π What’s the latest in the cyber world today?
CACTUS Ransomware, DanaBot Malware, AeroBlade, U.S. Aerospace, P2PInfect Botnet,Β Microsoft Outlook, Russian Hackers, Poland, GitHub Repositories, Repojacking, Florida Water Agency, Hershey Phishing Attack, BlackCat Ransomware, Ho Chi Minh City Energy Company, Vietnam Electricity, Hugging Face, API Tokens, Meta, Microsoft, Google, VMware, The White House, U.S.Federal Facilities Security, EU Cyber Resilience Act, Steve Katz, Microsoft Office Attacks, Cyber Federal Employees.
π¨Β Cyber Alerts
1. DanaBot-Driven CACTUS Attacks
Β Microsoft has issued a warning about a fresh surge in CACTUS ransomware attacks employing malvertising tactics to introduce DanaBot as the initial access vector. DanaBot, labeled as Storm-1044 by Microsoft, functions as a versatile tool capable of stealing information and serving as an entry point for subsequent payloads. The threat actor Storm-0216, also known as Twisted Spider or UNC2198, is associated with hands-on-keyboard activity in deploying CACTUS ransomware, following DanaBot infections. This revelation underscores the evolving strategies of ransomware operators and the need for heightened cybersecurity measures.
2. AeroBlade Cyber Espionage Unveiled
The BlackBerry Threat Research and Intelligence team has identified a previously unknown threat actor, AeroBlade, in a cyber attack against a U.S. aerospace organization, suggesting potential cyber espionage motives. Using spear-phishing tactics, the actor employed a weaponized document with embedded remote template injection and a malicious VBA macro code to deliver the final payload. The attack, originating in September 2022, showcased evolving tactics, techniques, and procedures, emphasizing the threat’s adaptability and focus on information gathering for strategic purposes.
3. P2Pinfect Botnet Targets MIPS Devices
Cybersecurity researchers at Cado Security Labs have uncovered a new strain of the P2Pinfect botnet that focuses on infiltrating routers, IoT devices, and embedded systems. This variant, compiled for the MIPS architecture, introduces enhanced evasion tactics, including anti-VM measures and anti-debugger support on Linux. The botnet, initially discovered in July 2023, has experienced a substantial surge in traffic, with a 600x increase reported by Cado Security Labs since late August. The evolving threat targets devices with 32-bit MIPS processors, potentially spreading through SSH brute-forcing and Redis server exploitation.
4. Forest Blizzard Exploits Outlook Flaw
Cybersecurity experts from Microsoft and Warsaw reveal that Russian military intelligence hackers, identified as Forest Blizzard (APT28/Fancy Bear), are actively exploiting a patched flaw in Microsoft Outlook. The flaw, tracked as CVE-2023-23397, allows attackers to execute Pass the Hash attacks, compromising Windows account passwords. The hackers, believed to be associated with the Russian General Staff Main Intelligence Directorate (GRU), are using advanced techniques like password-spraying attacks and modifying permissions to maintain persistent access to high-value Outlook inboxes, posing a significant cybersecurity threat to public and private entities in Poland.
5. GitHub Go Modules Vulnerable to Repojacking
Β Over 15,000 Go module repositories on GitHub are exposed to repojacking attacks, according to research by VulnCheck. The vulnerability arises from GitHub username changes and account deletions, affecting 9,000 and 6,000 repositories, respectively, totaling over 800,000 Go module versions. GitHub’s countermeasure, popular repository namespace retirement, is not effective for Go modules, emphasizing the need for heightened awareness among developers about the modules they use.
6. Florida Water Agency Faces Cyber Threats
In the latest cybersecurity incident, Florida’s St. Johns River Water Management District discloses a recent attack on its IT environment, intensifying concerns about the vulnerability of water utilities to cyber threats. The agency, responsible for critical water supply oversight, experienced suspicious activity prompting swift containment measures. As U.S. cybersecurity agencies issue warnings and the aftermath of attacks on water facilities unfolds, the sector faces increased scrutiny and urgent calls for enhanced protective measures.
7. Hershey Investigates Data Breach
Chocolate giant Hershey is investigating a phishing attack that compromised a “limited number of Hershey email accounts,” exposing sensitive personal data of at least 2,214 individuals. The breach, occurring over two days starting September 3rd, included varying personal information such as names, health details, insurance, and financial credentials. Despite no evidence of misuse, Hershey is taking precautionary measures, forcing password changes, implementing safeguards, and offering affected users credit monitoring and identity restoration services. The incident underscores ongoing cybersecurity threats to major corporations, emphasizing the need for robust protective measures and user vigilance.
8. BlackCat Strikes Vietnam Energy
Β In a concerning cyber escalation, the BlackCat ransomware group targets Ho Chi Minh City Energy Company, a key subsidiary of Vietnam Electricity, prompting ALPHV to threaten reporting to the Vietnam Department of Energy. With 84 samples of the alleged breach circulating on the dark web, concerns rise over potential data compromise within Vietnam’s critical power infrastructure. As the situation unfolds, the hacker group’s ominous plan to extend attacks to social media platforms like Roblox and Twitch adds complexity to an already sophisticated cyber threat landscape.
9. Hugging Face Data Breach Exposes API Tokens
Β API tokens belonging to industry giants such as Meta, Microsoft, Google, and VMware have been discovered exposed on Hugging Face, a popular open-source platform for data science and machine learning. Lasso Security researchers identified over 1,500 exposed tokens, providing access to 723 organizations, including Meta, EleutherAI, and BigScience Workshop. The vulnerability, if exploited, could have led to data theft, poisoning of training data, or even stealing AI models, potentially impacting more than 1 million users.
10. DePauw University Ransomware
Β DePauw University alerted students to a data breach resulting from a ransomware attack, impacting current and prospective students. The liberal arts school, with about 1,700 students, discovered the cyberattack on October 31 and offered one year of identity protection services to affected individuals. The Black Suit ransomware gang claimed responsibility, stating they stole 214 GB of data. The university, located in Greencastle, Indiana, is reviewing security protocols. Ransomware attacks on educational institutions have surged in 2023, with 76 post-secondary schools affected, surpassing the 44 incidents recorded in 2022, signaling a growing cybersecurity threat to academic entities worldwide.
11. Biden Bolsters Federal Facility Security
In response to persistent and emerging threats, President Biden signed Executive Order 14111 to enhance the security of Executive Branch federal facilities. The Interagency Security Committee (ISC), established in 1995, plays a pivotal role in shaping policies and ensuring compliance for federal facility security. With a focus on countering ideologically motivated extremists, the order reaffirms the government’s commitment to fortifying the security and protection of all federal facilities.
12. EU’s Cyber Resilience Act Advances
Β The European Parliament and EU Council have reached a political agreement on the Cyber Resilience Act (CRA), a proposed legislation focusing on bolstering the security of digital products, particularly IoT devices. A groundbreaking move, the CRA mandates manufacturers to report significant cyber incidents and unpatched vulnerabilities, setting a precedent in the regulatory landscape. The legislation requires manufacturers to conduct risk assessments, offer a minimum of five years of support, and self-assess compliance, with security audits for critical products. The agreement awaits formal approval and, upon adoption, will initiate a 36-month adaptation period for affected organizations.
13. Cybersecurity Pioneer Steve Katz Passes
Β Steve Katz, the inaugural Chief Information Security Officer (CISO) and a cybersecurity pioneer, passed away at 76. Appointed as the first CISO at Citicorp in 1995, Katz shaped the cybersecurity landscape. Beyond his role, he advocated for industry standards, testified before Congress, and mentored many. Katz emphasized the crucial connection between CISOs and business leaders, promoting effective communication. His legacy extends to building robust security teams and fostering information sharing. A guiding light for cybersecurity professionals, Katz’s impact on the industry is profound, leaving behind lessons in leadership, mentorship, and a lasting influence on CISO roles globally.
14. Microsoft Office Attacks Surge 53% in 2023
Β Kaspersky’s cybersecurity report highlights a 53% surge in daily cyber-threats targeting Microsoft Office in 2023, with an average detection of 411,000 malicious files per day, reflecting a nearly 3% increase from the previous year. The research underscores a shift in cybercriminal tactics, emphasizing Microsoft Office and document formats as prime targets. The rise in malicious files, particularly in PDFs, is linked to increased phishing attacks. Trojans remain prevalent, but there’s a significant uptick in backdoor usage, indicating a heightened threat of remote system control. The report underscores the evolving and increasingly dangerous cyber-threat landscape, emphasizing the importance of robust security measures and user vigilance.
15. OPM Initiates Cyber Rotation for Government
Β The Office of Personnel Management (OPM) has launched the Federal Rotational Cyber Workforce Program, allowing cybersecurity employees in the federal government to apply for details at other agencies. The program, an outgrowth of 2022 legislation supported by Senator Gary Peters, aims to provide federal cybersecurity professionals with additional opportunities to enhance their skills and defend against evolving threats. OPM’s Open Opportunities platform lists 53 postings for 65 rotation opportunities across 12 participating agencies. The six-month to year-long details are intended to sharpen cybersecurity skills and address workforce challenges, such as talent shortages and salary gaps in the public sector.
