Data breaches happen, but it is possible to set measures to prevent them. Aiming for a perfect data security posture can sometimes feel like shooting at a moving target, and can be especially difficult when the target is always changing. In our latest security digest, we cover morphic malware attacking vaccine makers, cybercrime justice as over a thousand individuals are arrested around the world, everyone’s favorite build-it-yourself furniture store, IKEA, suffering a harsh email reply-chain cyber attack, and wrap up by unboxing how open storage buckets can be used against you.
“Shape-shifting” Malware Targets Biomanufacturers:
- Researchers warn against a mysterious malware that transforms its parts and behavioral responses. The malware appears at first to be a ransomware attack but later shows to be far more sophisticated, researchers have found. “The attacks are a warning to vaccine manufacturers that threat actors are becoming more focused on their efforts to cripple critical business sectors, which biomanufacturing has indeed become during the COVID-19 pandemic,” security professionals said. Read more at ThreatPost.
1,000+ Individuals Arrested in Global Cybercrime-Fighting Operation:
- Law enforcement agents across 20 countries have arrested over 1,000 people for numerous cyber-based financial crimes, including investment fraud, business email compromise (BEC) attacks, money laundering, and illegal internet gambling. “The arrests took place over a four-month period between June and September 2021; they were part of an Interpol-coordinated operation code-named HAECHI-II that was designed to curb online financial crimes.” Read more at DarkReading.
IKEA Falls Victim to Email Reply-Chain Attack:
- On Friday, retail giant Ikea warned employees of an ongoing reply-chain email phishing cyberattack targeting internal mailboxes by malspamming replies to stolen email threads. A reply-chain email attack is when threat actors steal legitimate corporate email and then reply to them with links to malicious documents that install malware on recipients’ devices. “There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organizations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA,” explained an internal email sent to IKEA employees. Read more at BleepingComputer.
Open Storage Buckets as Potential Breach Threats
- Data Security Experts predict that the longstanding SQL injection problem “will be overtaken by users planting data on open storage buckets like AWS S3 and Azure Data Blob.” Expert Karen Lopez suggests that what’s going to “rapidly approach and replace that as [a top] data protection issue is going to be people who store my data in an open bucket, say an S3 bucket or an Azure Data Blob somewhere and it’s not protected.” Read more at Virtualization.
Owl fun and facts:
In a victory for the northern spotted owl, the Biden administration has struck down a Trump-era plan that would have removed more than 3.4m acres of critical habitat for the imperiled bird and opened the old-growth forests where it lives to logging. Read more at The Guardian.
About:
TSD began as an internal newsletter created by our security team that would be circulated to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or follow us on twitter @cyralinc if you have any questions, concerns, tips or anything else!