Tuesday 21st May 2024

Good morning everyone, thank you for joining me for today's edition of Cyber Daily. Today we're covering Google which has called Microsoft out for recent security slip-ups, while sophisticated malware campaigns are exploiting services like GitHub and FileZilla, and the UK's financial sector faces an alarming rise in cyber threats, doubling ransomware attacks and introducing AI-driven deepfakes, highlighting the urgent need for enhanced cybersecurity measures and awareness.

Google Calls Out Microsoft’s Security Slip-Ups

In a hard-hitting review, Google has criticised Microsoft for its failure to safeguard systems and customer data. The critique follows a series of breaches, the most notable involving China-backed hackers infiltrating Microsoft Exchange last year. This breach allowed unauthorised access to any Exchange account, and Google's report highlights Microsoft's misrepresentation and insufficient public disclosure about the incident.

Google's report underscores findings from the federal cybersecurity review board, which revealed that Microsoft customers lacked vital information to assess their risk. The board also pointed out that Microsoft chose not to correct public statements deemed inaccurate. Furthermore, the board's assessment indicated that Microsoft still doesn't know how the attackers obtained the key to its systems, suggesting a troubling pattern of security failures.

In March, Russian hackers accessed Microsoft’s source code and senior leadership emails, impacting federal agencies. Additionally, a third-party firm found an unprotected Azure cloud server exposing Bing search data and other sensitive information.

Charlie Bell, Microsoft’s EVP of Security, announced plans to enhance security measures and tie senior leadership compensation to security milestones.

Google argues that these issues make Microsoft a less reliable option for enterprises and public-sector organisations. Offering a safer alternative, Google is pushing for a switch to Google Workspace Enterprise Plus.

Sophisticated Malware Campaign Targets Multiple Platforms

A recent "multi-faceted campaign" has emerged, exploiting legitimate services like GitHub and FileZilla to deploy various stealer malware and banking trojans, including Atomic (AMOS), Vidar, Lumma (LummaC2), and Octo. This operation, dubbed GitCaught by Recorded Future's Insikt Group, impersonates reputable software such as 1Password, Bartender 5, and Pixelmator Pro to deceive users.

The campaign employs a complex strategy, using fake profiles and repositories on GitHub to host counterfeit versions of popular software. These malicious files are then distributed via malvertising and SEO poisoning campaigns, embedding links within multiple domains to lure victims.

The use of diverse malware variants suggests a broad targeting approach across Android, macOS, and Windows systems.

Overlapping command-and-control (C2) infrastructure indicates a streamlined attack coordination, enhancing the efficiency of these cyberattacks.

The attackers leverage FileZilla servers for malware management and delivery, while Bitbucket and Dropbox are used to host payloads, further complicating detection and mitigation efforts.

The GitCaught operation has been traced back to Russian-speaking threat actors from the Commonwealth of Independent States (CIS). This campaign has been linked to the distribution of additional malware such as RedLine, Raccoon, Rhadamanthys, DanaBot, and DarkComet RAT since at least August 2023.

Microsoft’s Threat Intelligence team has highlighted the ongoing threat posed by the macOS backdoor codenamed Activator. This malware impersonates cracked software versions, stealing data from cryptocurrency wallets and employing sophisticated techniques to disable security features and maintain persistence on infected systems.

UK Financial Sector Faces Escalating Cyber Threats

KnowBe4, the leading provider of security awareness training and simulated phishing platforms, has released a comprehensive report detailing the growing cyber threats targeting the financial sector in the UK. The report underscores an urgent need for financial institutions to enhance their cybersecurity strategies to combat increasingly sophisticated attacks.

The report highlights several alarming trends:

- Ransomware Surge: The frequency of ransomware attacks on the UK financial sector doubled in 2023.

- Phishing and BEC: Phishing and Business Email Compromise (BEC) remain the top threats to financial institutions.

- AI-Driven Deepfakes: There’s a notable rise in deepfake audio impersonations using AI.

- Perception of Risk: Cyberattacks are now seen as a greater risk than geopolitical tensions, inflation, or economic recessions.

- Post-Invasion Spike: Cyberattacks against UK financial institutions surged by 81% following Russia's invasion of Ukraine, compared to a 61% global increase.

- Security Shortfalls: Many UK banks lack basic online protections, using outdated web applications, failing to enforce secure passwords, and not providing alerts for critical account changes.

Javvad Malik, lead security advocate at KnowBe4, emphasised the critical need for financial institutions to rapidly evolve their cyber defences to keep pace with the sophisticated threats. He stressed the importance of security awareness and training to mitigate human risk.

The report offers actionable advice for financial institutions to strengthen their defences against cyber threats, emphasising the integration of traditional security measures with advanced awareness training programmes.