The Geopolitical and Cybersecurity Weekly Brief is now part of the subscription package of intelligence services provided by Cyjax and our partners A2 Global Risk. In order to get access to the full report, please contact [email protected] or visit our explanatory service page here.
Attacks against vulnerable on-premise Microsoft Exchange servers continued apace this week. At least ten threat groups are now participating in attacks, including some targeting the servers with a new ransomware variant dubbed DearCry. Exactly how multiple APTs became aware of the zero-day vulnerabilities is unclear. However, with attacks reported against tens of thousands of servers, including those belonging to Norway’s Storting and the European Banking Authority (EBA), patching remains a top priority.
In the Americas, a supreme court judge in Brazil annulled corruption convictions against former leftist president Luiz Inácio Lula da Silva, paving the way for a potential future presidential bid. In the US, the House of Representatives voted to approve President Joe Biden’s USD1.9tn coronavirus relief package. In California, security firm Verkada is probing a hack of approximately 150,000 of its security cameras worldwide.
Significant vulnerabilities were reported in F5 BIG-IP and BIG-IQ devices, prompting the US Cybersecurity & Infrastructure Security Agency (CISA) to issue an emergency alert. Successful exploitation could allow an attacker to remotely take control of a vulnerable device. Organisations should anticipate the targeting of the vulnerabilities as soon as a full proof-of-concept (PoC) exploit becomes available.
In Asia, tensions are elevated in Malaysia following a ruling that allows Christians to use the term ‘Allah’. Police in China arrested some 40 people in relation to alleged production and sales of counterfeit luxury bags, highlighting the intellectual property rights threat.
In Europe, an EU report stated that Germany is the main target of Russian disinformation in the EU. Ukraine warned that renewed fighting against pro-Russia separatists was undermining a ceasefire in the east of the country. The Russian government accused US-based social media firm Facebook of breaching citizens’ rights by blocking some news content.
Disruptive ransomware attacks continued to affect numerous targets worldwide. Cyjax observed at least 18 major incidents this week, including attacks on French hospitals, Spain’s public employment service (SEPE), and multiple universities in the US and UK. Ryuk was involved in several attacks.
In the Middle East, Ankara signalled efforts to restart diplomatic relations with Egypt. Meanwhile, a dispute between Morocco and Germany is set to be tempered following efforts by the Spanish government to instigate a UN-brokered solution.
In Sub-Saharan Africa, the US has targeted Islamic State affiliates in the DRC and Mozambique with sanctions. In Mauritania, former president Mohamed Ould Abdel Aziz and several allies are facing a number of corruption charges, raising risks to corporates.