π What’s going on in the cyber world today?
Bogus Chrome Updates, Flipper Zero, Bluetooth Spam, StripedFly Malware, Microsoft, Octo Tempest, Kazakhstan, BIG-IP Vulnerability, France, APT28, CCleaner, MOVEit, Reeds Spring School District, Data Breach, Anonymous Sudan, Spotify,ALPHV/BlackCat Ransomware, LBA Hospitality,Β UK, Critical Infrastructure, Google, AI Security, Australia, Solar Energy,Β DDoS, Cloudflare, Nigeria.
π¨Β Cyber Alerts
Researchers at Sucuri, a cybersecurity company, have identified a sharp increase in fraudulent websites offering fake Google Chrome updates, raising alarm over the potential distribution of remote access trojans (RATs) to users’ devices. These deceptive websites appear as legitimate Chrome updates but instead install RATs, often becoming the initial point of entry for ransomware attacks. Google has taken measures to block many of these malicious domains and has started issuing warnings to protect users from inadvertently downloading these harmful trojans.
A customized firmware for Flipper Zero, known as ‘Xtreme,’ has introduced Bluetooth spam attacks targeting Android and Windows devices. Originally demonstrated against Apple iOS devices by a security researcher, this technique is now being explored for its impact on different platforms. The spam attacks involve sending spoofed advertising packets to devices within range of pairing and connection requests, causing confusion and disruptions to the user experience with constant notifications.
A highly advanced cross-platform malware framework known as StripedFly has been silently infecting over a million Windows and Linux systems for five years. It was originally misclassified as a Monero cryptocurrency miner but was later revealed by Kaspersky to be an impressively sophisticated malware. StripedFly features TOR-based traffic cloaking, automatic updates from trusted platforms, worm-like spreading abilities, and an EternalBlue SMBv1 exploit predating its public disclosure.
Microsoft has issued a warning about the activities of the highly prolific threat actor, Scattered Spider, known for its financially motivated cybercrimes. Scattered Spider has expanded its operations by impersonating newly hired employees within targeted organizations, allowing them to blend in seamlessly and gain unauthorized access. Octo Tempest, as Microsoft calls it, is known for its sophisticated techniques, including adversary-in-the-middle (AiTM) strategies, social engineering, and SIM swapping capabilities, which have evolved to encompass ransomware attacks and data extortion for cryptocurrency theft.
A hacking group believed to be based in Kazakhstan, known as YoroTrooper, has recently conducted an extensive espionage campaign against members of the Commonwealth of Independent States (CIS), according to findings by Cisco’s Talos group. This group has demonstrated a focus on espionage, and the researchers pointed to their use of Kazakh currency, fluency in Kazakh and Russian, and their primary target being the Kazakh government’s Anti-Corruption Agency as indicators of their origin.
F5 has issued a critical security advisory regarding a vulnerability in BIG-IP that could potentially result in unauthenticated remote code execution. This vulnerability, identified as CVE-2023-46747, poses a significant threat with a CVSS score of 9.8 out of 10. Attackers with network access to the BIG-IP system through management ports or self IP addresses could exploit this vulnerability to execute arbitrary system commands.
π₯ Cyber Incidents
The French National Agency for the Security of Information Systems, it was disclosed that Russia’s APT28 hacking group, also known as ‘Strontium’ or ‘Fancy Bear,’ has been targeting various French government bodies, businesses, universities, research institutions, and think tanks since mid-2021. This cyber-espionage group, believed to be linked to Russia’s military intelligence service GRU, was found exploiting vulnerabilities in WinRAR and Microsoft Outlook, and it has been using tactics like brute-forcing and phishing to infiltrate accounts and devices on critical French networks.
8.CCleaner Confirms Data Breach
CCleaner, a popular software used for cleaning files and Windows Registry entries, has acknowledged a data breach caused by a MOVEit attack, leading to the exposure of certain customer data. Reports of this breach surfaced as CCleaner users received emails alerting them to the security incident. The exposed data includes low-risk employee information and limited personal details, such as names, email addresses, and phone numbers.
Spotify, one of the world’s leading music streaming platforms, recently experienced a significant disruption as its website went offline. Users worldwide reported issues with the service, with the website being the most affected. The incident, which coincided with almost 2,000 users reporting errors on DownDetector.com, is suspected to be a result of a Distributed Denial of Service (DDoS) attack. While the exact cause is unconfirmed, the hacker group Anonymous Sudan has claimed responsibility on their Telegram channel.
The ALPHV/BlackCat ransomware gang has targeted LBA Hospitality, a US hotel management group overseeing Marriott, Hilton, Holiday Inn, and Best Western properties across the southeastern United States. The attack exposed around 200GB of sensitive internal company data, including personal information such as IDs, social security numbers, financial reports, and more.
π’ Cyber News
The UK Parliament’s Science and Technology Committee has launched a call for evidence, inviting experts to contribute their insights. The UK, one of the world’s most targeted countries for cyberattacks, follows closely behind the United States and Ukraine. Recent incidents, including a breach of voter data at the U.K. Electoral Commission and the 2017 WannaCry attack on the National Healthcare Service, have highlighted the pressing need for increased cybersecurity measures.
Google is taking significant steps to enhance the security of its artificial intelligence (AI) systems. The company has expanded its bug bounty program to include AI-related vulnerabilities, allowing security researchers to report findings. Google is also applying supply chain security measures, like code signing and Supply-chain Levels for Software Artifacts (SLSA), to machine learning models to bolster AI security.
Amidst growing concerns of potential cyberattacks on internet-connected solar inverters in Australia, the government is moving closer to implementing security standards aimed at protecting the nation’s booming solar market. Researchers have highlighted cybersecurity vulnerabilities in rooftop inverters, with Chinese state-sponsored hackers suspected of targeting these systems, which are critical to converting solar energy into electricity for homes and businesses.
In the third quarter of 2023, Cloudflare faced a surge in hyper-volumetric HTTP DDoS attacks, marking a new chapter in the threat landscape. These attacks exploited a recently disclosed technique called ‘HTTP/2 Rapid Reset’ and reached unprecedented levels, with one attack peaking at 201 million requests per second. Cloudflare also observed an increase in mDNS, CoAP, and ESP DDoS attacks, while ransom DDoS attacks declined for the second consecutive quarter.
Nigerian authorities have successfully shut down a cybercrime recruitment and mentoring hub, culminating in the arrest of six individuals aged between 19 and 27. The suspects have confessed to participating in a range of cybercrimes, including identity theft, hacking, trading of hacked Facebook accounts, romance scams, and computer-related fraud. This operation has also revealed potential connections to more extensive cybercrimes, such as business email compromise and high-yield investment program fraud, with ongoing efforts to locate additional members of this criminal network.