The cyber-war just got dirtier. A year or two back, an age in cyber-years, even the most ruthless cyber-gangs avoided attacking medical facilities to create a better public image in the eyes of the hacker community. Their stance has weakened somewhat since then, with attacks on the health sector becoming more common. But a recent attack on the US Red Cross is unusual enough to ring alarm bells outside the cybersecurity community.
Chinese hacker group Budworm has been using cyber-espionage malware to target a telecommunications company in the Middle East and an Asian government organization.
Reports say attacks have been orchestrated through a new variant of the group’s SysUpdate backdoor malware, and that telecommunication companies have become a common target for hacking groups.
Following hard on the heels of the recent attack on the US Red Cross comes a report that text-based email attacks on the healthcare sector have risen almost threefold this year. Cybersecurity firm Abnormal Security reports that the healthcare industry has also seen an overall 167% increase in advanced email attacks in 2023, which includes credential phishing, malware, business email compromise (BEC), and extortion.
Travel itineraries and diplomatic deliberations were among the data within seized emails in a recent hacker breach of the US State Department systems. As many as 60,000 emails were compromised in the attack.
Allegedly, this attack had been done by threat actors linked with the Chinese government and reports say the incident is likely to raise concerns on Capitol Hill concerning the ramped-up efforts by Chinese hackers.
Cryptocurrency is being increasingly targeted by hackers, with $7.9 million recently stolen in a hack targeting cryptocurrency exchange HTX. The hack attack was identified as soon as it occurred, with HTX authorities stepping up promptly in an innovative way to recover losses.
Following the attack, HTX offered a ‘white hat’ ethical hacker a 5% bonus to return the stolen cryptocurrency, amounting to a total bonus of $400,000.
Dubbed the ‘biggest hack of the year’, the recent attack on Hong Kong-based digital wallet company, Mixin Network has cost the company $200 million worth of crypto assets.
Network authorities have announced that deposits and withdrawals on the site will only recommence once all vulnerabilities have been confirmed and fixed.
There has been a surge of advertisements on the dark web this year, with over 700 adverts advertising Distributed Denial of Service (DDoS) attacks through the Internet of Things (IoT) devices having been identified.
The cost of employing the sinister DDoS attack services ranges from $20 per day to $1 000 per month, depending on the amount of protection the target has.
Artificial intelligence (AI) services are enabling unscrupulous online blackmailers to create fake but highly realistic sexually explicit photographs and videos of innocent victims. The blackmailer usually emails the target individual to show them pornographic images of themselves, threatening to send the pictures to the victim’s contacts – a process known as “sextortion.” A variation is to claim to have compromising images of the victim recorded via the webcam on their smartphone.
The Lazarus group is using two new remote access trojans to target health systems’ ManageEngine vulnerabilities.
The group recently made headlines after targeting healthcare entities in Europe and the US and has since evolved its malware to exploit the CVE-2022047966 vulnerability in the ManageEngine setup, allowing for remote code execution.
Its new RAT variants, QuiteRAT and CollectionRAT, allow for the attacker to run arbitrary commands, among other capabilities.
Singaporean police have warned Android phone users of a new malware variant that is capable of resetting Android phones to factory settings. Reports say that more than $7.3 million has been lost through threat actors using the malware variant. The malicious code is hidden in social media posts, advertising the sale of different items. It is then downloaded when the applicant clicks on the link to make a payment.
US corporations lose an average of 4.3 percent of their online revenues to malicious ‘bots,’ malware designed to resemble human communications. Malware attacks of this nature accounts for an average annual loss of $86.5 million a year for corporations with average annual online revenues of $1.9 billion, according to a new report from cybersecurity firm Netacea, “Death by a Billion Bots: The Accumulating Business Cost of Malicious Automation”.
It seems that no one and no business is immune to hacker activity. Recent reports say that Pizza Hut Australia has again been the victim of threat actors a year after its newsmaking Optus cyber attack.
Reports allege customers’ data has been compromised by the incident, which occurred in early September, with the fast food outlet having contacted clients to notify them of the data breach.
The US Federal Bureau of Investigation (FBI) is increasingly anxious to enlist the private sector in the losing battle it is fighting against global cybercrime and espionage. Speaking in Washington on Monday, FBI director Christopher Wray stressed the importance of “collaborative, public-private” operations in fighting cybercrime, developing a strategy previously outlined by FBI Deputy Director Paul Abbate at a Boston cybersecurity conference three months ago.
International money transfer company, US-based Western Union, has been obliged to pay a further $40 million on top of a previous $365 million payout to defrauded customers. As many customers were the victims of phishing attacks in which Western Union had already admitted some of its staff were complicit, the payouts highlight the growing “insider threat” now facing multinational corporations.
ORBCOMM, the US trucking and fleet management software provider, has linked recent service outages across freight transportation firms throughout the US to a ransomware attack.
These outages prevented the Blue Tree Electronic Logging Device usage and inventory tracking capabilities of the fleet management software. Investigations continue into the identity of the threat actors.
The BlackCat ransomware gang is now using the Sphynx encryptor to target Azure cloud storage. The Spynx variant was discovered in March this year in an investigation of a data breach that shared similarities with another attack described in an IBM-Xforce report.
BlackCat continues to be one of the most high-profile, sophisticated threat actor groups, owing to the gang’s ability to continuously refine and adapt its tactics.
When cybercriminals speak about “jailbreaking,” they are not discussing springing someone from prison. It refers instead to circumventing safety restrictions on AI-driven chatbots to effectively weaponize AI for criminal purposes.
A new phishing attack campaign using DarkGate Loader malware has been identified, with Microsoft Teams users being urged to exercise caution.
This malware is specifically a ‘loader malware’ meaning that it is able to download and execute other malware programs on the infected device. The additional malware then downloads in the infected device’s memory structure, making it hard to detect since it isn’t in the device’s file system.
Hackers have seized $53 million worth of cryptocurrency from CoinEx.
Hackers violated the site’s hot wallets, taking the cryptocurrency, with CoinEx reassuring that user assets had not been impacted by the incident.
The European Police Office (Europol)’s first-ever threat assessment on the topic, ‘The other side of the coin: an analysis of financial and economic crime in the EU’, aims to shine a spotlight on a EUR 188 billion-plus international underground criminal economy.
A malicious malware attack targeting Asia’s power grid has been reported.
Called ShadowPad or PoisonPlug the malware allows for credential theft. Reports allege the malware to be the work of novel threat operation RedFly.
In today’s roundup; Cyberattacks encrypt UK school data, Russian threat actors may face lengthy imprisonment, and ‘Charming Kitten’ hacks 34 company systems.
In today’s roundup; Addresses forged via email forwarding, the Sri Lankan attack causes government data loss, and Pune reports a spike in cybercrime cases.
Some aspects of the US Securities and Exchange Commission (SEC)’s stringent new cyber rulings, which officially became law this week, may come as an unpleasant shock to many CEOs and their boards. While the SEC is giving companies a 14-week grace period until December 18 this year, the new rulings still represent a tight deadline […]
Dunghill Leak group claims responsibility for Sabre attack The Dunghill Leak group has claimed responsibility for the cyberattack on travel booking giant Sabre which left its files exposed on a dark web leak site. The company is investigating the claims by the threat actors. New scholarship launched in response to increasing cyber threats The SANS […]
New RAT variant gives control over Android devices The Indian government has warned of a malware attacking Android users through social media. Called DogeRAT, the new malware is able to access sensitive data, such as contacts, messages, and bank credentials, and grant hackers control over infected Android devices. New Chaes malware variant displays ‘significant transformations’ […]
In today’s roundup; Russian threat actors target the Ukranian Military, browser-hacking malware found on the phones of Xiaomi users, and a LockBit data leak.
The percentage of ethnic minorities working in cyber in the UK has seen an upward trend over the last three years, although it appears to have plateaued at 22 percent after rising from 16 percent in 2020 to 25 percent in 2022. While the cyber workforce is slightly more diverse than that of the digital sector and UK workforce as a whole, the percentages are still lagging far behind where they should be and the US cyber workforce shows similarly lackluster percentages.
In today’s roundup; a Chinese cyberespionage group deploys malware, new Android malware, MMRat, unlocks phones, and DreamBus malware targets RocketMS servers.
Security researchers, ESTET reports a 178% increase in sextortion emails between the first half of 2022 and the first six months of 2023, marking the category out as a top email threat. The company ranks sextortion emails third among all email threats in H1 2023.
A new malware strain that gives the location of an infected device has been identified.
The Hacker News explains that the malware has one operation: ‘Every minute it triangulates the infected systems’ positions by scanning nearby Wi-Fi Access points as a data point for Google’s geolocation API.’ Cyber experts aren’t yet clear ‘who or what’ is interested in the location of an infected device or the motives behind why this specific form of malware was produced.
The malicious threat actor behind CypherRAT and CraxsRAT malware has been unmasked as the Syrian threat actor, EVLF. These RATS allow an attacker to control a victim’s device’s location, camera, and microphone.
In today’s roundup; XLoader, OfficeNote copycat hides malicious code, hosting firm refuses to pay ransom, and Cybersmart announces $15 million series B funding.
US intelligence agencies and the US Air Force issued a joint advisory warning space innovation and assets are now prime targets for cyber-espionage.
According to the Wall Street Journal, a trio of major cyber companies announced layoffs, further highlighting a slowdown in the sector, which though resilient, is starting to feel the impact of a wider downturn. Rapid 7, a Boston-based company, announced layoffs affecting 400 people, while Atlanta’s Secureworks cut 300, and Dragos let go of 50.
According to a study conducted in June, “Threat intelligence: Eyes on the enemy,” by threat intelligence firm Cyber Risk Analytics (CRA), vulnerability priority is the chief use of threat intelligence for 70 percent of the study’s respondents; 65 percent of those respondents also stated that they are starting to use threat intelligence to aid them with reactive incident response. By contrast, proactive measures still rank low on the list of primary uses for threat intelligence where most organizations are concerned, with 50 percent of respondents using threat intelligence for threat hunting and 46 percent, fewer than half, using actionable threat intelligence providing advanced warning against future attacks.
The attack allowed bad actors to lock LinkedIn users out of their accounts and resulted in ransom demands to allow users to access their accounts again. The ongoing attacks caused LinkedIn account inquiries to spike by 5000%. The full report is available on Cyberint’s website.
Barracuda Email Security Gateway devices have again been violated, this time through a novel backdoor malware named ‘Whirlpool.’ The US Cybersecurity and Infrastructure Security Agency (CISA) has identified the breach to be the work of a pro-China group of hackers. The threat actors have targeted a zero-day remote command injection vulnerability through the malware. Reports say this vulnerability was used to plant malware payloads of Seapsy and Whirlpool backdoors on compromised devices.
A new summer craze is hitting the world of cybercrime – weaponized Quick Response (QR) codes. According to cybersecurity firm Darktrace, last month saw a marked increase in “Quishing” attacks.
Tony Glover
