top of page
Kathleen Maxted

Cyber Weekly Digest - Week #9

Updated: Mar 5, 2021


In this week's cyber digest, we dive into another malware found to run on Apple's M1 called Silver Sparrow and the ransomware attack on the Dutch Research Council in which internal data was leaked. Keep reading to find out about more cyber security stories from across the globe.


The new malware has infected almost 30,000 Mac devices across 153 countries. However, what is most interesting about Silver Sparrow is that information about its purpose and how the malware was distributed is limited, leaving it a mystery to researchers. Unlike most macOS adware which uses 'preinstall' and 'postinstall' scripts to execute commands or install further malware, Silver Sparrow utilizes JavaScript to execute its commands. The use of JavaScript produces different telemetry making it harder to detect malicious activity. In addition, the malware also comes with support for infecting macOS systems running on Apple's latest M1 chip architecture; the second malware found to run on M1.


The Ukrainian government suffered a cyberattack this week, which officials believe resulted from Russian hackers hoping to "contaminate" information in the government document management system. Ukrainian officials said the attackers uploaded documents on its document portal, which contained macro scripts. If users downloaded any of these documents and allowed the scripts to execute, the macros would secretly download malware to let the hackers take control of a victim's computer. It was also reported that Russian hackers launched DDoS attacks last week that targeted the websites of the Security Service of Ukraine, the National Security and Defence Council of Ukraine, and resources of other state institutions and strategic enterprises.


The attack forced the company to turn off some services and infrastructure as a preventative measure while it recovers. It does not appear that any critical or personal data has been accessed or stolen by the attackers. It is unknown which ransomware group was behind the attack. However, after recent attacks, ransomware gangs are targeting more IT providers because the attackers can use remote access software and support applications to spread the ransomware to their clients.


Another ransomware this week hit the Dutch Research Council in which some internal data was leaked. The attacker responsible was DoppelPaymer, who published proof of the attack on their data leak site in the hopes to pressure the council into paying the ransom demand. The ganger later leaked a dozen stolen files and stated they were still open to negotiations. The council is currently working on restoring the network, and operations are expected to resume in a few weeks.

Millions of test results and personally identifiable information for an entire geographic region's population were found exposed by a teenaged ethical hacker. They spotted the leak after seeing the contents of a text message sent to a COVID-19 test taker. The issue now appears to be remediated, and the URL endpoints previously leaking the COVID-19 reports now return a 404 "not found" message.


15 views0 comments

Comments


bottom of page