Wednesday 6th October 2024

Good morning everyone, thank you for joining me for the latest installment of Cyber Daily. Today's edition looks at Google's latest tool which just caught a real-world bug in open-source software that traditional methods couldn’t, marking a cybersecurity milestone. And while AI sharpens its bug-hunting skills, on the other side of the digital chessboard, Iranian hackers are getting savvier, expanding their targets across Europe and using cover companies to stay hidden. Plus, Canadian authorities are tackling a major breach of the popular cloud platform Snowflake, landing a key arrest.

Enjoy!

Suspected Snowflake Hacker Arrested in Canada

Canadian authorities have apprehended Alexander "Connor" Moucka, also known as "Judische" and "Waifu," over his suspected involvement in a series of hacks linked to cloud data warehousing giant Snowflake. Moucka, who was arrested on October 30 on a U.S.-requested provisional warrant, allegedly participated in cyber attacks earlier this year that affected a “limited number” of Snowflake’s clients.

Back in June, Snowflake revealed the breach, which was attributed by Google’s Mandiant team to North American-based hacking group UNC5537. The group reportedly targeted 165 companies, including big names like AT&T, LendingTree, and Ticketmaster. In some cases, hackers extorted companies by threatening to sell stolen data unless paid. AT&T reportedly forked over $370,000 to ensure the deletion of sensitive information.

Investigations suggest that Moucka exploited login credentials obtained through malware installed on contractors' systems. Reports also link Moucka to a criminal network called “The Com,” which allegedly engages in physical and digital attacks to secure sensitive information from rivals.

Google’s AI Finds First Real-World Memory Safety Flaw in SQLite

Google’s new AI-powered bug-hunting tool, “Big Sleep,” has reportedly scored a significant cybersecurity win, identifying an exploitable memory safety flaw in SQLite’s source code before its official release. This detection, announced November 1, marks the first time an AI has found a previously unknown memory safety vulnerability in widely used software, setting a promising milestone for AI in cybersecurity.

Big Sleep, a collaboration between Google’s Project Zero and DeepMind, caught the bug in early October after analysing recent SQLite code commits. The flaw—a stack buffer underflow—could have allowed attackers to trigger crashes or, potentially, execute arbitrary code. Though the vulnerability was challenging to exploit, Google emphasises that the discovery showcases AI's potential to spot complex bugs that traditional methods, like fuzzing, might miss.

While other AI tools, like Protect AI's Vulnhuntr, find zero-days in languages like Python, Google maintains Big Sleep’s edge lies in its ability to target memory safety issues in critical, widely deployed software.

Iran’s Emennet Pasargad Expands Cyber Targets Beyond the US and Israel

Iranian cyber-ops group Emennet Pasargad, also known as Cotton Sandstorm, has ramped up its attacks beyond the usual targets of Israel and the U.S., now setting its sights on Europe and various new IT assets like IP cameras. An advisory from the U.S. Departments of Justice and Treasury, alongside Israel’s National Cyber Directorate, notes that Emennet has expanded operations to include targets in France and Sweden and even conducted probing of election systems.

Known for its psychological tactics, Emennet previously interfered with U.S. elections, posing as political groups to spread disinformation. Now, with its front company Aria Sepehr Ayandehsazan, Emennet masquerades as a legitimate IT firm, masking its surveillance activities and accessing tech resources while hiding in plain sight.

Experts like John Fokker from Trellix warn that since the recent Israeli-Palestinian escalation, Iranian-linked actors have ramped up attacks on critical sectors in the U.S. and Israel, using methods like ransomware, DDoS attacks, and the deployment of destructive malware such as the Handala wiper.