A highly destructive malware campaign targeting Ukrainian organizations is in its fourth wave since the start of the year. Researchers believe CaddyWiper is directly tied to the Russian invasion of Ukraine. In other cybersecurity news, four of the largest banks in Australia have banded together to fight against cybercrime.
Android trojans see overwhelming rise in downloads
Over the past few months, researchers have been monitoring a growing number of trojanized apps on the Google Play store, some of which have been downloaded over 500,000 times. It is believed that many of the apps have been published by the same malicious actors and typically disguise themselves as investment apps or other services like navigation and WhatsApp. The investing apps require users to create a login and connect a financial account to quickly begin transferring money for investments, though the money is just being sent to the criminal’s account.
CaddyWiper targets Ukrainian organizations
A new wave of highly destructive malware has been targeting Ukrainian organizations, marking the fourth attack of this type to hit the country since the beginning of the year. While this new variant, dubbed CaddyWiper, shares some tactics with other wiping malware campaigns, researchers have been unable to find any similar code to previous data wiping malware. Prior campaigns had been directly tied to the recent invasion of Ukraine by Russia, and are likely nation-state backed attacks.
CafePress fined for not reporting 2019 data breach
Following an investigation by the Federal Trade Commission (FTC) into a data breach that compromised the unsecured servers at CafePress, it’s been revealed the breach was subsequently swept under the rug. The 2019 incident came shortly after CafePress had been informed of a lack of security measures while also retaining highly sensitive customer data for far longer than necessary. The data breach only came to light after the hackers posted up a trove of data belonging to CafePress that contained data for nearly 24 million users, who were never properly informed of the incident and were simply charged $25 for an account closure fee.
Australian banks join forces against cybercrime
The Chief Security Officers for four of the largest banks in Australia have decided to take on the issue of financial cybersecurity and work against the larger criminal threat. While this isn't the first time that this same group has come together to work on issues regarding their industry, this meeting comes at a time where financial groups are becoming common targets for ransomware and other data theft schemes.
Denver Cardiology group suffers data breach
Officials for the South Denver Cardiology Association have begun reaching out to nearly 300,000 patients who may have had their sensitive medical information compromised in a cyberattack that occurred back in January. While the attack was discovered quickly and staff were able to shut down other systems to reduce overall damage, it is still unclear as to how the attackers entered the network or how much information may have been accessed during their time in the system.