QuoIntelligence’s Weekly Intelligence Snapshot for the week of 12 – 19 May is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Cyber

Current Threat
Industry impacted: Energy, Financials, Materials

• Over the last week, QuoIntelligence observed multiple attack activities involving ransomware groups and the resulting implications. The spotlight remains on the DarkSide ransomware operators following their cyberattack against the US-based Colonial Pipeline and two newly confirmed targets. Aside from DarkSide, multiple organizations confirmed new incidents and new tactics by ransomware operators were observed.

Rollups
Industry impacted: Financials

• MSBuild Used By Threat Actors to Deliver RATs Filelessly
• Exploit Released for Wormable Windows HTTP Vulnerability
• Magecart: New Skimmers Observed in Recent Campaigns

Geopolitics

Industry impacted: Information Technology

• Following the Colonial Pipeline ransomware attack, the US has released an Executive Order (EO) to strengthen critical infrastructure cybersecurity. The order requires a zero-trust model among government agencies, that will foster information sharing between the government and private sector, and sets stricter security standards for software and hardware sold to the government, among other measures. The EO will likely impact the information security landscape not only in the government but also in the private sector, as technology providers will have to comply with a whole new set of requirements, and standards and security labels could also extend to the private sector.

Rollups
Industry impacted: Energy, Government, Information Technology

• Pentagon Removes Chinese Tech Company Xiaomi From Blacklist After Legal Challenge
• Impact of the Israel-Gaza Conflict on Organizations
• US to Waive Sanctions Against German Company Leading Nord Stream 2
• Russian Government Approves List of “Unfriendly Countries”