The Week In Review 22/02-26/02

The Week In Review 22/02 – 26/02

Recently, there has been a large increase in targeting vital organisations or governmental structures, using recent news events to deceive the targets.

Critical National infrastructures are, as always, the target of state-sponsored attacks. One of the recent examples is ThreatNeedle malware, from the Lazarus Group (North Korean) that targets Defense Firms using the COVID pandemic as a theme in their emails containing a malicious attachment.

Last week you might have seen news about a small town in Florida that had their drinking water turned into poisoned after a hacker accessed the server of the water company, increasing the dosage of Sodium hydroxide. Meanwhile, Austin Energy customers, already hit by a ferocious storm a few days ago fearing an electricity cut, were targeted by a scam. The imposters were threatening to cut the power to the users.

Unsurprisingly, cryptocurrencies are, as always, the target of tremendous crypto-mining botnets. One of the latest big news is around Watchdog. This malware has been stealthily running for more than two years and is now hard to stop. The target of its malicious actions is, for now, cryptojacking but researchers have shown that there is a risk to have a larger impact in the future for hackers to find identity and access management (IAM) data. This would be the results of the installation of Watchdog on compromised cloud systems.

We have seen a change in the web attacks throughout 2020 and some reports show a changing top 10 hacking techniques. SQL injection and XXE vulnerabilities are slowly becoming obsolete, and we might see them less in the future. Conversely, we see more and more variation of previously known vulnerabilities being re-used as new exploits. This is for example the case of H2C Smuggling becoming number one of this new top 10. This HTTP2 Cleartext smuggling purpose is to create a tunnel from the front-end side to the back-end side, allowing attackers to bypass the front-end protocols. As a result, hackers could perform actions as if they were in the back-end side of the application.

Read about all of this and more below:

Hackers try to poison Florida citizens through Cyber Attack.

Texas electric company warns of scammers threatening to cut power.

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign.

H2C smuggling named top web hacking technique of 2020.

Top 10 web hacking techniques of 2020.

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

Dionach by Nomios Earns 2026 Great Place To Work Certification™

Oxford, UK – April -2026 — Dionach by Nomios is proud to be Certified™ by Great Place To Work® for the 2026 year in a row. The prestigious award is based entirely on what current employees say about their experience working at Dionach by Nomios This year, 83%of employees said it’s a great place To […]

Dionach to Join Nomios Next London Summit 2026

London, UK – April-2026 – Dionach by Nomios, a leading global cyber security consultancy and part of the Nomios Group, is pleased to announce its participation in the upcoming Nomios Next London Summit, taking place on 19 May 2026 at the De Vere Grand Connaught Rooms in Covent Garden, London. The event will bring together […]

Dionach Sponsors TEISS London 2026 – The European Information Security Summit

Dionach is proud to announce our sponsorship of TEISS London 2026, one of Europe’s leading cybersecurity conferences, taking place in February 2026 in London. TEISS London (The European Information Security Summit) is a flagship event for information security leaders, bringing together CISOs, CIOs, heads of security, risk and compliance professionals to discuss the most critical […]

The Week In Review 22/02-26/02