Cyber Weekly Digest - Week #49
Updated: Dec 11, 2020
It is the first week of December, and although 2020 is almost over, criminals are continuing to make the year difficult. In this week's digest, we will discuss how cyber criminals are trying to impact the covid-19 vaccine supply chain as the vaccine begins to be transported to the UK. For all the latest cyber security stories, keep reading.
This week it was announced that the UK would be able to start rolling out the vaccine by the end of the year and there is no surprise that cyber criminals have begun targeting the vaccine supply chain. Researchers have hinted that the sophistication of the methods taken by attackers indicate the identity of the attackers could be nation-state attackers. The main target of the attack was organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance.
A 22-year-old from North Carolina has been jailed this week for eight years for conducting bomb threats against thousands of schools in the US and United Kingdom and running a service that launched distributed denial-of-service (DDoS) attacks. The hacker is known online under aliases including "WantedbyFeds" and "Hacker_R_US". It was revealed that the attacker was a key member of the Apophis Squad who sent bomb threats to over 2,400 schools and launched DDoS attacks against countless Web sites.
Researchers have discovered that publicly available Docker Hub container images contain at least one critical flaw. It was discovered after all four million images hosted at Docker Hub were scanned, in total 51% of the images scanned contained critical vulnerabilities with 6000 rated as potentially harmful or malicious.
The latest victim of Egregor ransomware is TransLink, which meant ticketing and payment services were disrupted. The attack took place on December 1st, which Translink initially stated was a prolonged technical issue before the real reason behind the problems was revealed. The attackers sent the ransom note via the agencies printers, something which Egregor has been seen using recently. It is believed that TransLink has restored access to payment facilities, and the attack did not affect any of its transit routes.
Researchers have uncovered a campaign conducted by Shadow Academy threat actors targeting universities in the USA, UK, Australia, and Afghanistan since July this year. Among the attacks, 63% of universities were targeted with general access and student portal access, 37% targeted with library-themed attacks and 11% hit with attacks around financial aid. The first attack identified affected LSU who suffered a student portal domain shadowing attack. Domain shadowing intercepts account traffic flowing to existing, registered, and otherwise trustworthy web domains. First, threat actors steal domain account credentials, they then register unauthorised subdomains to point traffic to malicious servers or, in this case, create phishing pages.