QuoIntelligence’s Weekly Intelligence Snapshot for the week of 15 April – 22 April 2020 is now available!
CYBER
Current Threat
Industries impacted: Health Care, Government
Cybersecurity and Infrastructure Security Agency (CISA) released an advisory that threat actors are using stolen credentials from previous successful exploitation of the Pulse Connect Secure VPN vulnerability (CVE-2019-11510) to regain access even after the targeted organization applied a patch.
Incident
Industries impacted: Information Technology
IT consultancy firm Cognizant is the latest organization compromised with Maze ransomware, which they confirm in their statement on 18 April. Interestingly, researchers at BleepingComputer claim Maze operators denied being responsible for the attack, even though Cognizant made the attribution after observing known Maze Indicators of Compromise (IOC) on their network.
Rollups
- Researcher Publicly Disclosed Four Zero-Day Vulnerabilities and PoCs in IBM’s Enterprise Security Software
- Winnti Group Reportedly Successfully Targeted Siemens in 2016
- Threat Actor PLEAD Targets a Taiwanese Academic Institution with the BiFrost Backdoor
- Czech Cyber Security Office Warns Over Cyberattacks Targeting Medical Facilities
- Print-Preview in Fidor Bank’s Online Banking Exposed Bank Transfer Data
GEOPOLITICS
Several countries have announced first cautious measures to ease COVID-19 related restrictions in the coming weeks. However, the reliance on online services, including remote working technologies and to access government-provided resources and information, will remain high. Thus, cyber actors are likely to continue viewing them as valuable targets for attacks. Additionally, the introduction of more technical measures to counter the pandemic, such as the use of tracking and tracing apps, creates additional data privacy and cybersecurity concerns and likely to further increase the attack landscape.
Rollups
- US Government Entities Release Joint Report on North Korean Cyberactivity
