SERVICES RESOURCES COMPANY
CYBERSECURITY TESTING VIRTUAL CISO MANAGED DETECTION AND RESPONSE MANAGED SECURITY AWARENESS
NEWS & REPORTS
ABOUT US TECHNOLOGY PARTNERS PARTNER WITH US CAREERS CONTACT US

Cyber Threat Report | January 2022

TAGS

</Reports </ Cybersecurity

Highlights


Looking back at the past January, there have been various global cybersecurity threats.

In this news report, we'll share intelligence and insights about:

  • The Log4Shell vulnerability - is it still a major security threat?
  • Is there a rise in cyberattacks within the fintech sector?
  • How organizations should protect their data against breaches?
  • How Europol saved 100 businesses from ransomware attacks?

Log4Shell - the Log4j vulnerability that still poses a serious threat in 2022


About the Log4Shell vulnerability

Log4Shell (or CVE-2021-44228) is a vulnerability that could potentially allow third-party users remote access to your LDAP and JNDI.

By submitting arbitrary Java codes, they could perform various malicious activities - even leaking out your sensitive information.

Three reasons why this is a serious threat in 2022

  • This vulnerability that affects logging libraries used by millions of computers worldwide;
  • It's easy to exploit - research points that every minute, hundreds of cyber attackers take advantage of it;
  • The vulnerability has been characterized by U.S. Cybersecurity & Infrastructure Security Agency (CISA) as a most serious threat.

Log4Shell Cyberattacks in January 2022

At the beginning of the month, the UK National Health Service (NHS) detected an unknown threat to their VMWare Horizon servers. 

Somebody was trying to hack them with the Log4Shell vulnerability; this was the second attack on the NHS's VMWare products (with this vulnerability) in the past 2 months.

Hackers (said to be part of Charming Kitten or the Iranian APT35) are also exploiting the Log4Shell vulnerability. 

They are using 'The Charm Power' - a PowerShell-based modular backdoor - to create an infection chain by exploiting users’ JNDI. 

 

Cyberattacks and the Fintech Sector


Unfortunately, the beginning of 2022 continued the very worrying, rising trend of cybercriminals targeting cryptocurrency platforms.

Just the last week of January saw:

  • a major cyberattack on Crypto.com, resulting in the trading platform losing $34 million;
  • $80 million worth of cryptocurrency being stolen from the decentralized finance platform, Qubit Finance.

A Chainalysis report, published in January, confirmed that in 2021, criminals had laundered $8.6 billion of cryptocurrency.

That's a 30% rise in comparison with the previous year!

And even more specifically - in North Korea, the sum of digital assets stolen by hackers amounted to almost $400m in cryptocurrencies.

Beware: BHUNT - a new crypto-malware that can steal from your digital wallet and extract both your saved passwords and clipboard notes. 

 

Data Breach in the Red Cross


Cybercriminals have gained access to sensitive information of over 515 000 people by hacking into the network of an external company, that stores the Red Cross's data.

Currently, Red Cross spokespeople are pleading with the hackers not to share the information they've gained access to - as it is part of the "Restoring Family Links" program, which aims to reunite families separated by conflict, migration, or disaster.

With cyber hackers becoming more and more sophisticated in their breaches, how can you protect your company data?

  • Have full security reviews of your third-party integrations on a regular basis 
  • Understand your employee's activities and how they share company data
  • Educate your team about how they should access this data

And now, we’d like to end our January 2022 report with some good news.

 

Europol, leading an international team of law enforcement agencies, shut down VPNLab


VPNLAb hosted various ransomware attackers and cybercriminals, helping them to anonymize their connections.

On the 17th of January, the operation seized the VPNLAb servers and rendered them inactive.

As a result of this, more than 100 businesses have been notified and protected against imminent cyberattacks.

AMATAS will continue to monitor this space and deliver salient information regularly. Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.

As always – be vigilant, stay alert, think twice.

 

Ralitsa Kosturska in AMATAS