TL;DR

TL;DR: Google changes rules and new ransomware groups (Week 17)

A new ransomware group Black Basta has emerged, a new cybercrime group Onyx is mixing ransomware with vipers, Google has changed the terms for Android app developers, and a (un)clever cybercriminal has successfully stolen a million in cryptocurrencies.

An attack on a wind turbine manufacturer

German wind turbine manufacturing company Deutsche Windtechnik was the target of an unspecified cyberattack on the night between 11th and 12th April. The company responded to the attack by inspecting its facilities, isolating the compromised infrastructure and declaring that the turbines in operation were neither damaged nor compromised. This is the second attack in a short period of time on German wind turbine suppliers, following the attack on Nordex.

New ransomware group

During April, a new ransomware group was discovered, going by the name of Black Basta. It mainly uses double blackmail, i.e. it has decryption keys and threatens to sell/disclose stolen data if the victim does not pay. Based on the rapid increase in the number of victims and the effectiveness of its bargaining, it can be assumed that this is a group that has a lot of experience, or it is an older group that has renamed itself.

Statistics of open databases from 2021

Security researchers Group-IB have published that they have uncovered 308,000 open databases with different types of data in 2021. By database type, the largest number of open databases were Redis (37.5%), MangoDB (30.9%), and Elastic (29.3%). By geolocation, the largest number of open databases was in the USA (93,685), China (54,764), Germany (11,177) and France (9,723).

New Google Play Store rules

Google has released new rules for data collection by apps in the Google Play Store. Developers will now have to transparently disclose what kinds of data they collect and what kinds of data they share with partners. If they fail to disclose this data, or fail to correct it when prompted, the app will be removed from the Play Store.

Study of phishing attacks

Security researchers Zscaler have published a study on phishing attacks for the year 2021. Among other things, the study shows a 29% increase in the number of phishing attacks detected and also reports that the number of phishing attacks targeting retail and wholesale has increased by 436%.

SHORTCUT

  • The U.S. State Department is offering a $10 million reward for information leading to the identification or location of six members of the APT Sandworm group attributed to the Russian GRU,
  • MalwareHunterTeam security researchers have released information on the new Onyx ransomware group. All data over 200 MB will be destroyed by their ransomware, which means that it will not be recoverable even after the decryption keys are obtained,
  • telecommunications company T-Mobile has confirmed that LAPSUS$ cybercriminals had access to its systems. The company said the attackers did not obtain anything of value, nor any government or user data,
  • ransomware group Stormous disclosed that it had successfully stolen 161 GB of Coca-Cola’s data, which it is offering for sale for 1.6467 BTC (approximately EUR 62,000). The authenticity of the stolen data is under investigation,
  • an unknown cybercriminal has successfully stolen 1 million dollars in the cryptocurrency YEED. It is unclear whether he accidentally or on purpose subsequently triggered the self-destruct function, which led to the money being made inaccessible,
  • Austin Peay State University in Tennessee USA was the target of a ransomware attack. The attack was successfully isolated and university operations were restored.

« Späť na zoznam
Current threats
all publications
Links