vc’ threat group has assumed responsibility for both attacks and has demanded millions of dollars in ransom from the two companies. The group threatens to sell or leak data exfiltrated in the breaches if its demands are not met.
  • American conglomerate Johnson Controls has been hit by ransomware. Ransomware group Dark Angels is demanding $51M from the company in ransom and claims to have exfiltrated more than 25TB of data during the attack. The American Department of Homeland Security is reportedly investigating whether information regarding its facilities had been leaked in the attack, as Johnson Controls is a contractor for the department’s buildings.
  • Hong Kong cryptocurrency exchange firm Mixin has disclosed that $200M have been stolen in a breach of its network. According to the firm’s statement, the threat actors have gained access by attacking a database belonging to the company’s cloud provider in order to conduct the theft.
  • Russian flight booking vendor Leonardo’s services have been disrupted by a distributed-denial-of-service attack. As a result, multiple Russian airline companies, including the state-owned Aeroflot, were unable to process booking requests. Ukrainian hacktivist collective ‘IT Army of Ukraine’ has claimed responsibility for the attack.
  • Kuwait’s Ministry of Finance has acknowledged that its network had been breached in a cyber-attack. The ministry claims that financial data of its employees was not impacted in the attack. Ransomware group Rhysida has assumed responsibility and demands $400,000 in ransom.

Check Point Harmony Endpoint and Threat Emulation…

Source…