Β
π What’s the latest in the cyber world today?
NetSupport RAT, Konni Cyber Campaign, Kinsing Malware, Apache ActiveMQ, DarkGate, PikaBot, QakBot, Phishing, India, Android, Banking Scam, Mustang Panda, Cyber Espionage, Philippines, BlackCat Ransomware, Drones, AFT, Welltok, MOVEit Attack, Paris Wastewater Agency, Idaho National Lab, Grid Cybersecurity, AT&T, Crime as a Service, National Cyber Director, OpenAI, Mass Resignation.Β Β Β
π¨Β Cyber Alerts
1. Β NetSupport RAT Evolving Cyber Threats
Threat actors are leveraging NetSupport RAT to infiltrate education, government, and business services sectors, with delivery methods ranging from fraudulent updates to phishing campaigns, according to VMware Carbon Black researchers. Over the past few weeks, the cybersecurity firm has identified at least 15 new infections associated with NetSupport RAT. Originally a legitimate remote administration tool, NetSupport Manager has been exploited by malicious actors, posing a significant threat as it allows monitoring, file transfers, and manipulation of computer settings on victim devices within networks.
2. Konni Campaign’s Russian Malware Document
FortiGuard Labs has uncovered a new facet of the persistent Konni campaign, revealing a Russian-language Word document embedded with a malicious macro. Despite the document’s seemingly innocuous September creation date, ongoing activity on the campaign’s command-and-control server raises concerns. This sophisticated campaign utilizes a remote access trojan (RAT) capable of extracting data and executing commands on compromised devices, employing diverse strategies for initial access, payload delivery, and persistence within victim networks. As the malware continues to evolve, users are urged to exercise caution when encountering suspicious documents, given its advanced toolset and encrypted communication with the C2 server.
3. Kinsing Malware Targets Apache Flaw
The Kinsing malware is actively targeting Linux systems through the CVE-2023-46604 vulnerability in Apache ActiveMQ, allowing remote code execution. Despite the fix released in October, thousands of servers are still vulnerable, with ransomware groups exploiting the opportunity. Kinsing, known for targeting overlooked flaws, is now using the flaw to deploy cryptocurrency miners on compromised servers, emphasizing the importance of timely patching and vigilance.
4. DarkGate and PikaBot Revive QakBot Tactics
Phishing campaigns are employing DarkGate and PikaBot malware, echoing tactics previously used by the now-defunct QakBot trojan. These campaigns mimic QakBot’s infection techniques, utilizing hijacked email threads and customized URLs to deliver malicious payloads. DarkGate and PikaBot, known for delivering additional malware to compromised systems, possess features attractive to cybercriminals and can lead to various malicious actions, including crypto mining, reconnaissance, or ransomware deployment.
5. Android Campaign Targets Indian Users
A new malware campaign is impacting Android smartphone users in India, utilizing social engineering tactics to trick victims into downloading fraudulent apps capable of harvesting sensitive data. Cybercriminals employ popular messaging platforms like WhatsApp and Telegram, posing as legitimate organizations such as banks, government services, and utilities. The malicious apps, disguised as essential tools, aim to capture banking details, payment card information, and personal credentials, highlighting the evolving threats facing mobile users.
6. China’s Mustang Panda Targets the Philippines
The China-linked cyber threat group, Mustang Panda, has been identified in a cyber attack targeting a Philippines government entity amid heightened tensions over the South China Sea dispute. Palo Alto Networks Unit 42 revealed three campaigns in August 2023, focusing on organizations in the South Pacific. The attackers utilized legitimate software like Solid PDF Creator and SmadavProtect, an Indonesian antivirus solution, employing creative techniques to impersonate Microsoft traffic for command and control connections. Mustang Panda, a persistent Chinese APT active since 2012, has conducted cyber espionage campaigns globally, targeting NGOs and government bodies.
7. Drone Maker AFT Faces Cyber Threat
Autonomous Flight Technologies faces a cyberattack allegedly by BlackCat ransomware, with claims of data exfiltration sold to a foreign entity. Despite notable partnerships with Airbus, NASA, and others, AFT has not issued an official response. The incident highlights the cybersecurity challenges in the unmanned aerial vehicle sector, emphasizing the need for robust measures, as outlined in NASA’s report on vulnerabilities in Urban Air Mobility.
8. Welltok’s Health Data Breach
Welltok, a leading health activation company, faces a major setback as its MOVEit Transfer server suffers a data breach, compromising the personal health information of millions. The stolen data, which includes names, addresses, dates of birth, and health details, pertains to members of prominent health plan providers. This security incident underscores the escalating threat landscape in healthcare, emphasizing the need for robust cybersecurity measures to safeguard sensitive medical information.
9. Wastewater Agency SIAAP Faces Cyberattack
The Greater Paris wastewater agency, SIAAP, responsible for managing wastewater for nine million people, fell victim to a cyberattack. The agency filed a complaint and has taken immediate measures, isolating industrial systems and cutting external connections to contain the attack. Although no hacking group has claimed responsibility, water authorities globally have become targets for ransomware attacks, emphasizing the importance of securing critical services.
10. Idaho Lab Cyberattack Data Breach Fallout
The Idaho National Laboratory, a key player in the US Department of Energy, has fallen prey to a cyberattack orchestrated by the infamous SiegedSec hacking group. The breach exposes sensitive data, including names, dates of birth, email addresses, phone numbers, social security numbers, addresses, and employment details, raising significant concerns about the compromise of critical infrastructure. This incident adds to the growing wave of cyber threats targeting essential facilities, prompting heightened vigilance among government officials and cybersecurity experts.
11. US Allocates $70M for Utility Cybersecurity
The US Department of Energy is offering a $70 million funding opportunity to electric cooperatives, small investor-owned, and municipal utilities to enhance their cybersecurity against evolving threats. Part of President Biden’s Bipartisan Infrastructure Law, the initiative aims to improve the resilience of the energy grid. The funding covers investments in technologies, tools, training, and processes, fostering a stronger cybersecurity posture for eligible electric utilities while supporting technical assistance and training for organizations with limited resources.
12. AT&TPartners with WillJam for Cybersecurity
AT&T is establishing a joint venture with WillJam Ventures, separating its cybersecurity services from its core connectivity business. WillJam Ventures, with an undisclosed investment, will jointly own and manage AT&T’s cybersecurity services unit. This move allows AT&T to concentrate on embedding security features in its connectivity products while expanding managed security services through the joint venture.
13. Rise of Malicious Bots Exploiting AI Impact
Arkose Labs reports a surge in Bad Bots, estimating 73% of internet traffic as malicious. The top five Bad Bot categories include fake account creation, account takeovers, scraping, account management, and in-product abuse. As artificial intelligence and crime-as-a-service offerings become more prevalent, the threat landscape is expected to worsen, emphasizing the need for robust Bad Bot detection and mitigation.
14. New Acting Leader for the US Cyber Office
The U.S. Office of the National Cyber Director sees its second acting director in nine months with the appointment of Drenan Dudley to replace former acting Director Kemba Walden. This comes amid ongoing efforts to fill the vacant permanent director role, with nominee Henry Coker awaiting approval in a Senate floor vote. Dudley, a longtime Senate Appropriations Committee staffer, steps in to coordinate federal cybersecurity efforts and oversee the national cyber strategy implementation.
15. OpenAI CEO Firing Sparks Mass Exodus
Over 700 OpenAI employees are threatening to resign unless the board of directors steps down, following the abrupt firing of CEO Sam Altman. The board cited Altman’s lack of consistency in communication, hindering its responsibilities. Microsoft, which has invested $10 billion in OpenAI, has hired Altman and OpenAI CTO Greg Brockman to lead its new AI research unit, and the letter suggests Microsoft has assured job opportunities for resigning OpenAI employees.
