Updated: Mar 11
Read this week's Cyber Weekly Digest to stay up to date on the latest cyber security news including why Toyota has halted a third of its production and how the Conti ransomware's source code was leaked. Keep reading to find out about the biggest cyber news from across the globe.
A cyber attack hit one of Toyota’s parts suppliers, causing the company to shut down about a third of the company’s global production this week. Production has been halted in 14 plants, meaning the company’s output will shrink by around 13,000 cars. Toyota does not yet know how long the plants will be shut for. Reuters reported that within hours of Japan having joined Western allies in blocking some Russian banks from accessing the SWIFT international payment system and committing to giving Ukraine $100 million in emergency aid, the Toyota supplier was hit by “some kind of cyber attack”.
This week a Ukrainian researcher released information relating to the Conti ransomware gang, leaking internal conversations, as well as the source for their ransomware, administrative panels, and more. The researcher first leaked 60,000 internal conversations on Sunday and continued to leak information throughout the week, with conversations up until 27th February this year. Most notably, the leak included a password-protected archive containing the source code for the Conti ransomware encryptor, decryptor, and builder. It did not take long for another researcher to crack to password, allowing everyone access to the source code for the Conti ransomware malware files. While this is good for security research, it could lead to other threat actors to launch their own criminal operations using the leaked source code.
Researchers have found the TeaBot banking trojan known as Anasta on the Google Play Store. The malware is designed to intercept SMS messages and login credentials. TeaBot was first discovered last year and has been masking as QR code scanners or PDF readers. So far this year an app called QR Code Reader distributed 17 different TeaBot variants in just over a month with 100,000 downloads by the time it was discovered.
Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyber attacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes. Microsoft noted that the cyber attacks involved a new malware package named FoxBlade, and can be used to carry out distributed denial of service (DDoS) attacks.
More than 71,000 employee credentials were stolen and leaked online following a data breach suffered by US chipmaker giant NVIDIA. Have I Been Pwned said the stolen data contains "email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.". The data extortion group Lapsus$ claimed responsibility for the attack after providing details on the incident and claimed to have stolen 1TB of data from NVIDIA’s network.