Cryptocurrency risks, Russian cyberattacks, and North Korean ransomware make headlines this week. Here are the latest cybersecurity threats and advisories for the week of July 21, 2022.

Threat Advisories and Alerts

Cybercriminals Defraud US Investors with Fake Cryptocurrency Apps

Mobile banking’s growing popularity has incited cybercriminals to create fraudulent cryptocurrency apps. Thus far, the FBI has identified 244 victims who’ve been defrauded of $42.7 million. The fraudsters dupe investors by masquerading as legitimate financial institutions, copying their names, logos and websites as part of the ruse. To prevent further harm, the FBI recommends that financial institutions warn their customers about the incidents and for investors to be cautious about downloading apps, especially when their legitimacy is in question.

Source: https://www.ic3.gov/Media/News/2022/220718.pdf

CISA Establishes Post Quantum Cryptology Initiative

CISA has started a Post Quantum Cryptology Initiative to address the threats of quantum computing. This emerging technology poses an increased risk to some encryption methods that are commonly used to complete business transactions, protect customer data and secure communications. NIST and DHS have created a Post-Quantum Cryptography Roadmap to help organizations transition to post-quantum cryptography.

Source: https://www.cisa.gov/news/2022/07/06/cisa-announces-post-quantum-cryptography-initiative

UK Organizations Face an Extended Period of Heightened Cyberthreat

The NCSC has asked UK organizations to amp up their cyber defenses in light of Russia’s invasion of Ukraine. Since the beginning of the invasion, significant cyber activity has been observed in Ukraine as has a Russian cyberattack on a global communications company. Though UK organizations have yet to see an increase in cybercrime, the NCSC recommends they stay vigilant. The UK government body has published a guide on how to Maintain a sustainable strengthened cyber security posture during this heightened period of cyberthreat.

Source: https://www.ncsc.gov.uk/blog-post/preparing-the-long-haul-the-cyber-threat-from-russia

Emerging Threats and Research

US Government Seizes $500K from North Korean Cybercriminals

North Korean Maui ransomware attacks have plagued US healthcare organizations for over a year. As part of an aggressive operation to claw back money for victims, the US Justice Department has recovered a half million dollars from the North Korean state-sponsored cybercriminals. These fund recoveries are only possible when ransomware victims speak up. To encourage this behavior, President Joe Biden recently passed a law that makes reporting ransomware payments compulsory for certain critical infrastructure firms.

Source: https://edition.cnn.com/2022/07/19/politics/justice-department-north-korea-hackers-ransomware/index.html

North Korea H0lyGh0st Group Targets SMBs

The North Korean cybercriminal organization H0lyGh0st is targeting small and medium size businesses, such as banks, schools, manufacturing organizations and event and meeting planning companies. The group’s ransomware attacks can be identified by the file extension .h0lyenc and their name on the ransom notes. While the amounts requested are small—1.2 to 5 bitcoins, or up to $100,000— no known ransom payments have been confirmed.

Source: https://thehackernews.com/2022/07/north-korean-hackers-targeting-small.html

Russian Threat Actors Deploy Malware under the Guise of Dropbox and Google Drive

Russian state-sponsored cybercriminals are using Google Drive and Dropbox to deploy malicious tools and malware. The threat group, known as APT29, use the trusted online storage services to evade detection. Between May and June 2022, the bad actors targeted Western diplomatic missions. Victims include foreign embassies in Portugal and Brazil.

Source: https://thehackernews.com/2022/07/russian-hackers-using-dropbox-and.html

Magecart Supply Chain Attacks Hit Hundreds of Restaurants

Security researchers have uncovered two separate Magecart campaigns which targeted online ordering platforms to exfiltrate card details from at least 311 US restaurants. Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information in a maneuver known as a supply chain attack. The discovered attacks, targeting MenuDrive, Harbortouch and InTouchPOS affected around 560 restaurants and e-commerce websites

Source: https://www.infosecurity-magazine.com/news/magecart-supply-chain-attacks/

Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!

Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible. These vulnerabilities affect the code included with each affected product. Systems are still affected even if they do not have any third-party apps installed, Atlassian noted in an advisory.

Source: https://www.helpnetsecurity.com/2022/07/21/atlassian-confluence-jira-bitbucket-critical/

Walmart-controlled flight booking service suffers substantial data leak

Cleartrip, an Indian flight booking website majority-owned by US retail colossus Walmart has experienced a data breach but is saying very little about what happened or the risks to customers. However, Indian media reports that Cleartrip data has been put up for sale on the dark web.

Source: https://www.theregister.com/2022/07/19/cleartrip_data_leak/

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News  board.