π What are the latest cybersecurity alerts, incidents, and news?
Lace Tempest Exploits Zero-Day in SysAid, Imperial Kitten Targets Israeli Logistics and IT Sectors, AI-Powered Scams Target Shoppers, Google Ads Deliver Malicious CPU-Z, Kamran Spyware Targets Urdu Users, Cloudflare Hit by DDoS Attack, ICBC Suffered Ransomware, Indian Cyber Force Strikes Back at Qatar, Signal Trials Usernames to Shield Phone Numbers, Kaspersky Reveals Asian APT Strategies, Monopoly Market Mastermind Pleads Guilty, US Radiology Specialists Fined $450K, Credit Repair Firms Drive Synthetic Identity Fraud Surge.
π¨Β Cyber Alerts
1. Lace Tempest Exploits SysAid in Cyber Threat
Microsoft has uncovered that the threat actor Lace Tempest, infamous for distributing the Cl0p ransomware, is responsible for exploiting a zero-day flaw in SysAid IT support software in limited attacks. Tracked as CVE-2023-47246, the vulnerability is a path traversal flaw that could lead to code execution within on-premise installations, and it has been addressed by SysAid in version 23.3.36 of the software.
2. AI-Powered Scams Threaten Black Friday
As Black Friday approaches, the UK National Cyber Security Centre is cautioning shoppers about an anticipated surge in AI-enhanced scams. Cybercriminals are likely to leverage AI technology, such as large language models, to create more convincing scam emails, advertisements, and fake websites. Despite the polished communication AI can produce, the NCSC advises shoppers to remain vigilant for typical scam indicators, including urgency, scarcity, and relevance to current events like Black Friday. The NCSC recommends implementing basic security measures like two-step verification and robust passwords to enhance online resilience during this shopping season.
3. Imperial Kitten’s Cyber Offensive in Israel
A recent report from cybersecurity firm CrowdStrike reveals that Iranian state-sponsored hackers belonging to the Imperial Kitten group have launched targeted cyberattacks against Israeli logistics, transportation, and technology companies. The attacks, observed between 2022 and 2023, involve various tactics, including phishing, credential theft, and exploiting vulnerabilities.
4. Google Ads Exploit Trust for Malware
A recent cyber threat involves a malicious campaign utilizing Google Ads to distribute a tampered version of the CPU-Z tool, delivering the Redline info-stealing malware. Identified by Malwarebytes analysts, this operation mirrors previous tactics, such as using Notepad++ malvertising for malicious payload delivery. The attackers utilize a cloned copy of the legitimate Windows news site WindowsReport to host the deceptive Google advertisement, exploiting the trust associated with tech news sites to trick users into downloading a trojanized CPU-Z installer.
5. Kamran Spyware Targets Urdu Users
Security researchers have discovered a targeted watering-hole attack on Hunza News, a regional news website covering Gilgit-Baltistan, a disputed region administered by Pakistan. The attack, identified by ESET malware researcher Lukas Stefanko, focuses on Urdu-speaking users and deploys a previously unknown spyware called Kamran. This espionage campaign, active between January 7 and March 21, 2023, coincided with protests in Gilgit-Baltistan, underlining the strategic importance of the region in the larger Kashmir dispute.
6. Cloudflare’s DDoS by Anonymous Sudan
Cloudflare faced a disruptive outage yesterday, displaying Google errors on its website and prompting investigation into potential automated queries. The outage, confirmed as a DDoS attack on www.cloudflare.com, had no impact on the company’s core services or products, according to a spokesperson. Anonymous Sudan claimed responsibility, citing a motive to target entities involved in Sudanese politics, though analysts raise suspicions of a potential false flag and connections to Russia.
7. ICBC Ransomware Disrupts U.S. Treasury
The Industrial & Commercial Bank of China is grappling with the aftermath of a ransomware attack that disrupted the U.S. Treasury market, causing equity clearing issues. As revealed by an emergency notice, ICBC’s inability to connect to DTCC/NSCC impacted all of its clearing customers, leading to a temporary suspension of inbound FIX connections and order acceptance. The attack’s repercussions extended to the point where ICBC could not settle U.S. Treasury trades for other market participants, prompting heightened cybersecurity concerns and regulatory attention.
8. Kyocera AVX Hit by LockBit Ransomware
Kyocera AVX Components Corporation, a prominent American manufacturer of electronic components, is notifying 39,111 individuals of a data breach following a ransomware attack. The breach, discovered on October 10, 2023, affected servers in South Carolina and led to the encryption of systems, causing temporary disruptions. Personal information, including full names and Social Security Numbers, was exposed, with the LockBit ransomware gang claiming responsibility and threatening to leak sensitive data, including proprietary designs and technical drawings, adding an additional layer of concern for both individuals and the company.
9. Indian Cyber Force Strikes Back at Qatar
An Indian hacker group known as ‘Indian Cyber Force’ initiated a series of cyber attacks on Qatar in response to the death sentences handed to eight former Indian Navy officers by a Qatari court in an espionage case. The hackers, claiming to have executed unauthorized server access, leaked credential data, defaced websites, and launched Distributed Denial of Service attacks, also breached the CCTV camera web servers of the country.
10. Harris Center Cybersecurity Response
The Harris Center for Mental Health and IDD in Harris County, Texas, is taking precautions in response to a suspected cyber attack, believed to be a ransomware incident that occurred on Tuesday. The attack resulted in the encryption of certain employee working files, leading to limited access and delays in patient care. The center has proactively shut down its network, collaborating with internal teams and third-party security specialists to investigate and restore full functionality while working with law enforcement and county authorities to manage the situation.
11. Signal Introduces Privacy-Enhanced Usernames
Signal, the encrypted messaging service, is conducting tests on a new feature that allows users to use public usernames instead of phone numbers, enhancing privacy during communication. Jim O’Leary, Signal’s VP of Engineering, revealed that the feature is currently in a staging environment, encouraging users to explore functionalities such as creating usernames, sharing username links, and adjusting phone number sharing settings.
12. Kaspersky Report on Asian APTs
The Kaspersky Cyber Threat Intelligence team has published a 370-page report, “Modern Asian APT groups: Tactics, Techniques and Procedures,” unveiling insights into the strategies used by Asian Advanced Persistent Threat groups. Drawing from the analysis of around one hundred cybersecurity incidents in 2022, the report sheds light on the APTs’ consistent tactics globally, emphasizing techniques like “Create or Modify System Process” and “Hijack Execution Flow”.
13. Monopoly Market Mastermind Admits Guilt
A 33-year-old Serbian man, Milomir Desnica, confessed to orchestrating the darknet drug marketplace Monopoly Market, specializing in the sale of opioids, stimulants, psychedelics, and prescription drugs. The Department of Justice revealed that Desnica amassed around $18 million from narcotics sales, including over 30 kilograms of methamphetamine sold to U.S. customers.
14. Radiology Group Fined Over Ransomware Breach
New York’s attorney general has fined US Radiology Specialists $450,000 following a 2021 ransomware attack affecting nearly 200,000 patients, urging companies to prioritize cybersecurity. The settlement mandates the implementation of improved data and network security practices, including IT asset management, encryption of patient data, penetration testing, and policies for data deletion.
15. Credit Repair Fuels Synthetic ID Fraud
Credit repair companies are identified as key contributors to first-party fraud, guiding individuals to deceive banks and defraud merchants. The global credit repair services market, projected to reach $10 billion by 2030, faces scrutiny as only a small percentage of these companies engage in fraudulent activities. Synthetic identity fraud exploits vulnerabilities in financial institutions, with credit repair agencies capitalizing on limited Social Security number verifications.
