• Kathleen Maxted

Cyber Weekly Digest - Week #8

Updated: Feb 26


This week in cyber security is another filled with attacks on high-profile companies. In this week's digest we look into the attack on Kia Motors America and the new malicious adware application specifically targeting Apple’s new M1 SoC . Keep reading to find out about some of the biggest cyber security stories this week.


1. Several video calling apps left vulnerable to snooping after a vulnerability was found in Agora.io's Software Development Kit.


Agora is used by several apps such as eHarmony, Plenty of Fish and MeetMe. The McAfee Advanced Threat Research Team found the vulnerability. Attackers could have used the flaw to launch man-in-the-middle attacks to intercept communication between two parties. Researchers said, "Agora's SDK implementation did not allow applications to securely configure the setup of video/audio encryption, thereby leaving a potential for hackers to snoop on them," however, there is no evidence that the vulnerability has been exploited in the wild.


2. Sandworm, the Russian-linked threat actor, is behind a three-year operation that hacked targets by exploiting the I.T. monitoring tool Centreon.


Sandword is an elite Russian-sponsored cyberespionage group active for at least two decades. The intrusion campaign breached "several French entities" and is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web hosting providers. However, Centreon says that none of its customers were affected by the attacks. The affected organizations used an obsolete and free version of its software released in 2014, which has been unsupported for five years.

3. Kia Motors America suffers a ransomware attack by the DoppelPaymer group with a $20 million ransom demand.


This week Kia had a nationwide I.T. outrage that has affected their mobile UVO Link apps, phone services, payment systems, owner's portal, and internal sites used by dealerships. It was later revealed this was the result of a ransomware attack after a ransom note was found. The attackers state that they attacked Hyundai Motor America, Kia's parent company. However, Hyundai does not appear to be heavily affected by this attack. To prevent the leak of the data and receive a decryptor, DoppelPaymer is demanding 404 bitcoins worth approximately $20 million. If a ransom is not paid within a specific time frame, the amount increases to 600 bitcoins, or $30 million.

4. The U.S. indicts three North Korean hackers in the theft of $200 million.


The attackers are accused of conducting some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017. The attacker's activities involved extortion, phishing, direct attacks on financial institutions and ATM networks. Prosecutors say the hackers were part of an effort to circumvent ongoing international financial sanctions against the North Korean regime. The group is thought to be responsible for the attempted theft of approximately $1.2 billion, however unclear how much of that was stolen.


5. One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered.


Three months after Apple launched its new M1 system-on-a-chip, criminals have developed the first malicious macOS application targeting the mobile giant's first in-house silicon. The recently uncovered malicious application is called GoSearch22. The application executes Pirrit, a type of adware that installs itself as a malicious Safari extension once launched. It creates a proxy server on infected Mac computers and injects ads into webpages. Apple has since revoked the certificate for the malicious application.


10 views