In today’s cybersecurity exploration, we uncover FBI Alerts to Dual Ransomware Attacks Targeting Businesses, BunnyLoader’s emergence as a dynamic threat in MaaS, Iran-Linked OilRig Group’s use of Menorah Malware in cyber-espionage, a critical zero-day vulnerability in Exim MTA risking millions of servers, ASMCrypt’s powerful evolution from DoubleFinger, and the exploitation of Microsoft Bing’s AI Chatbot by malicious ads.
Embark on a cyber odyssey from a ransomware attack on Michigan Healthcare Giant McLaren, Russian hackers targeting the Royal Family’s website, an Indian taxpayer data leak sparking cybersecurity concerns, to the Edinburgh Tram Network being hit by a cyber attack.
Explore the cybersecurity landscape as NSA launches an AI Security Center, New York State prohibits facial recognition in schools, Lazarus Group deploys a Meta recruiter scheme, cybersecurity giant IronNet ceases operations due to financial struggles, and a ShinyHunters hacker admits guilt in a multi-million dollar data theft.
π¨Β Cyber Alerts
1. FBI Warns of Dual Ransomware Threat
The FBI has issued a warning regarding a rising trend in dual ransomware attacks targeting organizations since July 2023. In these attacks, cybercriminals deploy two different ransomware variants against victims, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. These attacks can happen within a short timeframe, ranging from 48 hours to 10 days apart. Alongside this tactic, ransomware attacks increasingly involve custom data theft, wiper tools, and malware to pressure victims into making ransom payments.
2. Evolving Threat of BunnyLoader
A newly discovered malware-as-a-service threat known as BunnyLoader is causing concern in the cybersecurity community. BunnyLoader offers a range of functionalities, including downloading and executing second-stage payloads, stealing browser credentials and system information, and more. This C/C++-based loader, available for a lifetime license at $250, has been continuously developed since its debut in September 2023, with updates that incorporate anti-sandbox and antivirus evasion techniques. Its fileless loading feature is a key selling point, making it challenging for antivirus software to remove the attacker’s malware.
3. Iran’s OilRig Group Deploys Menorah
In a recent report, cybersecurity researchers have uncovered a spear-phishing campaign conducted by the sophisticated Iranian-backed hacking group known as OilRig. This campaign is designed to infect victims with a newly discovered strain of malware called Menorah. The malware possesses the capability to identify target machines, extract and upload files from them, and download additional malicious payloads.
4. Zero-Day Vulnerability in Exim MTA
A critical zero-day vulnerability in all versions of Exim mail transfer agent software has been discovered, which allows unauthenticated attackers to gain remote code execution on Internet-exposed servers. The security flaw, identified as CVE-2023-42115, is due to an Out-of-bounds Write weakness in the SMTP service, potentially leading to code execution on vulnerable servers. Despite being reported to the Exim team in June 2022, the developers have not provided an update on their patch progress, putting millions of servers at risk, particularly those accessible via the Internet.
5.Β ASMCrypt Unveils a New Malware Loader Threat
In the ever-evolving landscape of cyber threats, a new crypter and loader, ASMCrypt, has emerged as a formidable adversary, described as an advanced version of the DoubleFinger malware. ASMCrypt’s primary purpose is to surreptitiously load the final payload, avoiding detection by security systems, a technique known as crypting. This evolving threat underscores the relentless efforts of threat actors to develop sophisticated tools that can be used for a range of malicious activities, including ransomware attacks and data theft.
6. Bing Chatbots Vulnerable to Malware
Cybercriminals are using malicious ads to spread malware via Microsoft Bing’s AI chatbot, putting unsuspecting users at risk of downloading malicious software from seemingly legitimate conversations. The ads are inserted into Bing Chat conversations when users hover over links, displaying ads before organic results. Users are directed to fraudulent links and potentially tricked into downloading malware, illustrating the ongoing threat of malvertising tactics.
π₯ Cyber Incidents
7.Β McLaren HealthCare Hit by Ransomware
McLaren HealthCare, one of Michigan’s largest healthcare systems, has confirmed a ransomware attack after being targeted by the notorious hacker gang, Black Cat/AlphV. The organization detected suspicious activity on its network and immediately launched an investigation, which revealed a ransomware event. While the systems remain operational, McLaren is working with cybersecurity specialists and law enforcement to address the breach and has taken steps to bolster its cybersecurity defenses. The gang claims to have stolen a substantial amount of data, including personal information and hospital videos, but it’s unclear whether a ransom will be paid.
8. Russian Hackers Target Royal Website
In a bold move, Russian hackers affiliated with the pro-Putin hacktivist group KillNet claimed responsibility for a targeted cyber attack on the Royal Family’s official website. The attack occurred shortly after King Charles publicly condemned Russia’s invasion of Ukraine. The Royal Family’s website,Β royal.uk, was temporarily taken down for about 90 minutes due to a Denial of Service attack, but palace sources assured that the hackers did not gain access to their systems or content. This incident has sparked an ongoing investigation, as cybersecurity experts suspect KillNet of having connections to high-ranking figures within Putin’s regime.
9. Indian Taxpayer Data Leak Raises Concerns
Indian taxpayers are facing potential risks as reports of a data leak from a tax assistance organization have emerged. A hacker forum user known as ‘Hacking’ publicly disclosed Indian taxpayer data, raising concerns about data security. The leaked data was claimed to be from the website TaxReturnWala, which offers financial and tax-related services to individuals and corporations. While the authenticity of the data leak remains unverified, it underscores the need for increased cybersecurity measures to protect sensitive taxpayer information.
10. UK Transport Networks Hit by Cyber Attacks
Edinburgh’s tram network faces cyber threats as hackers disrupt the company’s website, causing it to go offline. Pro-Russian hacking group NoName claims responsibility for targeting several UK transport organizations, including Edinburgh Trams, Transport for Edinburgh, and various English-based travel operators. Investigations by both the National Cyber Security Centre and Police Scotland are underway.
π’ Cyber News
11. NSA Launches AI Security Center
The National Security Agency establishes a new AI Security Center to oversee AI development in national security systems, collaborating with the Pentagon, foreign partners, industry, and academia to develop best practices and risk frameworks for safe AI adoption in national security enterprises and defense industries.
12. NY Bans School Facial Recognition
In a significant move, New York state has prohibited the use of facial recognition technology in schools, citing concerns over student privacy and civil rights. The decision, made by Education Commissioner Betty Rosa, empowers local districts to make choices regarding other biometric technologies and digital fingerprinting. The ban comes after a report highlighted the potential drawbacks of facial recognition, including a higher rate of false positives for various demographic groups and the technology’s limited ability to enhance school safety.
13. Lazarus Group’s Espionage
The notorious Lazarus Group, linked to North Korea, has been identified in a cyber espionage attack targeting an aerospace company in Spain. In this intricate scheme, employees were approached on LinkedIn by a fake recruiter posing as a Meta representative. They were lured into opening malicious executable files disguised as coding challenges, unleashing a spear-phishing campaign called Operation Dream Job. The attack ultimately deploys a sophisticated implant known as LightlessCan, representing a significant advancement in the group’s malicious capabilities compared to its predecessor, blindingcan.
14. IronNet Shuts Down Amid Financial Struggle
In a stunning turn of events, IronNet, the once high-flying network detection and response company, founded by retired four-star Army Gen. Keith Alexander and valued at $1.2 billion, has ceased all business operations and terminated its employees. The company had struggled to secure additional sources of liquidity and was left with no choice but to file for bankruptcy protection, leaving stakeholders concerned about potential material and adverse effects.
15. ShinyHunters Hacker Pleads Guilty
Sebastien Raoult, known as ‘Sezyo Kaizen,’ has admitted guilt in the U.S. District Court of Seattle for his involvement in the notorious ShinyHunters hacking group. Raoult, a 22-year-old from France, was extradited to the U.S. after being apprehended in Morocco. He and his co-conspirators hacked into computers to steal corporate and customer data, which they then sold under the ShinyHunters alias on various dark web platforms, causing an estimated damage exceeding $6,000,000 and compromising hundreds of millions of records. Raoult now faces a potential prison sentence of up to 29 years for wire fraud conspiracy and aggravated identity theft.
Copyright Β© 2023 CyberMaterial. All Rights Reserved.