Read this week’s Cyber Weekly Digest to stay up to date on the latest cyber security news from around the world. This week we dive into the latest wave of cyber attacks targeting Ukraine and how attackers stole $1.7 million worth of NFTs from OpenSea Marketplace users. Keep reading to find out about the biggest cyber security stories across the globe.
Researchers have found a new data wiping malware used in attacks against Ukrainian networks just as Russia moves troops into regions of Ukraine. Symantec shared the hash of the new data-wiper on Twitter, which is currently being detected by only 16/70 security engines on Virus Total. This data-wiper is the second one used against Ukrainian networks in the last two months. These attacks follow another wave of DDoS attacks on Ukrainian government agencies and state-owned banks on Wednesday. While the attacks have not been attributed to Russia, data wipers have been a tool used by Russian state-sponsored threat actors in the past.
Threat actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a phishing attack against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. The attackers the same email from OpenSea notifying users about the upgrade, with the copycat email redirecting the victims to a lookalike webpage, prompting them to sign a seemingly legitimate transaction.
Seattle-based logistics and freight forwarding company, Expeditors International, was targeted in a cyber attack over the weekend that forced the organisation to shut down most of its operations worldwide. Expeditors published a press release on Sunday night stating that a cyber attack forced them to shut down most of its operations global to maintain the safety of their overall global systems environment and will continue to be offline until systems can be securely restored. Although Expeditors did not mention the nature of the incident, they were likely hit by ransomware.
Researchers have discovered a new malware called Xenomorph distributed through Google Play Store which has infected more than 50,000 Android devices to steal banking information. Banking trojans like Xenomorph aim to steal sensitive financial information, take over accounts, perform unauthorised transactions, and operators then sell the stolen data to interested buyers. Researchers sighted the malware hiding in a Google Play application called “Fast Cleaner”.
The Cuba ransomware operation is exploiting Microsoft Exchange vulnerabilities to gain initial access to corporate networks and encrypt devices. Cuba is a ransomware operation which launched in 2019 and has breached over 49 critical infrastructure organisations in the US. Researchers have discovered the Cuba ransomware leveraging Microsoft Exchange vulnerabilities to deploy web shells, remote access trojans, and backdoors such as Cobalt Strike. The Microsoft Exchange vulnerabilities used include ProxyShell and ProxyLogon.