Cyber Briefing: 2023.10.20
👉 What are the latest cybersecurity alerts, incidents, and news?
RCE Vulnerability, Microsoft’s Virtual Trusted Platform Module, MATA Malware, TeamCity, APT34, DNA Micro, Casio, Harlingen City, Russia, Akumin, Cadere Services, AlphV Ransomware, North Korea, Iran, Lloyd, Ragnar Locker Ransomware Gang, India, Tech Support and Crypto Scammers, CISA, NSA, FBI,MS-ISAC, #StopRansomware.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
🚨 Cyber Alerts
1.Multi-Malware Campaign Threatens Enterprises
Cybersecurity researchers have unearthed a sprawling malware campaign that has besieged over 200 targets globally with more than 10,000 attacks. This multifaceted threat, comprising an array of malware, including cryptominers and keyloggers, has penetrated a diverse spectrum of victims, ranging from government agencies to agricultural organizations and wholesale and retail trade firms. While the FBI and Kaspersky have refrained from attributing the campaign to a specific cyberthreat group, the focus is on enterprises offering business-to-business (B2B) products and services.
2.Vulnerability in Microsoft Virtual Trusted Platform
Multiple versions of Windows, including Windows 10 and 11, are affected by a critical vulnerability in the Microsoft Virtual Trusted Platform Module (vTPM). This flaw allows an authenticated attacker to execute arbitrary code on the targeted system, posing a significant security risk. Exploiting this vulnerability could enable remote attackers to take control of the affected system, highlighting the importance of prompt patching and mitigation efforts.
3.Advanced MATA Malware Hits Eastern Europe
An updated version of the MATA backdoor framework targeted Eastern European oil and gas companies and the defense industry. Using spear-phishing emails to deliver malicious executables, the attacks exploited a vulnerability in Internet Explorer. This new version of MATA combines a loader, a main trojan, and an infostealer to gain backdoor access and persistence in compromised networks, revealing the increasing sophistication of threat actors in the region.
4.North Korean Hackers Target TeamCity
North Korean state-sponsored threat actors, known as Diamond Sleet and Onyx Sleet, have been actively exploiting a critical vulnerability in JetBrains TeamCity, a popular DevSecOps tool. The flaw, identified as CVE-2023–42793, enables unauthenticated attackers to execute arbitrary code on TeamCity on-premises servers, potentially leading to source code theft and security breaches. TeamCity, used by thousands of organizations worldwide, including major companies like Nike and Citibank, has become a high-value target for these attackers, highlighting the need for heightened cybersecurity measures.
5. Stealthy APT34 Attack in Middle East
Iran’s APT34, known as OilRig, successfully infiltrated a Middle Eastern government network and held access for a remarkable eight months from February to September 2023. This hacking group, which has ties to Iran’s Ministry of Intelligence and Security, conducted these attacks to steal data, passwords, and install a PowerShell backdoor named ‘PowerExchange.’ This backdoor allowed the threat actors to execute commands through Microsoft Exchange, sending data via emails to remain discreet.
💥 Cyber Incidents
6.Tech Firm DNA Leak Private Phone Data
DNA Micro, a California-based IT company, inadvertently exposed the sensitive data of over 820,000 customers, including names, addresses, phone numbers, and warranty details. The leak, which lasted for at least six months, primarily impacted clients of DNA Micro’s subsidiary, InstaProtek, along with other companies like Liquipel and Otterbox.
7.Casio Data Breach Affects Customers
The City of Harlingen in Texas has officially identified the source of its data system cyberattack as originating from Russia. City Manager Gabe Gonzalez revealed that the cyberattack resulted in the encryption of some of the city’s data. To safeguard their network, Harlingen City authorities made the decision to temporarily shut down phone and internet services across all city departments.
8.Harlingen Cyberattack Traced to Russia
The City of Harlingen in Texas has officially identified the source of its data system cyberattack as originating from Russia. City Manager Gabe Gonzalez revealed that the cyberattack resulted in the encryption of some of the city’s data. To safeguard their network, Harlingen City authorities made the decision to temporarily shut down phone and internet services across all city departments.
9.Akumin Faces Service Disruption
Akumin, a South Florida-based outpatient radiology and oncology company, has faced a significant disruption to its operations after a recent cyberattack forced the shutdown of its computer system. As a result, patients have been unable to receive scans, and doctors are facing challenges in diagnosing conditions without access to vital medical images.
10.Cadre Services Hit Hard with AlphV Ransomware Attack
Cadre Services, a Wisconsin-based employment agency, fell victim to an AlphV ransomware attack. Despite the threat actors’ access to sensitive data, Cadre Services offered only $35,000 for protection, which was refused. Negotiations revealed the attackers’ extensive knowledge of the company, leading to leaked data, including personal records of job seekers and employees. Cadre now faces the challenge of addressing the breach’s impact, with significant personal information freely accessible.
📢 Cyber News
11.US Seizes North Korean Web Domains
The U.S. government has seized 17 web domains utilized by North Korean tech workers involved in a scheme to defraud American and foreign businesses, evade sanctions, and support Pyongyang’s weapons program. The Justice Department’s action aims to protect U.S. companies from infiltrations by North Korean hackers and ensure that American businesses are not unknowingly financing the regime’s weapons initiatives. These tech workers employed tactics that included creating deceptive websites resembling legitimate U.S.-based tech companies to hide their true identities while applying for remote work.
12.Lloyd’s Warns of $3.5 Trillion Cyber Threat
A major cyber attack on a significant financial services payments system could lead to widespread business disruptions, potentially resulting in a staggering $3.5 trillion in economic losses over a five-year period, according to research conducted by Lloyd’s and the Cambridge Centre for Risk Studies. Despite the growth of the cyber insurance market, estimated at around $9.2 billion in gross written premiums in 2022 and projected to reach between $13 billion and $25 billion by 2025, it is still relatively immature.
13.Global Effort Seizes Ragnar Locker Dark Web
Authorities have seized the Tor negotiation and data leak sites used by the Ragnar Locker ransomware gang. This takedown involved multiple agencies from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia. Ragnar Locker, a long-running ransomware operation, has been responsible for a series of high-profile attacks on enterprises, deploying double-extortion schemes to pressure victims into paying ransoms.
14.India Targets Tech Support and Crypto Scams
India’s Central Bureau of Investigation (CBI) conducted raids across multiple states, targeting tech support scams and cryptocurrency fraud operations. This initiative, known as Operation Chakra-II, aimed to dismantle financial crime rings and involved collaboration with international law enforcement agencies and tech giants like Microsoft and Amazon. The CBI seized electronic devices, froze bank accounts, and obtained critical information on these alleged scam operations, uncovering tech support scams impersonating major multinational companies such as Microsoft and Amazon.
15.CISA Updates StopRansomware Guide
Today, CISA, NSA, FBI, and MS-ISAC released an updated #StopRansomware Guide. The guide, developed by the U.S. Joint Ransomware Task Force, offers new prevention tips, revised response steps, and threat hunting insights. It serves as a comprehensive resource to help organizations detect, prevent, respond, and recover from ransomware incidents, emphasizing the importance of implementing its recommendations to minimize risks.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.
