January 03, 2024 – Cyber Briefing

👉 What’s trending in cybersecurity today?

SMTP, QBit Stealer, Zeppelin2, Juniper, Anonymous Sudan, Twitch, Ukraine, Russia, Anonymous Collective, Bahrain, E Visa, NoName, Finland, Belarus, U.S. Department of Justice, XCast, European Central Bank, Former Trump Lawyer, AI for Legal Motion, Google, Usenet Groups, X.

🚨 Cyber Alerts

1. SMTP Smuggling Threat Unleashes Email Chaos

A novel exploitation technique called SMTP smuggling is on the rise, allowing threat actors to send deceptive emails with fake sender addresses while evading security measures. Timo Longin, a senior security consultant at SEC Consult, warns that vulnerable SMTP servers globally could be exploited for targeted phishing attacks. The technique exploits security flaws in messaging servers from Microsoft, GMX, and Cisco, allowing threat actors to send forged emails that appear legitimate and bypass authentication checks like DKIM, DMARC, and SPF.

2. QBit Stealer Dark Web Threat

A new dark web menace, the qBit stealer, has surfaced alongside the QBit Ransomware-as-a-Service (RaaS) group’s unveiling of its capabilities. The ransomware linked to the stealer can discreetly obtain files from victim systems, eluding detection by onboard security systems. Cyble Research and Intelligence Labs (CRIL) discovered the qBit stealer’s source code being distributed freely on dark web channels, emphasizing its alleged immunity to Endpoint Detection and Response solutions (EDRs) and its sophisticated features for targeted attacks.

3. Zeppelin2 Ransomware Sale Raises Alarms

A user on an underground forum is actively promoting the sale of Zeppelin2 ransomware, offering both its source code and a cracked version of its builder tool. Zeppelin2, known for its destructive capabilities, has caught the attention of cybersecurity experts and law enforcement agencies worldwide. The ransomware demands payments in Bitcoin, with extortion amounts ranging from several thousand dollars to over a million dollars, prompting a joint cybersecurity advisory from the FBI and CISA to address the Zeppelin2 threat.

4. CISA Adds Two High-Risk Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has identified and added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, indicating evidence of active exploitation. The vulnerabilities are identified as CVE-2023-7024, a Google Chromium WebRTC Heap Buffer Overflow Vulnerability, and CVE-2023-7101, a Spreadsheet::ParseExcel Remote Code Execution Vulnerability. These vulnerabilities serve as common attack vectors, posing significant risks to federal and other organizational networks, and organizations are strongly advised to prioritize their timely remediation to enhance cybersecurity defenses.

5. Juniper Analytics Vulnerabilities Update

Juniper has issued a security advisory addressing multiple vulnerabilities in Juniper Secure Analytics, with potential exploitation enabling cyber threat actors to gain control of affected systems. Users and administrators are urged by CISA to review Juniper’s advisory JSA75636 and promptly apply the required updates, particularly for Juniper Secure Analytics (JSA) 7.5.0 on JSA Series Virtual Appliance platforms. These vulnerabilities, spanning various versions up to 7.5.0 UP7, have been successfully resolved in Juniper Secure Analytics 7.5.0 UP7 IF03 and subsequent releases, with updates accessible for download on the official Juniper support platform.

💥 Cyber Incidents

6. Anonymous Sudan Targets Twitch

Coop, a significant Swedish retail and grocery provider, confronts a severe security threat as the Cactus ransomware group claims access to more than 21,000 directories of personal information. Despite Coop’s unique profit-sharing model, this breach emphasizes the aggressive tactics of ransomware groups, raising alarm about cybersecurity risks within retail sectors. The sophistication displayed by the Cactus ransomware operation in employing encryption methods and legitimate tools for data access amplifies the vulnerability of Coop and its extensive chain of stores.

7. Ukraine Foils Russian Hacking of Kyiv Cameras

Ukraine’s SBU uncovered that Russian-linked hackers infiltrated surveillance cameras in Kyiv to spy on air defense and critical infrastructure. The hackers manipulated the cameras’ angles and streamed the footage on YouTube, aiding Russian missile strikes. The SBU has since disabled around 10,000 cameras and is urging the public to cease online broadcasts from their devices to prevent further espionage.

8. Anonymous Collective Targets Bahrain E Visa

Anonymous Collective has reportedly launched a cyberattack on the E Visa service of the Bahrain government, sparking concerns about data security. Despite the claim, the E Visa service remains operational, raising questions about the legitimacy of the cyberattack. This leaves both citizens and cybersecurity experts awaiting official clarification on the situation, highlighting the ongoing challenge governments face in securing digital assets against determined adversaries like Anonymous Collective.

9. Russian Group Targets Finnish Entities

NoName ransomware, associated with Russian connections, has initiated a series of cyberattacks on various Finnish government organizations, causing temporary inaccessibility to multiple websites. Targets include entities like Traficom, NCSC-FI, The Railways, and more. The ransomware group, also known as NoName057(16), announced its attacks on a dark web portal, sharing screenshots on social media, indicating an attempt to disrupt daily activities in Finland.

10. Cyber-Partisans Target Belarus Media

Belarusian Cyber-Partisans launched a cyberattack on BelTA, the country’s largest state-owned media outlet, during the New Year’s holiday weekend, claiming to have wiped main servers and backups. The hacktivist group cited retaliation against President Alexander Lukashenko’s propaganda campaign as the motive behind the attack. The move comes amidst government restrictions on freedom of speech, with independent media outlets banned, and the hacktivists claim to have paralyzed pro-government propaganda websites, emphasizing the rising digital dissent against oppressive regimes.

📢 Cyber News

11. XCast Settles for Illegal Telemarketing

The U.S. Department of Justice reached a settlement with VoIP service provider XCast for facilitating illegal telemarketing campaigns, transmitting billions of robocalls, including scams claiming affiliation with government agencies. The settlement imposes a $10 million civil penalty, suspended due to XCast’s financial inability to pay. XCast is required to implement compliance measures, screen customers, and sever ties with entities violating telemarketing laws, marking a step in curbing illegal robocalls and protecting consumers from deceptive practices.

12. AI Misuse in Legal Cases Raises Concerns

Michael Cohen, former lawyer to Donald Trump, revealed he unknowingly employed generative AI to create fake case citations to aid in a legal motion. Cohen used Google Bard, a generative AI chatbot, to generate citations for his lawyer to argue for shortening his supervised release. The incident highlights the increasing use of AI in legal work, with AI language tools making their way into the legal industry globally.

13. ECB Conducts Cyber Stress Tests on Banks

Starting this month, the European Central Bank is conducting cyber stress tests on 109 banks to evaluate their resilience against cyberattacks. Each test simulates a disruptive cyberattack, monitoring how banks respond, recover, and resume normal operations. The initiative aims to identify weak spots and provide feedback, emphasizing the need for industry standards in cybersecurity practices.

14. Google Ceases Usenet Support

Google has officially announced the discontinuation of Usenet groups on its Google Groups platform starting February 22, 2024, citing a decline in legitimate activity and an increase in spam. Users will no longer be able to post, subscribe, or view new Usenet content through Google Groups after this date. The move reflects the platform’s shift away from text-based Usenet groups, with users migrating to more modern technologies like social media and web-based forums.

15. X Reinstates News Headlines

The social media platform formerly known as Twitter, now X, is reintroducing news headlines in user posts after Elon Musk’s decision to remove them for aesthetic reasons faced backlash from users. Musk’s attempt to enhance the platform’s aesthetics by eliminating headlines was met with criticism, as users found it challenging to understand the context of news stories. This reversal follows Musk’s indication in late 2023 that the platform would bring back headlines by overlaying the title on the image of a URL card, addressing users’ concerns about the missing context in their news feeds.