In this week’s Cyber Weekly Digest we dive into a cyber attack affecting a UK ready meal manufacturer, disrupting their daily business operations, and a new banking malware targeting Spanish financial services company BBVA. Keep reading to stay up to date on the biggest cyber security news across the globe.
The Black Basta ransomware has about 50 victims worldwide since it emerged 2 months ago. The workflow of the Ransomware is to collect data, intercept credentials, lateral movement, download and then execute payloads. Black Basta exploits Qakbot to gain access to devices and then moves laterally from one device to another collecting information from them. The actors behind Black Basta have also developed a Linux variant designed to strike VMware ESXi virtual machines.
Wilshire Farm Foods, a ready-meal manufacturer which supplies thousands of people across the West including several hospitals, has been hit by a cyber security incident. It said its computer systems have been affected, causing problems with deliveries but claim no credit card details have been stolen. Due to their systems not working, the company has said that they will be unable to make most deliveries over the next few days. It is not yet known which threat actors are behind the attack.
The PwnKit vulnerability was identified and added by The Cybersecurity and Infrastructure Security Agency (CISA) to their list of bugs exploited in the wild. The CISA has identified the exploit as high severity. Identified as CVE-2021-4034, the flaw was found in the PolKit’s pkexec component used by all major Linux distributions. The PwnKit exploit is a memory corruption bug that unprivileged users can exploit to gain full root privileges on Linux systems with default configurations. Researchers noted that the exploit privilege escalation bug is possible without leaving traces on the compromised system.
A new Banking malware named “Revive” is phishing users by impersonating a 2FA app on mobile devices. Researchers noted that the malware is targeting users of the Spanish financial services company BBVA. The malware firstly phishes credentials by intercepting POST, the fake application then demands a 2FA code over SMS for the user to access their bank, and then the credentials and 2FA codes are logged. This gives the threat actors access to the victim’s banking credentials. The malware is coded similarly to Teardroid Spyware that is publicly available on GitHub, they share similarities in API, web framework, and functions. However, Revive uses a custom control panel to collect credentials and intercept SMS messages.
OpenSea, the largest NFT marketplace, disclosed a data breach on Wednesday and warned users of phishing attacks that could target them in the coming days. The company’s head of security stated that an employee of Customer.io, the platform's email delivery vendor, downloaded email addresses belonging to OpenSea users and newsletter subscribers. Since then, the information has been shared with an unauthorised third party. As the personal information shared includes email addresses, OpenSea has warned users that they might be targeted in phishing emails.