AppSec News Bulletin

News Date - 16th to 22nd March 24

RBI alerts banks on heightened cyber security threats, gives action plan to address vulnerabilities, says report

The Reserve Bank of India (RBI) has issued warnings to certain banks, urging them to enhance their defenses against potential cyber attacks. These warnings follow the central bank's recent Cyber Security and Information Technology Examination (CSITE), which identified vulnerabilities and provided action points to address them. The CSITE is distinct from routine risk assessments and scrutinizes various aspects of banks' cybersecurity readiness, including disaster management, internet and mobile banking platforms, and fraud detection mechanisms. It serves as an independent review to strengthen cyber security surveillance.

RBI Deputy Governor T Rabi Sankar emphasized the need for banks to upgrade their encrypted systems to counter evolving cyber threats, particularly those related to artificial intelligence (AI). This comes in light of incidents like the UCO Bank incident in November 2023, where technical issues led to erroneous credits totaling ?820 crore via Immediate Payment Service (IMPS). While UCO Bank managed to recover a significant portion of the funds, the incident underscores the importance of robust digital operations.

The report also highlights a surge in cyber security breaches in India's banking sector, with 248 successful data breaches reported between June 2018 and March 2022. These breaches, primarily involving card details leakage and information theft, have raised concerns and prompted increased vigilance. In response, the RBI has mandated banks to strengthen their IT risk governance frameworks and implement robust cybersecurity measures as part of its dedicated Cyber Security Framework for Scheduled Commercial Banks (SCBs).

Source - Livemint

Apple Users Beware: Indian govt. issues major security warning for iPhones, iPads, MacBooks; recommends immediate actions

The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology (MeitY), has issued warnings about critical vulnerabilities affecting various Apple devices, including iPhones, iPads, MacBooks, and Apple Watches. These vulnerabilities pose risks such as unauthorized access, disclosure of sensitive information, execution of arbitrary code, and bypassing security restrictions.

Affected devices and software versions include iOS, iPadOS, Apple Vision Pro, Apple TV, Apple Watch, macOS Monterey, macOS Ventura, macOS Sonoma, Xcode, and GarageBand.

To mitigate these risks, CERT-In advises users to update their devices to the latest available software versions provided by Apple. Users of older devices without regular updates should apply appropriate security patches from Apple's official website.

The proactive approach of the Indian government in issuing warnings underscores the importance of safeguarding digital assets and maintaining a secure computing environment in the face of increasing cyber threats.

Source - Economic Times

IMF Emails Hacked

The United Nations financial institution disclosed a security breach detected on February 16, 2024, where 11 IMF email accounts were compromised. An investigation with external cybersecurity experts revealed no indication of access beyond these accounts, which have since been secured. The IMF emphasized its serious approach to cyber incident prevention and defense, stating it operates under the assumption of inevitable cyber incidents and maintains a robust cybersecurity program. The attackers' motives and the data accessed remain unclear. While compromising email accounts could be advantageous for state-sponsored cyberspies or profit-driven cybercriminals, the IMF clarified that top leadership, including Managing Director Kristalina Georgieva, was not targeted. This incident marks the first cybersecurity breach disclosed by the IMF since 2011, when a cyberattack resulted in the loss of significant data.

Source - Security Week

WARNING: Hackers’ New Favorite Tool – Weaponized SVG Files

Threat actors are increasingly employing SVG (Scalable Vector Graphic) files in cyberattacks due to their ability to contain embedded scripts, making them a vector for executing malicious code. Moreover, SVG files can bypass certain security measures by blending in with legitimate web content. Recent research by cybersecurity experts at Cofense reveals a surge in the use of weaponized SVG files in cyberattacks.

Weaponized SVG files have become advanced vectors for evolving malware delivery, notably with the emergence of AutoSmuggle in May 2022, facilitating the delivery of malicious payloads in HTML/SVG formats. Threat actors have exploited SVG files in major campaigns since December 2023.

Since 2015, SVG files have been increasingly utilized for malware delivery, initially for delivering ransomware and later for distributing Ursnif malware in 2017. Notably, in 2022, SVG files containing embedded .zip archives facilitated the delivery of QakBot malware via HTML smuggling, a tactic distinct from previous methods.

Recent campaigns have demonstrated the versatility of SVG files in delivering various malware, including Agent Tesla Keylogger and XWorm RAT, through different tactics such as smuggling capabilities to access Roundcube servers.

AutoSmuggle, introduced on GitHub in May 2022, covertly embeds executables or archives within SVG or HTML files, evading network defenses and Secure Email Gateways (SEGs) to deliver payloads. Threat actors leverage SVG files to cloak malicious content as genuine HTML, ensuring successful delivery upon victim interaction.

SVG files are treated with less suspicion than HTML or archives, making them an attractive choice for threat actors. The consistent infection chains involving attached SVG files that drop embedded archives containing scripts highlight the effectiveness of SVG files in delivering malware payloads.

Source - Cyber Security News