The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Data breach, CactusPete, FoxKitten, Phishing, Smaug, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Canada Suffers Cyberattack Used to Steal COVID-19 Relief Payments
(published: August 16, 2020)
Canadian government portal “GCKey” used to provide access to services, has been the victim of an attack. GCKey provides the public with access to immigration, tax, pension and benefits. Out of 12 million accounts, 9,041 appear to have been breached in a credential stuffing attack. The affected accounts were cancelled by the government.Recommendation: Never use the same password and username combination, as this can be used in credential stuffing attacks. If you have concerns about your GCKey account, change the password immediately.MITRE ATT&CK: [MITRE ATT&CK] Credential Dumping - T1003Tags: Canada, COVID-19, Credential Stuffing, Government sites
US Intelligence Exposes Russian Drovodub Malware
(published: August 13, 2020)
The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory disclosing the details of the Russian “Drovorub” malware. Drovorub is a Linux malware toolset that uses an implant coupled with a kernel module rootkit, a port for ..
Support the originator by clicking the read the rest link below.
