Cyber Weekly Digest - Week #9

Updated: Mar 5, 2021

In this week's cyber digest, we dive into another malware found to run on Apple's M1 called Silver Sparrow and the ransomware attack on the Dutch Research Council in which internal data was leaked. Keep reading to find out about more cyber security stories from across the globe.

1. Researchers have found a new macOS malware named Silver Sparrow.

The new malware has infected almost 30,000 Mac devices across 153 countries. However, what is most interesting about Silver Sparrow is that information about its purpose and how the malware was distributed is limited, leaving it a mystery to researchers. Unlike most macOS adware which uses 'preinstall' and 'postinstall' scripts to execute commands or install further malware, Silver Sparrow utilizes JavaScript to execute its commands. The use of JavaScript produces different telemetry making it harder to detect malicious activity. In addition, the malware also comes with support for infecting macOS systems running on Apple's latest M1 chip architecture; the second malware found to run on M1.

2. Ukrainian government reports a cyber attack on its government document management system.

The Ukrainian government suffered a cyberattack this week, which officials believe resulted from Russian hackers hoping to "contaminate" information in the government document management system. Ukrainian officials said the attackers uploaded documents on its document portal, which contained macro scripts. If users downloaded any of these documents and allowed the scripts to execute, the macros would secretly download malware to let the hackers take control of a victim's computer. It was also reported that Russian hackers launched DDoS attacks last week that targeted the websites of the Security Service of Ukraine, the National Security and Defence Council of Ukraine, and resources of other state institutions and strategic enterprises.

3. Major Finnish IT provider TietoEVRY suffered a ransomware attack.

The attack forced the company to turn off some services and infrastructure as a preventative measure while it recovers. It does not appear that any critical or personal data has been accessed or stolen by the attackers. It is unknown which ransomware group was behind the attack. However, after recent attacks, ransomware gangs are targeting more IT providers because the attackers can use remote a