Last week on Malwarebytes Labs, we looked at an interesting trend in facial recognition technology—hint: it’s a slow fade, the latest ransomware attacks on JBS and Steamship Authority, Cobalt Strike, a Coronavirus phishing campaign, WhatsApp’s decision to not limit app functionalities for non-compliant users after all, and a cyber threat report compiled by the National Crime Agency (NCA) in the UK.

We also analyzed Kimsuky, the APT that continues to attack the South Korean government, and the NSIS crypter along with its evolution.

Lastly, we recognized the cybersecurity challenges in SMBs and were in awe after the US Attorney’s office decided to investigate ransomware attacks the same way as terrorist attacks.

Other cybersecurity news

• A phishing campaign launched off of the back of the recent ransomware attack against Colonial Pipeline weeks ago. The email, purporting to originate from a company’s “Help Desk”, is encouraging recipients to download a “ransomware system update” that’d prevent the company from getting attacked by ransomware. (Source: Inky)
• Organizers of the Tokyo Olympics found themselves on the receiving end of a data breach. (Source: The Japan Times)
• Fujifilm fell victim to a ransomware attack. (Source: InfoSecurity Magazine)
• Those returning to the office were welcomed by—drumroll, please—phishing emails! (Source: Avanan)
• According to researchers, a new ransomware variant called Epsilon Red is said to be hunting for unpatched Microsoft Exchange servers to exploit. (Source: Computing)
• The UK government faced a backlash and legal challenge over its plan to share health service data with a third-party as part of its digitization effort. (Source: Computing)
• A threat report from Thales revealed that, although the pandemic has transformed how we do work, cybersecurity is sadly not keeping up. (Source: TechRepublic)
• Mustang Panda, a Chinese espionage campaign, is gaining access to official Southeast Asian government websites via a novel Windows backdoor. (Source: The Record)
• JBS, the world’s largest meat supplier, is back to normal operations after a ransomware attack. (Source: Bleeping Computer)

Stay safe, everyone!

June 1, 2021 - Cobalt Strike is a pen-testing tool that often ends up in the hands of cybercriminals. Are we providing them with the tools to attack us?

March 22, 2021 - PRODAFT researchers have uncovered a sophisticated cyber-espionage group with links to SolarWinds and EvilCorps.

December 24, 2020 - In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market.

December 15, 2020 - The Egregror ransomware is quickly making a name for itself by victimizing big corporations. How does it work and what is its background?

December 9, 2020 - Ryuk ransomware is infecting US hospitals. But how? And why?