Blog

Cymulate’s March 2021 Cyberattacks Wrap-up Threat actors were busy during March 2021, breaching major companies such as SITA, a global IT company supporting 90% of the world’s airlines. In this case, the PII belonging to airline passengers was stolen, including their names, card numbers, and status level. In the Netherlands, the stolen personal data of an estimated 7.3 million residents were offered online for sale. The data was stolen from RDC, a company that provides car garages with IT.

  February 2021 remained active by threat actors, launching cyberattacks and new malware strains. We saw that organizations working on COVID-19 vaccines remained popular targets. During the month, threat actors attacked an Oxford University lab, which is researching and producing COVID-19 vaccines. They were able to gain access to its internal systems, including machines used to prepare biochemical samples. In addition to Oxford University, due to the COVID-19 pandemic, overworked hospitals.

*This blog has been updated as of February 21,2021 with relevant content. A Watering Hole attack is a method in which the attacker seeks to compromise a specific group of end users either by creating new sites that would attract them or by infecting existing websites that members of that group are known to visit. The attacks have been adopted by criminals, APT groups and nation states alike and we see the amounts rising. The goal is to swipe username and password combinations hoping the victim.

 In January 2021, cybercrime kept thriving, also exploiting the current COVID-19 pandemic for personal gain with hackers leaking stolen Pfizer COVID-19 vaccine data online.   Stolen Data from Pfizer/BioNTech Servers The threat actors breached the European Medicines Agency (EMA) and stole part of its Pfizer/BioNTech COVID-19 vaccine data from its servers. The stolen data included email screenshots, EMA peer review comments, Word documents, PDFs, and PowerPoint presentations. Some of the stolen.

Threat actors were active as ever during December 2020, ending an already difficult year with a major ramification. TA542 Back with a Vengence  Let’s start with the threat group TA542 (aka Mummy Spider, ATK 104, and Mealybug) that came back after a month and a half break. The group relaunched its Emotet botnet, delivering documents with malicious macros that once enabled, connected to seven malicious domains to download the Emotet payload. Some of the victims included Lithuania's National.

Threat actors keep stepping up their game in November 2020 PyXie (aka GOLDEN DUPONT) PyXie has conducted successful ransomware campaigns since 2018, counts healthcare, educational, government, and technology organizations and companies among its favorite targets. In its attacks, the group used the Vatet loader which was created by combining and altering the original application of various open-source tools, turning into a highly-effective attack tool. The loader executes payloads such as Cobalt.

During October 2020, there were some major developments in cybercrime, with ransomware groups stepping up their game and new malware strategies being used. In this monthly wrap-up, we will have a closer look at threat actors Egregor and Trickbot, malware GravityRAT, MosaicRegressor, and IPStorm. Egregor Posts Stolen Data Ransomware groups stepped up their game. The Egregor ransomware group started posting stolen data belonging to Barnes & Noble customers on its dark web domain when the US.

In September 2020, cybercrime caused the death of an innocent victim. A patient suffering from a life-threatening illness had to be turned away from a hospital in the city of Düsseldorf since the systems had been blocked due to a ransomware attack. This forced the ambulance transporting her, to drive to a hospital in the nearby city of Wuppertal. The patient died on the way. The threat actors breached the hospital using a hole in Citrix software. Hospitals remain a popular target, even in.

August 2020 was a hot month, with cybercrime heating up as well. Ransomware attacks became more sophisticated, more incidents of cyber espionage were reported, and there were some major data breaches. The month started with the notorious ransomware group Maze stealing 10TB of data from Canon during a ransomware attack. On August 12, cybercrooks posed as Ritz employees to obtain an unknown amount of personal data of guests in London’s The Ritz, including credit card information. Around the.

July 2020 might have been hot, and COVID-19 is still rampant, but that did not stop or slow down cybercriminals, on the contrary. Here is a rundown of their activity.  Hancitor and Emotet were used in several campaigns. Hanticor is a notorious downloader spreading through malicious attachments to download data-stealing malware such as Pony and Vawtrak. For the first time, Hanticor used a new three-pronged delivery approach: The use of the uncommon, native Windows CallWindowProc API. Piggyback.