TL; DR Young talent competition and cheap malware (39th week)

October is the month of cyber security; a new ransomware has been found; and today, malware is sold very cheaply. 

In addition, a former member of the REvil group is arguing with his former colleagues for money and young cybersecurity talents were competing in Prague.

Cybersecurity month has started

As every year, also this October is a cybersecurity month. The European Cybersecurity Month is a campaign that promotes cybersecurity among EU citizens as well as companies and organisations. It is ensured through sharing of useful information, awareness raising and through various activities across Member States. This year’s themes are “Cyber first aid” and “Be cyber-secure at home”.

Young talents were competing

The European Cyber Security Challenge competition was held in Prague from 28 September to 1 October. This is a key activity of ENISA. It aims to support cybersecurity talents across Europe. 17 teams participated in this year’s competition. Slovakia was represented by the Cyber Security Competence and Certification Centre as the co-organizer, this year in the role of an observer.

Very cheap malware

Security researchers from Kaspersky have spotted a new malware dubbed BloodyStealer that is available for sale as a service on dark web. The malware that is partly targeting players allows to harvest, among other things, bank cards and passwords from web browsers as well as to steal accounts for multiple gaming platforms including Bethesda, Steam, Epic Games, GOG Galaxy, Origin. The malware is offered for $10 for a 1-month subscription or $40 for a lifetime subscription.

New ransomware on the horizon

Security researchers from ZeroFox Threat Intelligence discovered a new ransomware Colossus. Ransomware affecting Microsoft Windows operating systems already has a support website for setting up communications with victims and shares a similar ransom note structure to EpsilonRed, BlackCocaine and REvil ransomwares. Colossus has the first known victim, an automotive group based in the United States.

Apple again vulnerable

A new zero-day vulnerability has been discovered in Apple Airtags products that allow to find missing wallet, keys or other personnel items. It will allow the cybercriminal to notify the owner about finding the item, redirect them to a malicious phishing page and steal their credentials to iCloud.

Cyber tournament

Terranova Security Corporation, in collaboration with Microsoft, organises the “Gone with phishing tournament”. The tournament held in October 2021 allows companies to test their employees for free in their ability to detect phishing in a real-world simulation, and finally provides employers with statistics.

No more phone calls

Covisian, Europe’s largest call centre provider, has become a target of the Conti ransomware attack. The attack froze its IT systems and crippled call centres of the Spanish and Latin American GSS division, which was forced to switch to Google-based systems as an alternative. According to the company’s statement, the cyberattack of 18 September did not affect its servers or databases.


  • A threat actor and a former affiliate of the REvil ransomware group, known under the pseudonym Signature, complained at the cybercrime forum that he had entered into arbitration dispute with REvil who refused to pay a proper share of the ransom for executing one cyberattack.
  • On 30 September 2021, the IdentTrust DST Root CA X3 certificate, issued by Let’s Encrypt, expired. It could have affected particularly older and not updated devices.
  • The Australian Competition and Consumer Commission received over 3,000 reports on cryptoscams of various types from the start of the year 2021 that totalled losses of AU$53.2 million.
  • Under the supervision of the Prosecutor General’s Office, the Security Service of Ukraine in Lviv has successfully taken down a network of six illegal call centres. Fraudsters by phone offered foreign investors opportunities to invest money in stocks and cryptocurrencies in order to gain money from them.  
  • The US port, the Port of Houston was hit by a cyberattack allegedly conducted by a “nation-state actor”. According to the Port officials, they successfully defended against the attack and no data and systems were impacted.



« Späť na zoznam