In today’s highlights, Crypto-themed NuGet Packages Mask SeroXen RAT Threat for Developers, DarkGate Malware Utilizes Skype and Microsoft Teams for Distribution, Stayin’ Alive Campaign Targets Asian Government and Telecom Giants, US Government Expands AvosLocker Ransomware Affiliate Toolset, In-Depth Look at Phishing Campaigns in Italy, and CISA Releases Nineteen ICS Advisories for Enhanced Industrial Control Systems Security.
Recent developments involve Shadow PC Notifying Customers of Data Breach Amid Stolen Data Sale, Security Breach Exposing Sensitive Government Files in Mexican Senate, Credit Union Revealing Security Breach Tied to MOVEit Hack, and Edwardian Hotels London Confronting Cyberattack by BlackBasta Ransomware Group.
Recent news cover SYN Ventures’ Launch of $75 Million Cybersecurity Seed Fund, Europol’s 2023 EMPACT Hackathon Against Online Human Traffickers, Microsoft’s AI Bounty Program for Bing with $15,000 Rewards, SEC’s Investigation of Progress Software in MOVEit Ransomware Hack, and Cryptocurrency’s Role for Palestinian Militants Amid Conflict.
Malicious NuGet packages, masquerading as popular crypto wallets and exchanges, have distributed the SeroXen remote access trojan to developers, endangering their systems. These deceptive packages, uploaded by a user known as ‘Disti,’ boast over 2 million downloads and pose a significant threat to NuGet users. By impersonating authentic cryptocurrency projects and platforms, these packages create a false sense of credibility, luring unsuspecting developers into downloading malware and reinforcing the need for heightened security measures in the development community.
In a concerning development, the DarkGate malware has been observed using Skype and Microsoft Teams as a vehicle for spreading. Cybercriminals are employing instant messaging platforms to deliver a Visual Basic for Applications loader script disguised as a PDF document. When unsuspecting users open the PDF, it triggers the download and execution of an AutoIt script designed to launch DarkGate, a multifunctional malware known for its data harvesting, cryptocurrency mining, and remote control capabilities. The malware has recently seen an uptick in social engineering campaigns, primarily through phishing emails and SEO poisoning, affecting regions primarily in the Americas, Asia, the Middle East, and Africa.
Researchers have unveiled a prolonged campaign, named Stayin’ Alive, that has been targeting high-profile government and telecom organizations in Asia since 2021. The attackers deploy basic backdoors and loaders to deliver next-stage malware. These tools appear disposable, making detection and attribution challenging. The campaign’s infrastructure shows similarities to that employed by ToddyCat, a China-linked threat actor known for attacking government and military agencies in Europe and Asia since late 2020.
In a recent joint cybersecurity advisory, the FBI and CISA have expanded the list of tools employed by AvosLocker ransomware affiliates, including open-source utilities, custom PowerShell scripts, and batch scripts. These tools are used by threat actors to compromise and exfiltrate data from enterprise networks. Notably, the agencies also provide a YARA rule for identifying malware disguised as legitimate network monitoring tools, which is a common component of AvosLocker attacks.
Phishing campaigns continue to plague Italy, with criminals consistently targeting users and organizations. The deceptive practice, designed to extract personal and financial information through various channels, notably includes brand phishing. In these attacks, malicious actors impersonate well-known brands, posing significant risks to user privacy and device security. The campaigns have grown in scale, impacting multiple Italian brands, as reports from the Italian Postal Police confirm the rise in phishing attempts.
The Cybersecurity and Infrastructure Security Agency has recently published nineteen vital Industrial Control Systems advisories on October 12, 2023. These advisories are aimed at delivering crucial insights into existing security concerns, vulnerabilities, and potential threats revolving around Industrial Control Systems. Cisa emphasizes the importance of ICS users and administrators reviewing these advisories to gain a comprehensive understanding of the technical specifics and available mitigation strategies, contributing to the overall safety of critical infrastructure.
Shadow PC, a cloud gaming service, is notifying over 500,000 customers of a data breach. This breach was the result of a social engineering attack on one of their employees. The attacker gained access to sensitive customer information, including names, email addresses, dates of birth, billing addresses, and credit card expiration dates. While no account passwords or sensitive payment data were exposed, Shadow PC has taken steps to enhance security and has urged affected customers to remain vigilant for potential phishing attempts.
A forum user claims to have breached the official website of Mexico’s Senate, Senado De La Republica, exposing over 1,000 confidential government documents spanning two months. The breach raises concerns about the security of sensitive government information. Senado De La Republica’s website is a critical repository of data related to Mexico’s legislative activities, and the breach highlights vulnerabilities within governmental cybersecurity systems.
University Federal Credit Union has disclosed a data breach stemming from this year’s cyberattack on the third-party MOVEit software. This revelation adds to the growing list of organizations affected by the Cl0p ransomware group, believed to be based in Russia. After a four-month investigation, the credit union confirmed the breach, which potentially exposed the financial account and credit/debit card numbers of approximately 102,650 individuals. While there’s no evidence of financial fraud, the affected parties are encouraged to stay vigilant as their data could still be used for online crimes like fraud and identity theft.
A ransomware group, known as BlackBasta, has reportedly targeted Edwardian Hotels in the United Kingdom. The group claims responsibility for the cyberattack, posting data samples on the dark web, including bank accounts and passport information as evidence. The attack also extends to other entities, such as the May Fair and Stanton Williams. While the ransom amount remains undisclosed, Edwardian Hotels and other affected organizations are taking a stand against the ransom demands, setting an example in the face of cybercriminal threats.
In a significant move, SYN Ventures has initiated its cybersecurity seed fund with an impressive first closing of $75 million, marking it as the largest such fund in the United States. The venture capital firm, led by former Fortune 500 CISOs and security executives, focuses on investing in groundbreaking cybersecurity solutions rather than incremental advancements. With access to extensive industry networks and resources, the fund aims to expedite the development of next-gen cyber solutions for early-stage companies, marking a pivotal moment in U.S. cybersecurity.
In a recent hackathon organized by Europol as part of the EMPACT project, law enforcement officers and experts from across Europe came together to develop and test innovative tools for identifying and tracking human traffickers who recruit victims online. The event, which took place in Apeldoorn, the Netherlands, focused on addressing intelligence gaps in human trafficking, particularly in sexual and labor exploitation. Participants leveraged large datasets from social media platforms, dating apps, and other online sources to gain insights into traffickers’ online operations and potential victim identification.
Microsoft has initiated an AI bounty program focused on the AI-driven Bing experience, offering rewards of up to $15,000. The program invites security researchers worldwide to discover vulnerabilities in various AI-powered Bing services and products, spanning bing.com, Microsoft Edge, Skype Mobile, and more. Qualified submissions may receive bounty rewards ranging from $2,000 to $15,000 USD, with a strong emphasis on ensuring AI-driven Bing remains secure and resilient against potential threats.
The US Securities and Exchange Commission is initiating its own investigation into the security vulnerability in Progress Software’s MOVEit transfer tool that led to a major ransomware attack affecting over 2,000 organizations and 60 million individuals. Tracked as CVE-2023-34362, this vulnerability was exploited as a zero-day by the Russia-linked Cl0p ransomware group, targeting those using the MOVEit Transfer managed file transfer software.
Amidst escalating conflict, Palestinian militants have turned to cryptocurrencies, moving tens of millions of dollars linked to Hezbollah and a sanctioned Russian crypto exchange. Israel has attempted to freeze Hamas accounts used for donations, but seizing crypto wallets is a complex challenge. The transparency and traceability of crypto assets are being leveraged by Israeli authorities to detect, freeze, and confiscate related funds, highlighting the growing importance of monitoring and regulating crypto transactions in the context of international conflict and terrorism.
Copyright © 2023 CyberMaterial. All Rights Reserved.