π What’s happening in cybersecurity today?
BiBi Wiper Raises Stakes in Cyber Attacks on Israel, Sapphire Sleet Targets Skills Assessment Portals, CherryBlos Cryptocurrency Theft, Maine Government Faces Massive MOVEit Data Breach, Poloniex Suffers $100MΒ Hack, Chess.com Security Breach, Up to 3.9M Northwell Health Patients’ Information Compromised, Raft Suffers $3.3M Exploit, Incident Paralyzes DP World’s Australian Ports, EU and Ukraine Strengthen Cybersecurity Ties, Deadline for Meta and Snap to Provide Child Protection Details,Β BulletProofLink Phishing Platform Shutted Down, Russia Restriction on VPNs.
π¨Β Cyber Alerts
1. BiBi-Windows Threat Expands
Cybersecurity researchers have identified a Windows version of the BiBi Wiper malware, previously used in cyber attacks against Israel. This development indicates an expansion of the attack, with the pro-Hamas group, BibiGun, now targeting end-user machines and application servers. The Windows variant is designed to overwrite data, delete shadow copies, and demonstrates multithreading capabilities, suggesting an increased level of sophistication in the group’s cyber campaigns.
2. Sapphire Sleet’s New Tactics Unveiled
A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a “shift in the persistent actor’s tactics.” Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a track record of orchestrating cryptocurrency theft via social engineering. “Sapphire Sleet typically finds targets on platforms like LinkedIn and uses lures related to skills assessment,” the Microsoft Threat Intelligence team said in a series of posts on X.
3. Beware of CherryBlos Malware
CherryBlos, a sophisticated Android malware, has been discovered targeting cryptocurrency accounts by extracting sensitive information stored in users’ photo galleries. The malware, cleverly disguised as various apps, including a cryptocurrency-mining app named SynthNet, infiltrated the Google Play store and was promoted on Telegram and TikTok to unsuspecting cryptocurrency investors.
4. ScreenConnect Exploited in Healthcare
Security researchers have uncovered a concerning trend as hackers exploit vulnerabilities in the ScreenConnect remote access tool to target multiple healthcare organizations across the United States. The attacks, discovered by managed security platform Huntress, occurred between October 28 and November 8, 2023, with ongoing threats likely. The threat actors, using tactics like installing additional remote access tools and conducting network reconnaissance, raise questions about the security of ScreenConnect instances used by Transaction Data Systems, a pharmacy supply chain and management systems solution provider.
5. Maine Suffered Massive MOVEit Data Breach
The State of Maine disclosed a massive data breach affecting approximately 1.3 million individuals, nearly the entire population of the state. The breach resulted from threat actors exploiting a vulnerability in the MOVEit file transfer tool, owned by Progress Software and used by various organizations globally. The exposed information includes sensitive data such as full names, Social Security numbers, dates of birth, driver’s licenses, and health insurance information, prompting the state to offer affected citizens free two-year credit monitoring and identity theft protection services.
6. Poloniex Faces $100M Hack
Centralized crypto exchange Poloniex has fallen victim to a major security hack, with wallet Poloniex 4 on Etherscan showing suspicious outflows. Preliminary analysis from PeckShield and Arkham Intelligence suggests that the incident resulted in the theft of over $100 million in crypto assets. While Poloniex is conducting an investigation, founder Justin Sun assures users that affected funds will be fully reimbursed and offers a 5% whitehat bounty to the attacker for a complete fund return within seven days.
7. Chess.com Cybersecurity Incident
A security breach at Chess.com, a prominent online chess platform, has led to the compromise of personal data for more than 800,000 users. The breach was revealed when a threat actor, identified as ‘DrOne’, leaked the scraped database on Breach Forums, a hub for cybercriminal activities. Although passwords were not included, the exposed information poses risks for phishing scams, identity theft, and social engineering attacks, emphasizing the need for robust cybersecurity measures and user vigilance online.
8. Data Breach Affects Northwell Patients
A major data breach has affected up to 3.9 million patients of Northwell Health, the largest healthcare system in Long Island. The breach occurred through the network of Perry Johnson & Associates (PJ&A), a Nevada-based medical transcription services provider. While Northwell’s systems were not directly impacted, sensitive patient information, including medical records and lab results, may have been accessed.
9. Raft’s DeFi exploit drains $3.3M
Raft, a decentralized finance platform, experienced a significant blow with a $3.3 million exploit, causing its R stablecoin to plummet by as much as 50%. Surprisingly, the attacker, after draining 1,577 ETH, sent 1,570 ETH to a burn address, essentially destroying most of the stolen assets, and ending up with only 7 ETH for themselves. The Raft co-founder, David Garai, confirmed the attack and shared that efforts are being made to reimburse users using the protocol-owned sDAI in the Peg Stability Module.
10. Cybersecurity Disruption at DP World
A cyber incident at DP World’s Australian subsidiary, a major operator of Australian ports, has caused a “nationally significant” outage, impacting the movement of goods in and out of the country. The incident affects ports in Sydney, Melbourne, Brisbane, and Fremantle, with DP World handling around 40 percent of Australia’s international container cargo. Air Marshal Darren Goldie, Australia’s national cyber security coordinator, noted that the impact would likely last for several days, affecting imports and exports.
11.EU-Ukraine Cybersecurity Pact
The European Union and Ukraine have formalized a cybersecurity cooperation agreement aimed at enhancing information sharing and capacity building. The agreement, signed by EU security agency ENISA and Ukraine’s National Cybersecurity Coordination Center, covers short-term actions and focuses on longer-term policy alignment in areas such as cyber awareness, legislation, and information sharing. This collaboration is seen as crucial for both parties in addressing cyber threats, with particular emphasis on Russia’s aggressive activities in cyberspace, as highlighted by Commission Vice President Josep Borrell.
12. Meta and Snap on Child Protection
The European Commission has given Meta Platforms and Snap until December 1 to provide detailed information on the measures they have implemented to safeguard minors from illegal and harmful content. This move follows a similar directive to YouTube and TikTok. The companies, including Meta, also received urgent orders last month to outline their actions against the spread of content related to terrorism, violence, and hate speech.
13. British MPs Uninformed on Facial Recognition
Privacy International’s latest study reveals that a significant number of British Members of Parliament lack crucial awareness about the deployment and risks associated with facial recognition technology. According to the study, over two-thirds of MPs surveyed are unaware of FRT usage in their constituencies, and more than half either lack knowledge or hold incorrect beliefs about existing laws governing its use.
14. BulletProofLink Phishing Platform Dismantled
A joint international operation involving the Royal Malaysian Police, the FBI, and the Australian Federal Police successfully dismantled the notorious BulletProofLink phishing-as-a-service platform. Inspector General of Police Tan Sri Razarudin Husain confirmed the arrest of eight individuals, including the mastermind, in locations across Kuala Lumpur, Sabah, Selangor, and Perak.
15. Russia Plans Targeted VPN Restrictions
Amidst concerns over VPNs providing access to restricted content, Russia, according to state news agency RIA, is set to block specific Virtual Private Networks and protocols deemed threats to security. The surge in demand for VPNs followed Russia’s restrictions on Western social media access after military actions in Ukraine. The move, based on expert commission decisions, intends to filter certain VPN services and protocols on the mobile communication network for foreign traffic.
