Trend Micro Incorporated : This Week in Security News - November 12, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about the prolific cybermercenaries, Void Balaur, and their recent attacks. Also, read on the 80-country agreement to mobilize safeguards against cyberattacks.

Read on:

Void Balaur and the Rise of the Cybermercenary Industry

One of the most prolific cybermercenaries is Void Balaur, a Russian-speaking threat actor group that has launched attacks against different sectors and industries all over the world. Although Void Balaur offers a wide range of services, the group's bread and butter is cyberespionage and information theft, selling highly sensitive information on individuals in underground forums and websites such as Probiv.

US Joins International Paris Call for Trust and Security in Cyberspace

The United States has joined an 80-country agreement that condemns reckless behavior in cyberspace and seeks to mobilize resources to secure the software supply chain Vice President Kamala Harris announced. The Paris Call for Trust and Security in Cyberspace includes a series of principles like defending elections from cyberattacks, protecting intellectual property from theft, and condemning the use of hacking tools by non-state actors.

Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT

In October 2021, Trend Micro observed threat actors targeting poorly configured servers with exposed Docker REST APIs by spinning up containers from images that execute malicious scripts. This blog explores how these scripts work.

Cybersecurity Firm Uncovers Defense Hacking of Defense in "Spy" Campaign

Foreign hackers are suspected of compromising organizations in the technology, defense, healthcare, energy and education industries in the U.S. and other countries, cybersecurity firm Palo Alto Networks said late Sunday. The National Security Agency contributed to Palo Alto Networks' report amid ongoing efforts to crack down on hackers who've been trying to steal critical data from targets including U.S. defense contractors which first reported the breach.

November Continues Streak of Quiet Patch Tuesdays

November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November (less than half of the vulnerabilities in November last year). Of these 55, four were submitted via the Zero Day Initiative (ZDI).

12 New Flaws Used in Ransomware Attacks in Q3

A dozen new vulnerabilities were used in ransomware attacks this quarter, bringing the total number of bugs associated with ransomware to 278. That's a 4.5 percent increase over Q2, according to researchers. Five of these new vulnerabilities can be used to achieve remote code execution (RCE), while two can be used to exploit web apps and launched denial-of service (DoS) attacks.

Discovering the Exploitable Security Gaps in Remote Work Spaces

Unprotected smart devices that populate home offices are seen as low-hanging fruit by cybercriminals. These machines can be compromised and used in criminal campaigns or leveraged to gain deeper access to home networks.

FBI Warns of Iranian Hackers Looking to Buy US Orgs' Stolen Data

According to the FBI, the threat actor will likely use the leaked data (e.g., emails and network info) bought from clear and dark web sources to breach the systems of related organizations. The FBI says that US organizations that had data stolen and leaked online before should expect to be targeted in future attacks coordinated by this unnamed Iranian threat actor.

TeamTNT Upgrades Arsenal Refines Focus on Kubernetes and GPU Environments

Using a new batch of campaign samples, Trend Micro takes a look at TeamTNT's more recent cybercrime contributions and compare them with its previous deployments to demonstrate the group's use of upgraded tools and payloads.

Robinhood Data Breach Impacts Seven Million Users

American financial services company Robinhood Markets, Inc. has suffered a data breach that affects seven million customers. An unauthorized party stole the data of more than seven million Robinhood customers. Robinhood believes "the attack has been contained, and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident."

What do you find most shocking from the findings on Void Balaur? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.