Cyber Briefing - 2023.10.02
?? What's happening in cybersecurity today?
Dual Ransomware, Federal Bureau of Investigation (FBI) , BunnyLoader, Malware as a Service, OilRig Group Espionage, Iran, The Exim MTA Zero-Day Vulnerability, ASMCrypt, DoubleFinger, Malvertising, Adware, Bing, 微软 , McLaren Healthcare, Royal Family GB , Indian Taxpayer Data Leak, Edinburgh Tram, U.S. AI Security Center, Facial Recognition Banned, Lazarus Group, IronNet Shuts Down, ShinyHunters.
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
The FBI has issued a warning regarding a rising trend in dual ransomware attacks targeting organizations since July 2023. In these attacks, cybercriminals deploy two different ransomware variants against victims, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. These attacks can happen within a short timeframe, ranging from 48 hours to 10 days apart. Alongside this tactic, ransomware attacks increasingly involve custom data theft, wiper tools, and malware to pressure victims into making ransom payments.
A newly discovered malware-as-a-service threat known as BunnyLoader is causing concern in the cybersecurity community. BunnyLoader offers a range of functionalities, including downloading and executing second-stage payloads, stealing browser credentials and system information, and more. This C/C++-based loader, available for a lifetime license at $250, has been continuously developed since its debut in September 2023, with updates that incorporate anti-sandbox and antivirus evasion techniques. Its fileless loading feature is a key selling point, making it challenging for antivirus software to remove the attacker's malware.
In a recent report, cybersecurity researchers have uncovered a spear-phishing campaign conducted by the sophisticated Iranian-backed hacking group known as OilRig. This campaign is designed to infect victims with a newly discovered strain of malware called Menorah. The malware possesses the capability to identify target machines, extract and upload files from them, and download additional malicious payloads.
A critical zero-day vulnerability in all versions of Exim mail transfer agent software has been discovered, which allows unauthenticated attackers to gain remote code execution on Internet-exposed servers. The security flaw, identified as CVE-2023-42115, is due to an Out-of-bounds Write weakness in the SMTP service, potentially leading to code execution on vulnerable servers. Despite being reported to the Exim team in June 2022, the developers have not provided an update on their patch progress, putting millions of servers at risk, particularly those accessible via the Internet.
In the ever-evolving landscape of cyber threats, a new crypter and loader, ASMCrypt, has emerged as a formidable adversary, described as an advanced version of the DoubleFinger malware. ASMCrypt's primary purpose is to surreptitiously load the final payload, avoiding detection by security systems, a technique known as crypting. This evolving threat underscores the relentless efforts of threat actors to develop sophisticated tools that can be used for a range of malicious activities, including ransomware attacks and data theft.
Cybercriminals are using malicious ads to spread malware via Microsoft Bing's AI chatbot, putting unsuspecting users at risk of downloading malicious software from seemingly legitimate conversations. The ads are inserted into Bing Chat conversations when users hover over links, displaying ads before organic results. Users are directed to fraudulent links and potentially tricked into downloading malware, illustrating the ongoing threat of malvertising tactics.
?? Cyber Incidents
McLaren HealthCare, one of Michigan's largest healthcare systems, has confirmed a ransomware attack after being targeted by the notorious hacker gang, Black Cat/AlphV. The organization detected suspicious activity on its network and immediately launched an investigation, which revealed a ransomware event. While the systems remain operational, McLaren is working with cybersecurity specialists and law enforcement to address the breach and has taken steps to bolster its cybersecurity defenses. The gang claims to have stolen a substantial amount of data, including personal information and hospital videos, but it's unclear whether a ransom will be paid.
In a bold move, Russian hackers affiliated with the pro-Putin hacktivist group KillNet claimed responsibility for a targeted cyber attack on the Royal Family's official website. The attack occurred shortly after King Charles publicly condemned Russia's invasion of Ukraine. The Royal Family's website, royal.uk , was temporarily taken down for about 90 minutes due to a Denial of Service attack, but palace sources assured that the hackers did not gain access to their systems or content. This incident has sparked an ongoing investigation, as cybersecurity experts suspect KillNet of having connections to high-ranking figures within Putin's regime.
领英推荐
Indian taxpayers are facing potential risks as reports of a data leak from a tax assistance organization have emerged. A hacker forum user known as 'Hacking' publicly disclosed Indian taxpayer data, raising concerns about data security. The leaked data was claimed to be from the website TaxReturnWala, which offers financial and tax-related services to individuals and corporations. While the authenticity of the data leak remains unverified, it underscores the need for increased cybersecurity measures to protect sensitive taxpayer information.
Edinburgh's tram network faces cyber threats as hackers disrupt the company's website, causing it to go offline. Pro-Russian hacking group NoName claims responsibility for targeting several UK transport organizations, including Edinburgh Trams, Transport for Edinburgh, and various English-based travel operators. Investigations by both the National Cyber Security Centre and Police Scotland are underway.
?? Cyber News
The National Security Agency establishes a new AI Security Center to oversee AI development in national security systems, collaborating with the Pentagon, foreign partners, industry, and academia to develop best practices and risk frameworks for safe AI adoption in national security enterprises and defense industries.
In a significant move, New York state has prohibited the use of facial recognition technology in schools, citing concerns over student privacy and civil rights. The decision, made by Education Commissioner Betty Rosa, empowers local districts to make choices regarding other biometric technologies and digital fingerprinting. The ban comes after a report highlighted the potential drawbacks of facial recognition, including a higher rate of false positives for various demographic groups and the technology's limited ability to enhance school safety.
The notorious Lazarus Group, linked to North Korea, has been identified in a cyber espionage attack targeting an aerospace company in Spain. In this intricate scheme, employees were approached on LinkedIn by a fake recruiter posing as a Meta representative. They were lured into opening malicious executable files disguised as coding challenges, unleashing a spear-phishing campaign called Operation Dream Job. The attack ultimately deploys a sophisticated implant known as LightlessCan, representing a significant advancement in the group's malicious capabilities compared to its predecessor, blindingcan.
In a stunning turn of events, IronNet, the once high-flying network detection and response company, founded by retired four-star Army Gen. Keith Alexander and valued at $1.2 billion, has ceased all business operations and terminated its employees. The company had struggled to secure additional sources of liquidity and was left with no choice but to file for bankruptcy protection, leaving stakeholders concerned about potential material and adverse effects.
Sebastien Raoult, known as 'Sezyo Kaizen,' has admitted guilt in the U.S. District Court of Seattle for his involvement in the notorious ShinyHunters hacking group. Raoult, a 22-year-old from France, was extradited to the U.S. after being apprehended in Morocco. He and his co-conspirators hacked into computers to steal corporate and customer data, which they then sold under the ShinyHunters alias on various dark web platforms, causing an estimated damage exceeding $6,000,000 and compromising hundreds of millions of records. Raoult now faces a potential prison sentence of up to 29 years for wire fraud conspiracy and aggravated identity theft.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on:
Co-Founder & Executive at ANNRAJ Agro Foods | Enthusiast in Brand Building ??
1 年Thanks for sharing