π What are the latest cybersecurity alerts, incidents, and news?
NKAbuse Malware, Blockchain, Python Malicious Packages, OilRig Group, BianLian, White Rabbit, Mario Gang, Palestinian Entities Targeted, Ledger Heist, Kraft Heinz, Abu Dhabi Airport, Anonymous Arabia, Newsquest Attacked, Ubiquiti Devices, MITRE Framework, Rules for Data Breaches, Hive Ransomware, AI Security, Saudi Arabia and Bahrain Partnership, Chrome’s Privacy.
π¨Β Cyber Alerts
1.Β NKN Blockchain Used in DDoS Attacks
NKAbuse malware is leveraging NKN (New Kind of Network) blockchain technology for decentralized, peer-to-peer communication to conduct distributed denial-of-service (DDoS) attacks and act as an implant in compromised systems. With over 62,000 nodes, NKN is a software overlay network built on the existing internet, allowing users to share unused bandwidth and earn token rewards.
2. Malware Infects PyPI Repository
Cybersecurity researchers have uncovered 116 malicious packages on the Python Package Index (PyPI) repository, targeting both Windows and Linux systems. Employing various techniques, threat actors introduced backdoors capable of remote command execution and data exfiltration, with an estimated 10,000 downloads of the compromised packages since May 2023, underscoring the ongoing threat to open-source ecosystems from supply chain attacks.
3. Iran OilRig Group’s New Malware
The Iranian state-sponsored cyber espionage group, OilRig, has deployed three new malware downloaders, ODAgent, OilCheck, and OilBooster, throughout 2022 to maintain persistent access to victim organizations in Israel. These lightweight downloaders use legitimate cloud service APIs, such as Microsoft OneDrive and Outlook APIs, for command-and-control communication, allowing the threat actor to blend with authentic network traffic and conceal their attack infrastructure.
4. Pierogi Malware Hits Palestinian Targets
The Gaza Cybergang, a pro-Hamas threat actor, is actively targeting Palestinian entities using an updated C++ version of a backdoor named Pierogi. The group, active since 2012, exhibits a sustained focus on refining and retooling its malware, such as Pierogi, to ensure successful compromise of targets and persistent access to networks.
5. Ransomware Gangs Unite in Joint Campaign
Resecurity has revealed a significant collaboration between three major ransomware groups β BianLian, White Rabbit, and Mario Ransomware. The joint campaign, uncovered during a Digital Forensics and Incident Response engagement, targeted publicly-traded financial services firms, and the collaboration points to a growing trend of ransomware gangs working together, possibly facilitated by Initial Access Brokers and law enforcement interventions in cybercriminal networks.
π₯ Cyber Incidents
6. Ledger Faces $600K Cryptocurrency Heist
Ledger, a renowned hardware wallet provider, is sounding the alarm for users to steer clear of web3 dApps. The caution follows a supply chain attack on Ledger’s “Ledger dApps Connect Kit,” resulting in a staggering theft of $600,000 in cryptocurrency and NFTs. The compromised library, versions 1.1.5 to 1.1.7, harbored a malevolent JavaScript wallet drainer, prompting Ledger to advise users to swiftly replace the tainted version with a clean iteration, version 1.1.8. While Ledger assures the integrity of its core hardware and primary software application, it underscores the importance of vigilance in the face of ongoing phishing attempts capitalizing on the incident.
7. Kraft Heinz Faces Ransomware Investigation
Kraft Heinz Co., the global food company, is currently probing a cyberattack that reportedly led to data theft by the Snatch ransomware gang. The gang claimed responsibility for the attack on their dark web leaks site, revealing that it occurred in August, although no concrete proof was provided. Kraft Heinz is investigating a cyberattack on a decommissioned marketing website to determine its connection to Snatch’s claims, emphasizing the ongoing challenges posed by ransomware threats in the corporate landscape.
8. Anonymous Arabia Targets Abu Dhabi Airport
A shadowy cybercriminal collective, Anonymous Arabia, has set its sights on Abu Dhabi Airport, purportedly causing disruptions and raising concerns as the airport is the second busiest in the UAE after Dubai Airport. The alleged cyberattack, shrouded in secrecy, follows an update from Anonymous Arabia posted on their dark web portal, suggesting a potential Distributed Denial of Service (DDoS) assault. While the motives behind this cyber offensive remain undisclosed, speculation arises regarding its connection to the UAE’s stance on the Israel-Hamas conflict, adding geopolitical complexity to the situation.
9. Newsquest Cyber Attack Disrupts Media
Newsquest, one of the UK’s major regional media groups, faced a cyber attack on December 11th, causing disruptions at its local news outlets. The incident, reported to the UK National Cyber Security Centre, resulted in intermittent website outages and impacted journalists’ ability to file stories. While the media group contained most of the distributed denial-of-service (DDoS) attacks, some readers experienced disruptions, and Newsquest reassured that no personal data had been compromised during the incident.
10. Ubiquiti Users Claim Unauthorized Access
Ubiquiti users have reported accessing other people’s devices, including security camera footage and photos, when logging into their accounts. The issue involves the cloud-based UniFi platform, where some users received notifications from other users’ security cameras and experienced unexpected access to consoles. One user claimed to have gained access to 88 consoles from another account while attempting to log in to their own network. Ubiquiti is investigating the problem, and affected users are expressing concerns about network security and potential breaches.
π’ Cyber News
11. MITRE Launches EMB3D Cybersecurity Framework
MITRE has introduced a new threat model framework, EMB3D, aimed at bolstering the defense of operational technology (OT) and industrial control systems (ICS) against cyber threats. This framework offers a knowledge base focusing on cyber threats to embedded devices in industrial settings. EMB3D enables users to map these threats with vulnerabilities, utilizing systems such as Common Weakness Enumeration (CWE), Common Vulnerabilities and Exposures (CVE), and MITRE’s own ATT&CK mapping framework. The framework provides suggested mitigations, concentrating on technical mechanisms for device vendors to implement against specific threats. It is intended for use by the entire security ecosystem, including device vendors, manufacturers, asset owners, security researchers, and testing organizations. EMB3D, currently in a pre-release review period, is expected to be publicly available in early 2024, with ongoing updates reflecting emerging threats and security research findings.
12. FCC Enhances Data Breach Rules
The Federal Communications Commission (FCC) has updated its data breach rules, defining breaches to include “inadvertent access, use, or disclosure of customer information” and expanding notification requirements for telecommunications carriers and providers. The move faced opposition from Congressional Republicans, including Sen. Ted Cruz, who criticized the FCC for overstepping its authority and defying a 2016 Congressional order rejecting similar expanded privacy restrictions.
13. Paris Arrest in Hive Ransomware Case
French authorities apprehended a Russian individual in Paris for allegedly assisting the Hive ransomware gang in laundering ransom payments. The arrest followed an international effort to dismantle the Hive network, deemed a serious cyber threat. The suspect, linked to digital wallets receiving millions, was detained, and β¬570,000 in cryptocurrency assets seized, marking a significant move against ransomware operations.
14. Saudi-Bahrain AI Security Collaboration
Saudi Arabian students specializing in AI and cybersecurity are collaborating with Bahrain to research and assess the security and risks associated with large language models . The initiative, involving workshops and practical applications, aims to enhance students’ capabilities in identifying and evaluating potential risks across various platforms, emphasizing Amazon Cloud Services and network security measures on Amazon Web Services.
15. Chrome Blocks Third-Party Cookies
Β Google is initiating testing of its “Tracking Protection” feature in Chrome, beginning January 4, 2024, for 1% of users. The feature aims to default to restricting access to third-party cookies, limiting cross-site tracking and aligning with Google’s broader efforts to phase out third-party cookies in Chrome.
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
