WME Security Briefing 15 April 2024

E-Commerce Security Alert: Unveiling Magecart’s Persistent Backdoor

Overview

Malicious activities by Magecart attackers have been reported. They are targeting Shopify’s content delivery network (CDN) by creating fake Shopify stores. The backdoor method has enabled them to intercept payment details from thousands of victims.

Impact

• Utilizing Shopify and Cloudflare CDN lends an unwarranted layer of trust to the fake checkout forms.
• The backdoor potentially affects thousands of users worldwide.
• The ability to manipulate Shopify’s CDN highlights high technical sophistication.
• This maneuver illustrates Magecart’s evolving tactics or credit card skimming operations.

Recommendation

It’s essential for e-com platforms and their users to adopt stringent security measures:

• Continuous Monitoring
• Vendor Verification
• Enhanced User Awareness
• And Others

Cyber Assault on Albania’s Digital Gateway

Overview

Albania faced a?“wide and complex”?cyberattack targeting govt. infrastructure and public online services. The incident marked a huge disruption, precisely mirroring tactics used in other EU countries.

Impact

• The attack initially manifested itself as ransomware and spanned several days.
• Hackers used the same methodologies observed in Belgium, Germany, Lithuania, Malta, the Netherlands, and Ukraine.
• Despite the attack’s severity, rapid response and detection mechanisms ensured the integrity of systems and prevented data loss.

Recommendation

For entities facing similar threats:

• Implement robust detection & response systems.
• Regularly patch systems.
• Collaborate with?cybersecurity experts.

Rising Threat: JSOutProx Malware Wave Hits Hard

Overview:

JSOutProx is a sophisticated malware campaign, targeting a broad spectrum of victims. This wave signifies a notable escalation in cyber threats as these threat actors leverage advanced tactics to compromise systems.

Impact

• Widespread Targets:?JSOutProx exhibits a global threat footprint, indiscriminately targeting organizations across industries.
• Advanced Techniques:?They use state-of-the-art evasion and propagation methods. JSOutProx can bypass any traditional security measures.
• Significant Consequences:?The potential impacts include data theft, system compromise, and financial loss, among others.

Recommendation

• We urge organizations to review their cybersecurity posture. Educate staff on the importance of vigilance, particularly regarding phishing attempts. That said, you are advised to utilize advanced security tools like antivirus solutions and behavior analysis tools.

Expansive Cyber Espionage Efforts Linked to China

Overview

Recent investigations uncover extensive cyber espionage activities orchestrated by China-linked groups. They’ve been targeting sectors across 17 nations for over three years. The operations are aiming to steal intellectual property and sensitive govt. and military info.

Impact

• Global Reach:?Attacks span Asia, Europe, and North America, affecting academia, aerospace, government, and research sectors.
• Sophisticated Tactics:?Advanced malware and social engineering to infiltrate systems.
• Strategic Targets:?Emphasis on govt. targets for intelligence gathering and economic espionage.

Recommendation

To mitigate risks, organizations should enhance detection and response capabilities. Train staff on responding to social engineering attacks. That said, collaborate with international cybersecurity communities for timely threat intelligence sharing

Critical Vulnerability Alert for Cisco Small Business Routers

Overview

Cisco’s Small Business Routers identified a series of critical vulnerabilities, specifically impacting models?RV110W, RV130, RV130W, and RV215W.?The flaws, if exploited, could enable remote attackers to gain full control of the affected devices. They could execute arbitrary code with root privileges.

Impact

The identified vulnerabilities pose a big risk:

CVE-2020-3330:?Allows full device control using a static password.

CVE-2020-3323:?Enables arbitrary code execution through HTTP requests.

CVE-2020-3144:?Permits bypassing of authentication for admin privileges.

Recommendation

Cisco has released patches for the affected devices. They have advised users to apply these updates to protect their networks. If your devices have reached end-of-life and are unable to be patched, consider replacing them.

University of Cambridge Medical School Systems Disrupted

Overview

The University of Cambridge experiences a cybersecurity incident affecting its Medical School’s computing services. This incident was identified last month, and so far, has led to huge disruptions in IT services. It’s affecting several departments linked to the?Clinical School Computing Service (CSCS).?A Critical Incident Management Team is managing the response, and the university is implementing business continuity plans to minimize disruption.

Impact

The situation is a critical reminder of the vulnerabilities present in digital infrastructure, particularly in prestigious research institutions. It highlights the importance of cybersecurity vigilance and the swift action required to mitigate such threats.

• The attack targeted IT services provided by CSCS, leading to a forced shutdown of critical systems to contain the breach.
• Notable disruptions to the work and documents of staff/students, impacting over 5,800 devices.
• The Zoology Department, Sainsbury Laboratory, Stem Cell Institute, and Milner Institute faced disruptions.
• The university has taken immediate measures to contain the incident, with some services still offline.

Recommendation

• Staff/students should follow best security practices i.e. MFA, strong passwords, etc.Immediate password changes are advised if unauthorized access is detected.

Click here to read more