This has been quite an active week in terms of cyberattacks. Sort through the digital attacks in the previous seven days, and you will be inundated with an avalanche of news. Let's take a look at the most significant cyber attacks from the week gone by.
Panasonic
Panasonic representatives revealed a significant digital security breach this week. A hacker illegally accessed data from a file server of this Japan-based electronics giant. The extent of the unauthorized access has yet to be revealed. The breach started this past summer and extended through early November. Though Panasonic has implemented protocols to prevent a similar breach from occurring, the data access is concerning for Panasonic business partners, clients, and shareholders.
AT&T
Earlier this week, it was revealed that a botnet known as EwDoor targeted AT&T devices. The botnets used bots to steal the data of AT&T customers, perform DDoS attacks and send spam messages. The attack was initially identified in the final days of October. All in all, 6,000+ AT&T devices throughout the United States were infected.
Apple
Apple is in the news for pursuing legal action against NSO Group, a spyware firm that allegedly attacked Apple users' computing devices. The lawsuit strives to secure a permanent injunction that stops NSO group from using the computing giant's products and services. The alleged attack occurred through a ForcedEntry exploit related to an iOS shortcoming. It is alleged that a bug installed Pegasus software to spy on Apple users, including professors and government employees. It is also alleged that NSO Group transmitted harmful data to Apple computing devices.
Additional Digital Breaches and Hacks of Note
A threat actor in Pakistan shared sensitive data from government computers with anti-government groups. The hacker's motivation appears to be to target both the Afghan and Indian governments.
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued a directive stating more than 300 vulnerabilities are threatening digital security here in the United States and abroad. Those vulnerabilities include a coreboard vulnerability relating to the Apache HTTP Server in which attackers run code to initiate an attack. CISA also warned of a vulnerability in the Zoho ManageEngine ServiceDesk.
Malware hiding within Nginx Process on Linux servers has emerged to steal payment data. The code uses a host Nginx application that so far is nearly impossible to identify. This code steals data stored on eCommerce servers.
Digital security researchers announced 17 unique malicious frameworks used to violate air-gapped networks. These frameworks are used to conduct espionage.
Researchers also warned Iranian computer users of extensive SMS phishing operations underway this December. SMS messages meant to install malware on Iranians' Android devices are successfully impersonating members of the Iranian government and those who work for social security services. Social engineering aims to steal credit card information and bank account funds.