In this week’s Cyber Weekly Digest we dive into the wave of DDoS attacks hitting the Ukrainian military and banks as well as the latest Google Chrome zero-day vulnerability patched. Keep reading to stay up to date on the biggest cyber security stories from the week.
The Ministry of Defense and the Armed Forces of Ukraine and two of the country's state-owned banks, Privatbank (Ukraine's largest bank) and Oschadbank (the State Savings Bank) have been targeted by a wave of Distributed Denial of Service (DDoS) attacks this week. Although the impact was limited, the attacks came hours after the Security Service of Ukraine acknowledged a massive wave of “hybrid warfare”, including 120 cyberattacks against government authorities, and a fake news botnet of more than 18,000 social-media accounts. Although the attacks have not been attributed, the activity comes at the same time Russia mobilizes more than 100,000 troops at Ukraine’s northeast border, so has been causing speculation.
The NFL's San Francisco 49ers team is recovering from a cyber attack by the BlackByte ransomware gang who claims to have stolen data from the American football organisation. The BlackByte group claimed responsibility for the attack on Sunday, just as the NFL Super Bowl 2022 was getting started, by beginning to leak files that they claim are stolen files. The leaked data is a 292MB archive of files that the threat actors say are stolen 2020 invoices from the 49ers' network.
Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that’s actively exploited by attackers in the wild. Google described the weakness, tracked as CVE-2022-0609, as a use-after-free vulnerability in Chrome’s Animation component. This marks Google’s first zero-day vulnerability of 2022. The update also patched four other high-severity use-after-free flaws found in Chrome’s Webstore API, File Manager, ANGLE and GPU.
Security researchers warn that some attackers are compromising Microsoft Teams accounts to slip into chats and spread malicious executables to participants in the conversation. Researchers noted that the attacks started in January in which the threat actor inserts in a chat an executable file called “User Centric” to trick the user into running it. Once executed, the malware writes data into the system registry installs DLLs and establishes persistence on the Windows machine. The method used to gain access to Teams accounts remains unclear but some possibilities include stealing credentials through phishing techniques.
Japanese sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after being hit by ransomware. Customers began to notice the outage last Tuesday when the corporate phone systems no longer worked, and the website began displaying a banner warning of order delays. Mizuno have yet to publish a statement on the attack or the outages, it also unknown which ransomware group is behind the attack.