Β What’s happening in cybersecurity today?
Β DarkGate, Vietnam, Malware, SolarWinds, China, India, Loans, ExelaStealer, Quasar RAT, Okta, Jakeβs 58, Pensacola, Florida, Viking Line, Philippines, CISA, Zeekill, E-Root, Finland, Moldova.
π¨Β Cyber Alerts
1.Vietnamese Cyberattacks Target Marketers
Cybercriminal groups based in Vietnam are targeting digital marketing professionals in the US, UK, and India with a range of malware, including the DarkGate information stealer. The attackers utilize social engineering campaigns to trick victims into downloading malicious files disguised as job descriptions or salary details. These campaigns have affected various sectors, making it challenging to attribute them to specific groups, although they share a common Vietnamese origin.
2. Security Risks in SolarWinds Access Audit
Security researchers recently uncovered three critical remote code execution vulnerabilities within SolarWinds Access Rights Manager (ARM), a tool designed for managing and auditing user access rights in IT environments. These flaws could have allowed remote attackers to execute arbitrary code with SYSTEM-level privileges, which provides complete control over a compromised system.
3. Chinese Scammers Exploit Fake Loan Apps
Chinese scammers are using counterfeit loan apps to target India’s digital payment system, leaving thousands of victims in their wake. Promising substantial loans with easy installments, these scammers collect personal information and fees from their victims before disappearing. To evade law enforcement, they employ Chinese payment gateways and Indian money mules, making it challenging to trace their malicious activities.
4.Emergence of ExelaStealer Malware
A new information-stealing malware called ExelaStealer has surfaced in the cybercrime landscape, offering cybercriminals an affordable option to capture sensitive data from compromised Windows systems. Developed in Python with support for JavaScript, it’s equipped to steal various data, including passwords, credit cards, and more. With a low cost and ease of use, this tool poses a significant threat, emphasizing the continuous evolution of data exfiltration techniques in cybercrime.
5.Quasar RAT Exploits DLL Side-LoadingΒ
The Quasar RAT, an open-source remote access trojan, has been detected using DLL side-loading to operate discreetly and pilfer data from compromised Windows systems. Uptycs researchers uncovered this technique, which leverages trusted Windows files like ctfmon.exe and calc.exe. Quasar RAT, also known as CinaRAT or Yggdrasil, is a C#-based remote administration tool used for gathering system information, running applications, keystroke logging, and executing shell commands.
π₯ Cyber Incidents
6.Okta’s Stolen Credentials Breach
Okta, a major identity and access management company, has reported a security breach where attackers exploited stolen credentials to access files containing cookies and session tokens uploaded by customers to its support management system. While Okta’s Chief Security Officer assured that the production Okta service remains unaffected, the breach has raised concerns about the exposure of sensitive data. BeyondTrust, one of the affected customers, detected and reported an attempt to log into an Okta administrator account using a stolen cookie, leading to the discovery of the breach.
7.Cybersecurity Event Shuts Down Jake’s 58 Casino
Jake’s 58 casino in Islandia, New York, has remained closed for the third consecutive day due to a “cybersecurity event” that occurred at the Las Vegas-based company Everi Games Inc., responsible for operating New York’s video lottery machines. The shutdown also affected the Resorts World Hudson Valley casino in Newburgh, though it reopened on Tuesday. Everi Games Inc. is actively investigating the cybersecurity incident, with assurances from both the New York State Gaming Commission and Everi that personal identifiable information was not compromised.
8.AvidXchange Takes Action After Data Leak
Charlotte-based AvidXchange experienced a cybersecurity attack that potentially exposed the financial account information of nearly 7,000 customers, starting in March. The data breach was discovered during a routine security check in April and later revealed in May, leading to ongoing investigations and customer notifications. While no identity theft or fraud was detected, the breach included confidential data, such as personal information, financial account numbers, and PINs. AvidXchange responded by offering identity theft protection services and implementing security measures to safeguard their products and customers.
9.Florida First Circuit Faces Data Breach
In the aftermath of a cyberattack that disrupted administrative systems, Chief Judge John Miller of the First Judicial Circuit has confirmed that personal information was compromised. This circuit encompasses courthouses in several Florida counties. The attack, which was attributed to the ALPHV/BlackCat ransomware group, affected court operations and exposed social security numbers and court system details. Despite the challenges posed by the breach, the local IT teams and county clerks have been praised for their efforts in maintaining operational court files.
10.Shipping Sector Under Siege by Cyber Threats
A widespread cyberattack, believed to be a DDoS attack, has crippled shipping companies across Europe, with Viking Line among those affected. The assault, which began on Thursday, resulted in multiple websites going offline. IT teams are currently working diligently to resolve the issue. According to reports, the shipping industry has seen a significant increase in cyberattacks, making cybersecurity measures a critical concern for the sector. This incident underscores the urgent need for strong cybersecurity across various industries.
π’ Cyber News
Β 11.Philippine Military Warned About AI Apps
The Philippine defense chief, Gilberto Teodoro Jr., has issued an order for the entire military to cease using digital applications that employ artificial intelligence to generate personal portraits, citing potential security risks. This decision comes as the country’s forces are engaged in addressing long-standing communist and Muslim insurgencies and safeguarding territorial interests in the disputed South China Sea.
12.E-Root Operator Faces 20-Year Extradition
Sandu Diaconu, the operator of the illicit E-Root marketplace, has been extradited to the United States and may face a maximum prison sentence of 20 years for selling access to compromised computers. Diaconu was arrested in the U.K. in May 2021 as he attempted to flee following the seizure of E-Root’s domains in late 2020. E-Root was an illegal online marketplace that facilitated the sale of access to breached computers worldwide in exchange for cryptocurrency. Over 350,000 compromised systems were listed for sale on the platform, including computers from various industries and even a government system in Tampa.
13.Enhancing Cyber Incident Response
The Cybersecurity and Infrastructure Security Agency (CISA) has released a fact sheet detailing its efforts to revise the National Cyber Incident Response Plan (NCIRP). Through the Joint Cyber Defense Collaborative (JCDC), CISA aims to update the NCIRP to address the significant changes in policy and cyber operations since its initial release in 2016. The NCIRP 2024 will encompass principles grounded in unification, shared responsibility, learning from past experiences, and keeping pace with cybersecurity evolutions.
14.Finnish Hacker Faces Extortion Charges
Finnish national Aleksanteri KivimΓ€ki, also known as “Zeekill,” has been charged in a Finnish court with multiple counts of extortion and data leaks related to the 2020 breach of a mental health clinic’s patient database. The breach impacted around 33,000 patients of the Vastaamo clinic, leading to extensive investigations. Prosecutors have called for a minimum seven-year prison sentence for KivimΓ€ki, who had previously faced legal consequences for a hacking spree targeting U.S. universities and a database provider in the past.
US Representative Andrew Garbarino, a leading House Republican, emphasized the need for better coordination between the U.S. government and the private sector to prepare for a significant cyberattack. He highlighted that public-private partnerships are crucial because 80% of critical U.S. infrastructure is privately owned. In the event of a massive cyberattack, clear plans and leadership roles are needed to restore essential services across sectors like banking, transportation, healthcare, and energy.
Β
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
