TL; DR: Unstoppable REvil and the arrest of a cybercriminal (41st week)

Europe is preparing a new regulation. This time for domain registration. REvil is behind most of ransomware attacks, but Pacific City Bank was attacked by AvosLocker ransomware. However, there are also good news – Security Service of Ukraine arrested another cybercriminal.

Odd practices in Apple

Apple has again silently fixed a zero-day vulnerability with the release of iOS 15.0.2 update. A security researcher, who reported the flaw seven months before the update was released, was not credited and two other vulnerabilities reported by him have been still unpatched. Several ethical hackers have also expressed complaints about having similar experiences when reporting vulnerabilities to Apple.

New regulation for domain registration

The European Commission is drafting legislation to ban anonymous domain registration across the European continent. After passing the law, registrars of domains will be required to collect and validate registrants’ name, address, e-mail and a telephone number.

Arrests in Ukraine

Security Service of Ukraine successfully arrested a cybercriminal who rented a botnet as a service. The botnet, composed of 100,000 devices, was designed for spam campaigns, brute-force attacks and reconnaissance in web-based attacks. The botnet was advertised on closed forums and in Telegram chats. Security Service revealed the attacker through his account on electronic platform Webmoney, which the attacker used for payments and where he registered with his real address.

REvil dominance in cyberattacks

McAfee enterprise reported in its October 2021 Advanced Threat Research Report that REvil had been accounted for 73% of all detected ransomware attacks in the second quarter of 2021. The most targeted sector by ransomware was the government, followed by telecommunications, energy, media, industry and education.

Bank data leaked

Pacific City Bank, the Korean-American community banking service provider in America, has become a target of a ransomware attack claimed by AvosLocker. The investigation revealed that some sensitive data had leaked including loan application forms, tax return documents, information on client firms, payroll records of client firms, full names, addresses, social security numbers of customers, and wage and tax details. The bank offered one year of free credit monitoring and identity theft protection services through Equifax to the victims.

Scam through legitimate instruments

Sophos research has shown that cybercriminals using the Apple Developer Enterprise program and Apple Corporate Signature program though dating apps like Tinder, Bumble, Grindr and Facebook dating have successfully stolen $1.4 million from victims in the EU and the US. The scam was executed through fraudulent crypto apps disguised as legitimate services (e.g. Binance) that enabled to gain a remote control of the victim’s device.


  • Google announced the creation of its Cybersecurity Action Team to support the security and digital transformation of a government sector, critical infrastructure and enterprises, including small business.
  • Microsoft was able to mitigate one of the largest DDoS attacks ever recorded that peaked at 2.4 Tbps.
  • The UK University in Sunderland has become a target of a cyberattack that has shut down all IT systems, including telephones, website, e-mails and online classes.
  • Dutch police warned users of the illegal platform that if they continue cyber offenses after a “final warning”, the police will prosecute them.
  • The Hillel Yaffe Medical Centre in Israel has been targeted by a ransomware attack. The situation has been resolved by switching to alternative systems with the patients’ information currently entered by hand.
  • A Japanese vendor Olympus, mainly focusing on medical technologies, has again, after two months, become a target of a cyberattack and was forced to suspend affected IT systems in the Americas.

« Späť na zoznam