CyberWatch Weekly: Top 3 Cybersecurity News from May 1st Week

Cyberthreats are becoming more strategic and disruptive. Microsoft has flagged a cloud-focused password spraying attack by Storm-1977, exploiting weak, inactive identities for cryptomining. In Australia, over 31,000 online banking credentials from major banks have surfaced on the dark web due to info-stealer malware infecting personal devices. Meanwhile, a DDoS attack briefly disabled Poland’s key government services right before major deadlines. These incidents underscore the urgent need for stronger authentication, endpoint security, and crisis preparedness. Here’s a closer look at this week’s top cyber incidents. 

Microsoft Warns of Ongoing Password Spraying Attack

Microsoft has issued a warning about a password spraying attack by the threat group Storm-1977, targeting cloud environments, especially in the education sector. The attack occurred due to insecure workload identities, many of which were inactive and lacked strong authentication, making them easy targets. Hackers used a tool called AzureChecker to download encrypted data, revealing login targets, and combined it with a file of usernames and passwords. These credentials were then tested against cloud tenant accounts, leading to successful access. Once inside, attackers used a guest account to create over 200 containers for cryptomining. 

To defend against such threats, organizations should enforce multi-factor authentication, limit user privileges through role-based access controls, and secure Kubernetes APIs and endpoints with strong credentials. Proactive monitoring of inactive accounts and cryptomining behavior is essential to safeguarding cloud infrastructure.

Source: Forbes

Massive Banking Leak: Thousands of CBA, ANZ, NAB, Westpac Logins on Dark Web

Cybercriminals have exposed at least 31,000 Australian internet banking credentials online, often for free, according to cybersecurity firm Dvuln. The stolen data, linked to infections on individual devices, not bank systems, affects customers from Commonwealth Bank, ANZ, NAB, and Westpac. The theft stems from info-stealer malware, which spreads via online ads, emails, and SMS messages. Once installed, it silently harvests usernames, passwords, credit card details, browsing history, and cryptocurrency wallets. Experts warn that infections often go undetected, and criminals can exploit stolen data for years. While banks continue to monitor threats and enhance defenses, they urge consumers to improve cyber hygiene.

Potential solutions include using a clean, dedicated device for online banking, avoiding risky downloads, and updating antivirus software regularly. Users should also watch for suspicious login alerts, unusual locations, and unauthorized transactions. Changing passwords from an infected device is ineffective, security measures must begin with ensuring the device itself is secure.

Source: Daily Mail

Poland’s State Registry System Under Siege in Major Cyberattack

A major cyberattack struck Poland’s state registry system on April 29, disrupting access to critical online services just a day before major tax and benefit deadlines. The distributed denial-of-service (DDoS) attack briefly blocked platforms used for tax payments, vehicle registration, and apps like mObywatel, according to local media. Authorities confirmed the attack was intentional and successfully repelled within an hour, though users experienced service interruptions during that time. The incident’s timing, on the eve of Poland’s tax deadline and key government program applications, has raised concerns about potential political or strategic motives. While the attacker’s identity remains unknown, Poland’s Cyber Police and Internal Security Agency have launched an investigation. 

To prevent future disruptions, experts recommend strengthening DDoS defenses, conducting regular stress tests, and decentralizing infrastructure to ensure continuity during cyber incidents. Public awareness and preparedness are also crucial to minimizing the impact of such attacks.

Source: The New Voice of Ukraine

Conclusion

From cloud breaches to government disruptions and leaked bank credentials, this week’s cyber incidents highlight the growing sophistication of digital threats. Whether it’s through exploiting weak identities, targeting critical infrastructure, or stealing personal data, attackers are constantly evolving. Strengthening authentication protocols, securing devices, and staying alert to suspicious activity remain essential defenses. As cybercrime grows more coordinated and damaging, proactive security measures and public awareness must become the norm, not the exception. 

Stay vigilant and informed, tune in next week for more updates in InfosecTrain’s CyberWatch Weekly!