Cyber Briefing: 2023.08.08
š Whatās the latest in the cyber world today? SkidMap, NFT, Impersonation Scams, Yashma Variant, McAfee, New Zealand, OpenBullet, 8BASE, MindX, ThreatSec, Israel, ALPHV/BlackCat, ScarCruft, Russia, Spain National Police, White House, Cl0p Ransomware, Torrents, Keystrokes.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
šØ Cyber Alerts
1. Linux Exploited by SkidMap Malware
Trustwaveās security researcher Radoslaw Zdonczyk unveils the dangerous evolution of SkidMap, a malware tailored to exploit vulnerable Redis services across a range of Linux distributions. The adaptable nature of this malware allows it to target specific system configurations, making it a challenging adversary to detect and combat. With Linux distributions like Alibaba, CentOS, RedHat, and others on its radar, SkidMap employs a multi-step attack chain involving disguising as GIF image files, enabling SSH access, establishing reverse shells, and deploying botnet components. This heightened level of sophistication poses a significant threat to Linux server infrastructures, demanding vigilant cybersecurity measures to counter its impact.
2. FBI Warns of NFT Scams
The FBI has cautioned individuals about the rise of cyber criminals who are assuming the identities of genuine NFT developers to orchestrate fraudulent schemes aimed at NFT community members. These scams involve the creation of counterfeit social media accounts or the hijacking of legitimate ones to promote fake NFT releases, often exploiting a sense of urgency or limited supply. Unsuspecting victims are then directed to phishing websites that trick them into connecting their cryptocurrency wallets, ultimately leading to the theft of digital assets and cryptocurrencies. The FBI advises users to diligently verify the legitimacy of NFT projects, cross-check social media accounts, and scrutinize websites before sharing wallet information.
3. New Ransomware Targets Multiple Countries
An advanced strain of ransomware, believed to originate from Vietnam, has been pinpointed by Cisco Talos in a spree of attacks targeting China, Vietnam, Bulgaria, and English-speaking nations. The ransomware, a variant of Yashma, showcases a twist in tactics by utilizing a threat actor-controlled GitHub repository to deploy its ransom note. With its extensive anti-recovery capabilities and an eerily familiar ransom note style reminiscent of WannaCry, this new breed of ransomware highlights the evolution of cyber threats and the challenges they pose to cybersecurity experts worldwide.
4. New Zealanders Targeted by Family Phone Scam
New Zealand residents are falling prey to a clever text message phishing scheme, where scammers impersonate family members claiming phone damage. The fraudulent messages prompt recipients to contact a new mobile number, eventually leading to requests for bank and credit card details for supposed phone replacement. While receiving the message isnāt an immediate threat, responding could escalate risk, urging recipients to verify with family members through known contacts and report suspicious texts to authorities.
5. Adware Scam Affects Korean Android Users
Discovered by McAfeeās Mobile Research Team, a sophisticated adware campaign aimed at Korean Android users has been exposed. This insidious trend involves certain apps from Google Play secretly loading ads even when the userās device screen is off, violating Google Play Developer policies and defrauding advertisers. This campaign, encompassing 43 rogue apps with a combined download count of 2.5 million, employs technically advanced tactics to avoid detection and can remotely modify fraudulent behavior, posing a significant challenge in detection and mitigation. McAfeeās intervention prompted swift action from Google, resulting in app removals and updates to adhere to Googleās policies.
6. OpenBullet Malware Targets Cyber Criminals
A novel malware campaign has surfaced, exploiting unsuspecting aspiring cyber criminals through the use of malicious OpenBullet configuration files, enabling the distribution of a potent remote access trojan (RAT) designed for data theft. Kasadaās analysis reveals that this campaign capitalizes on beginner hackers within trusted criminal networks, highlighting the alarming trend of advanced threat actors preying on less experienced individuals. By harnessing platforms like Telegram and GitHub repositories, the campaign orchestrates a sequence involving a Rust-based dropper called Ocean and a Python-based RAT named Patent, ultimately leading to unauthorized access and data exfiltration.
š„ Cyber Incidents
7. 8BASE Cyber Attack on Recruitment Firm
The 8BASE ransomware group has revealed that they successfully targeted the website of Delaney Browne Recruitment, an England-based recruitment agency. The attack resulted in the acquisition of sensitive personal data and important information, potentially putting individualsā privacy at risk. This breach highlights the growing concern of cyber attacks affecting various industries, as hackers may exploit stolen recruitment data for targeted scams and social engineering tactics.
8. ThreatSec Targets MindX School
MindX Technology School (formerly Techkids) in Vietnam was allegedly targeted by the ThreatSec hacker group, potentially leading to a data breach. The hacktivist group claims to have accessed a substantial amount of data, including personal information of students and stakeholders. This attack highlights the growing concern of cybersecurity vulnerabilities in educational institutions, prompting renewed efforts by the Biden-Harris Administration to enhance cyber defense for schools across the United States.
9. Israeli Medical Center Hacked in Bnei Brak
A significant cyber attack on Mayanei Hayeshua Medical Center in Bnei Brak has disrupted the facilityās record-keeping systems, leading to the suspension of new patient admissions to outpatient clinics and imaging centers. While ongoing patient care remains unaffected, the hospitalās operations have been severely hampered due to the breach. Although the identity of the attackers has yet to be confirmed by the Israel National Cyber Directorate, previous incidents have highlighted the vulnerability of medical centers to cyber threats, urging institutions to strengthen their cyber defenses and adopt swift response protocols.
10. IBL Healthcare Cyber Attack
ALPHV/BlackCat ransomware group has reportedly targeted IBL Healthcare, a Pakistan-based organization, and claimed responsibility for the cyber attack. The attackers have asserted their involvement on their dark web portal, alleging that they possess a significant amount of data exfiltrated from the IBL Healthcare cyber attack. While IBL Healthcare has not yet confirmed the attack, the healthcare sectorās vulnerability to cyber threats is underscored by this incident, as healthcare organizations become increasingly targeted by hackers seeking valuable personal and financial information.
š¢ Cyber News
11. Russia NPO Mashinostroyeniya Hit by ScarCruft
The state-sponsored hacking group ScarCruft has been identified as the perpetrator of a cyberattack on NPO Mashinostroyeniya, a prominent Russian space rocket designer and intercontinental ballistic missile engineering organization. The attack involved planting a Windows backdoor named āOpenCarrotā within the organizationās IT systems, enabling remote access to their network. While the motive behind the attack remains unclear, ScarCruft (also known as APT37) is recognized for its cyber espionage activities, suggesting the theft of sensitive data might have been their aim.
12. Spanish Police Dismantle ATM Fraud Ring
Spanish police have apprehended three individuals involved in a sophisticated banking card fraud operation that targeted ATMs of national banks, resulting in the illicit acquisition of nearly 196,000 euros. The suspects employed a range of hacking techniques, including skimmers, micro-cameras, phishing emails, and false online profiles, to steal sensitive data from unsuspecting users. The arrests were made in Valencia following an operation led by the Spanish policeās internet crime and financial fraud divisions.
13. White House Tackles School Ransomware
The White House is taking proactive measures to enhance cybersecurity defense for K-12 schools as students prepare to return to classrooms. Recognizing the surge in ransomware attacks on under-resourced educational institutions, particularly during the pandemicās remote learning shift, the Biden administration aims to prevent disruptions in the upcoming academic year. Plans include establishing a government cybersecurity council led by the Department of Education, extensive training for K-12 entities, and the release of guidance documents promoting multifactor authentication, strong passwords, phishing recognition, and software updates. These initiatives are set to be highlighted in a cybersecurity summit hosted by key officials, emphasizing the administrationās commitment to safeguarding the education sector from cyber threats.
14. Clop Ransomware Shares Data via Torrents
The notorious Cl0p ransomware group has taken a novel approach by offering access to data stolen in MOVEit attacks through torrents, a move revealed by security researcher Dominic Alvieri. Screenshots showcased the groupās actions, including big-name victims such as investment firm Putnam, Iron Bow Technologies, and Delaware Life. This innovative shift by Clop is likely an attempt to overcome slow downloads of large data dumps on leak sites, providing instructions for using torrent clients alongside data from about 20 compromised organizations. Clopās tactics underline the evolving strategies of ransomware groups seeking to enhance their reputation and financial gains through unconventional means.
15. Advanced Technique Reveals Laptop Keystrokes
Researchers have developed a groundbreaking ādeep learning-based acoustic side-channel attackā capable of accurately classifying laptop keystrokes recorded using a nearby phone, achieving an impressive 95% accuracy. This innovative approach, detailed in a recent study by Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad, showcases an accuracy record of 93% when trained on keystrokes obtained via Zoom video conferencing software. Side-channel attacks, which exploit physical effects during data processing, pose potential risks to user privacy and security, highlighting the need for countermeasures against this evolving threat. To execute the attack, the team conducted experiments involving Apple MacBook Pro keys, transforming keystrokes into mel-spectrograms and employing a deep learning model named CoAtNet for precise classification.
Subscribe and Comment.
Copyright Ā© 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.
