SMS-based phishing attacks are nothing new. They’ve been around in one form or another since the technology became mainstream in the mid-90s, and more so since the introduction of smartphones a decade and a half ago. However, in their latest incarnation, AKA Smishing, such attacks are progressively executed on a scale never seen before. In the last couple of months, Cyberint has seen an increase of SMS phishing attacks targeting the customers of retail companies.

Threat intelligence solutions provide security teams with critical context on cybersecurity vulnerabilities and the threat actors seeking to exploit them. This helps organizations to respond proactively and efficiently to threats. Yet while all threat intelligence tools offer the core feature of basic information about cybersecurity threats, they vary significantly in the ways they make available that data.

The AXA Group has been targeted by Ransomware and the threat actors have publicly announced this incident. AXA Group’s IT Operations were affected regionally in the Philippines, Thailand, Malaysia and Hong Kong. The hostaged data, amounting to approximately 3 terabytes, consisted of customers’ personally identifiable information, health records, medical claims, patients’ personal health conditions, photos of IDs and passports, bank documents, and hospital invoices.

First observed in 2019 and advertised (Figure 1) as a 'Malware-as-a-Service' (MaaS) threat on various cybercriminal forums, Raccoon is an information stealer targeting victim credentials and cryptocurrency wallets. Seemingly favored by some threat actors due to its simplicity, the malware element of Raccoon omits advanced features, such as those used to evade detection, and instead focuses on the 'stealer' task in hand.

In yet another high-impact and high-profile ransomware incident, the 'big game hunter' ransomware group 'DarkSide' accepted responsibility for an attack against the US-based Colonial Pipeline Company, an organization providing fuel pipeline services across multiple states (Figure 1) that transport a reported 100 million US gallons of fuel daily including direct service to airports.

Details of several high severity vulnerabilities in Dell's firmware update driver, grouped together as CVE2021-21551 with a CVSS score of 8.8, were published on 4 May 2021 and could lead to privilege escalation, denial of service and/or information disclosure on affected devices.