Have you ever wondered what vulnerabilities are exploited the most by threat actors? The answers you have been eagerly waiting for could be found inside a joint Cybersecurity Advisory (CSA) coauthored by the cybersecurity authorities of the United States (CISA), Australia (ACSC), Canada (CCCS), New Zealand (NZ NCSC), and the United Kingdom (NCSC-UK), plus the U.S. National Security Agency (NSA) and Federal Bureau of Investigation (FBI).

Between February 27 and March 1, 2022, Docker Engine honeypots were observed to have been compromised in order to execute two different Docker images targeting Russian and Belarusian websites in a denial-of-service (DoS) attack. Both Docker images’ target lists overlap with domains reportedly shared by the Ukraine government-backed Ukraine IT Army (UIA). The UIA previously called its members to perform distributed denial-of-service (DDoS) attacks against Russian targets.

The attacks came from all corners in the past month, as cybercriminals used administrative access codes, stolen internal data, laser-focused programming tools, and even humble job applications to worm their way into organizations' inner workings. Let's look at some of the strange and sinister innovations that shaped the world of cybercrime this April.

In recent weeks, Cyberint has been monitoring a new marketplace that appeared in the TOR network, an insiders network called Industrial Spy. This new platform was established in around mid-March this year and is currently being promoted on known Darknet forums and Telegram channels. The platform’s main goal is to become the ultimate repository containing victims’ data, which is mainly gathered by threat actors and insiders.

Wiper’s main objective is to destroy data from any storage device and make the information unavailable (T1485). There are two ways of removing files, logical and physical. Logical file removal is the most common way of erasing a file, performed by users daily when a file is sent to (and emptied from) the Recycle bin, or when it is removed with the command line or terminal with the commands del/rm.

The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online but knowing to what extent assets are exposed. Users can now toggle the view of their attack surface by active and inactive assets. When toggled on, users will see all active assets present on their attack surface in the last 14 calendar days making it easier to discern what may no longer be on the attack surface.

This blog is the latest in a series dedicated to Zhadnost, a Russia-aligned botnet first discovered by SecurityScorecard in March.

Recent research studies demonstrate that software supply chain attacks are on the upswing—by almost 300% in 2021 alone. To avoid attacks related to open-source libraries and JavaScript, businesses need to understand the tactics, techniques, and procedures (TTPs) associated with JavaScript supply chain attacks.