China hacked into critical infrastructure systems in the United States with the intent of seizing control of them ahead of any major crisis or conflict, the US Government has said.
Hackers used an AI version of the CFO to swindle millions from a Hong Kong branch of a multinational company. Targeting only a few key employees, the fake CFO held a Zoom meeting with staff and was able to get them to transfer $25.6 millions. The hackers used pictures from public domains to mimic not only the CFO but other staff sounding just the real life person. Although law enforcement has gotten involved, the perpetrators have seemed to have gotten away.
Here is a YouTube clip of the story if you are interested…
Ivanti, an IT solutions provider, warns users that a new authentication bypass vulnerability has been found impacting their software including Connect Secure, Policy Secure, and ZTA gateways. The flaw is due to an XXE (or XML eXternal Entities) weakness that lets remote attackers gain access without restriction on unpatched appliances. The attack is low complexity and requires no user interaction to exploit.
Ivanti has suffered in relatively recent attacks since December 2023 with authentication bypass and command injection flaws that were zero-days. Security patches have been released since January 31st that patch these exploits and Ivanti urges customers to factory reset all appliances before patching to block persistence attempts from threat actors.
HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million
failures by Montefiore that led to an employee stealing and selling patients’ protected health information over a six-month period.
“Unfortunately, we are living in a time where cyber-attacks from malicious insiders are not uncommon. Now more than ever, the risks to patient-protected health information cannot be overlooked and must be addressed swiftly and diligently,” said OCR Director Melanie Fontes Rainer. “This investigation and settlement with Montefiore are an example of how the health care sector can be severely targeted by cyber criminals and thieves—even within their own walls.
US offers $10mln reward for information on Hive ransomware leaders
The United States is offering a reward of up to $10 million for information leading to identifying or locating key leaders in the Hive ransomware organized crime group, the State Department said in a statement on Thursday. The Hive ransomware variant targeted victims in over 80 countries, including the United States. Beginning in late July 2022, the FBI penetrated Hive’s computer networks, obtained its decryption keys, and offered them to victims worldwide, preventing them from paying up to $130 million in ransom demanded. https://www.reuters.com/technology/us-offers-10mln-reward-information-hive-ransomware-leaders-2024-02-08/
Topic – Verizon insider data breach hits over 63,000 employees
Verizon Communications recently disclosed an insider data breach affecting almost half of its workforce, approximately 63,206 employees. The breach, discovered on December 12, 2023, involved an employee gaining unauthorized access to sensitive information such as full names, addresses, Social Security numbers, and compensation details. While customer data appears unaffected, Verizon is taking proactive steps to strengthen internal security measures and is offering affected employees two-year identity theft protection and credit monitoring services. Despite this breach, Verizon assures there is no evidence of widespread data leakage or misuse. This incident marks a departure from Verizon’s relatively calm cybersecurity history, with its last major breach occurring in October 2022 involving attempted SIM swaps to hijack customer accounts.
Link: https://www.mandiant.com/resources/blog/unc4990-evolution-usb-malware
Italian hackers use pictures of pizza to upload malware. The hackers created a profile on ars technica and had an image linked with a small bit of malicious coded embedded in it, although harmless by itself this was used in conjunction with usb drop attacks that would launch a powershell script and navigate to that webpage and use the pizza code snippet to be forwarded to a malware download link. This particular malware called emptyspace is a typical cryptostealer constantly monitoring the victims clipboard for cryptowallet addresses and stealthily inserting their own drop account so that you accidentally send it to them instead. Theres a few reasons they did this instead of hardcoding it on the usb drives, firstly if their download link was taken down it wouldn’t render all their usb sticks useless they could just modify the link in the pizza picture to a new download link, secondly using ars technica as a navigation was unlikely to flag any firewalls.
This article went over how the government has seen a surge in attacks in Q4 of 2023. 66% of the large attacks were against the government. With those types of stats, why haven’t we officially come out and declared war against these attackers? The government has seen a 163% increase for Q3 and up over 4,025% year over year. Why isn’t the government drafting students in this program to help out with the efforts? Lumen stated that with their Black Lotus labs threat intelligence, they can stop attacks across their network before they become destructive. I feel like with the staggering numbers Lumen is putting in this article may just be there for marketing for their services, especially that the company showed a huge loss in revenue last year. Kinda ironic if you ask me but either way, the attacks against the government are staggering and the need for professional cyber workers is only going to increase. The article also touches on DDos attacks and how to protect yourself. Some of the defenses are application layer defense using web applications firewalls, API protection and bot risk management. It ends in showing off their DDOS defense systems, Lumen DDoS hyper which can prevent attackers from successfully launching large campaigns against an organization.
I found this interesting : Microsoft Provides Defense Guidance After Nation-State Compromise.
Microsoft advised a range of actions customers should take to reduce the risk of being hit by similar attack. On January 12, 2024, Microsoft detected malicious activity on its network by “Midnight Blizzard” (aka Nobelium, APT29, Cozy Bear), a Russian state-sponsored group that specializes in espionage and intelligence gathering operations.
Article: Ransomware attack forces 18 Romanian hospitals to go offline
This article details a recent ransomware attack that crippled health services in Romania. Attackers targeted servers hosted by the Romanian Health Services department and were able to access, retrieve and encrypt sensitive data necessary for running the hospitals and effectively force them offline. This attack is significant because it illustrates the risks that companies may face without a security plan in place. A compromised system leading to a weakness in the availability and integrity like this can effectively halt services, especially ones as important as a hospital, and should be avoided at all costs
“PikaBot Resurfaces with Streamlined Code and Deceptive Tactics”
The PikaBot malware has resurfaced with streamlined code and altered tactics, indicating a “devolution” in its development cycle. Significant changes include the removal of advanced obfuscation techniques and modifications to network communications. PikaBot serves as both a loader and a backdoor, allowing threat actors to execute commands and inject payloads from a command-and-control (C2) server, with recent versions focusing on simpler encryption methods and plaintext storage of bot configuration. Despite recent inactivity, PikaBot remains a significant cyber threat under constant development. Additionally, there’s a mention of an ongoing cloud account takeover campaign targeting Microsoft Azure environments, highlighting the persistence of cyber threats in exploiting vulnerabilities for malicious purposes.
Link: https://thehackernews.com/2024/02/pikabot-resurfaces-with-streamlined.html
While multi factor authentication isn’t considered a perfect way to deter hackers, it definitely helps. However, this new article goes into four ways a hacker bypasses this using social engineering. The first is through adversary in the middle attacks. These trick users into thinking they are logging into a real program. Once a user enters their personal info, a hacker uses that to go through the multi factor authentication. The second is through MFA prompt bombing. Through this a notification is sent to the main phone, the user mistakes it for a real prompt and accepts it in order to end the notifications. The third is Service desk attacks, this is when the hacker calls customer support for password reset, goes through verification on the call, and logs back into the account with a new password. The last listed one is SIM swapping, which is when cell phone providers are tricked to transfer the targets sim into the control of the hackers sim.
Glupteba botnet has been discovered to integrate a previously unreported Unified Extensible Firmware Interface (UEFI) bootkit feature. The bookit enables Glupteba to manipulate the OS boot process by ensuring its concealment which is difficult to detect or remove.
Ikenna Alajemba says
China hacked into critical infrastructure systems in the United States with the intent of seizing control of them ahead of any major crisis or conflict, the US Government has said.
The hacks show that China was “positioning itself to launch destructive cyber-attacks that would jeopardize the physical safety of Americans and impede military readiness in the event of a major crisis or conflict with the United States”, says the Cybersecurity and Infrastructure Security Agency.
https://www.msn.com/en-us/news/world/china-hacked-crucial-systems-to-seize-control-of-us-infrastructure-ahead-of-conflict/ar-BB1hYmYf?ocid=msedgdhp&pc=HCTS&cvid=1b963d1852c0451a85fcb338325fac8d&ei=30
Erskine Payton says
Erskine Payton
In the News Article- Unit 5
MIS 5214
Temple University
Hackers Steal $25 Million by Deepfaking Finance Boss
https://futurism.com/the-byte/hackers-deepfake-finance-boss
Hackers used an AI version of the CFO to swindle millions from a Hong Kong branch of a multinational company. Targeting only a few key employees, the fake CFO held a Zoom meeting with staff and was able to get them to transfer $25.6 millions. The hackers used pictures from public domains to mimic not only the CFO but other staff sounding just the real life person. Although law enforcement has gotten involved, the perpetrators have seemed to have gotten away.
Here is a YouTube clip of the story if you are interested…
https://www.youtube.com/watch?v=JwC6DRQnIt0
Kenneth Saltisky says
Ivanti, an IT solutions provider, warns users that a new authentication bypass vulnerability has been found impacting their software including Connect Secure, Policy Secure, and ZTA gateways. The flaw is due to an XXE (or XML eXternal Entities) weakness that lets remote attackers gain access without restriction on unpatched appliances. The attack is low complexity and requires no user interaction to exploit.
Ivanti has suffered in relatively recent attacks since December 2023 with authentication bypass and command injection flaws that were zero-days. Security patches have been released since January 31st that patch these exploits and Ivanti urges customers to factory reset all appliances before patching to block persistence attempts from threat actors.
https://www.bleepingcomputer.com/news/security/ivanti-patch-new-connect-secure-auth-bypass-bug-immediately/
Michael Obiukwu says
HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million
failures by Montefiore that led to an employee stealing and selling patients’ protected health information over a six-month period.
“Unfortunately, we are living in a time where cyber-attacks from malicious insiders are not uncommon. Now more than ever, the risks to patient-protected health information cannot be overlooked and must be addressed swiftly and diligently,” said OCR Director Melanie Fontes Rainer. “This investigation and settlement with Montefiore are an example of how the health care sector can be severely targeted by cyber criminals and thieves—even within their own walls.
Cyber-attacks do not discriminate base
https://www.hhs.gov/about/news/2024/02/06/hhs-office-civil-rights-settles-malicious-insider-cybersecurity-investigation.html
Mariam Hazali says
US offers $10mln reward for information on Hive ransomware leaders
The United States is offering a reward of up to $10 million for information leading to identifying or locating key leaders in the Hive ransomware organized crime group, the State Department said in a statement on Thursday. The Hive ransomware variant targeted victims in over 80 countries, including the United States. Beginning in late July 2022, the FBI penetrated Hive’s computer networks, obtained its decryption keys, and offered them to victims worldwide, preventing them from paying up to $130 million in ransom demanded.
https://www.reuters.com/technology/us-offers-10mln-reward-information-hive-ransomware-leaders-2024-02-08/
Chidiebere Okafor says
Topic – Verizon insider data breach hits over 63,000 employees
Verizon Communications recently disclosed an insider data breach affecting almost half of its workforce, approximately 63,206 employees. The breach, discovered on December 12, 2023, involved an employee gaining unauthorized access to sensitive information such as full names, addresses, Social Security numbers, and compensation details. While customer data appears unaffected, Verizon is taking proactive steps to strengthen internal security measures and is offering affected employees two-year identity theft protection and credit monitoring services. Despite this breach, Verizon assures there is no evidence of widespread data leakage or misuse. This incident marks a departure from Verizon’s relatively calm cybersecurity history, with its last major breach occurring in October 2022 involving attempted SIM swaps to hijack customer accounts.
Link: https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/verizon-insider-data-breach-hits-over-63-000-employees/amp/
Alex Ruiz says
Link: https://www.mandiant.com/resources/blog/unc4990-evolution-usb-malware
Italian hackers use pictures of pizza to upload malware. The hackers created a profile on ars technica and had an image linked with a small bit of malicious coded embedded in it, although harmless by itself this was used in conjunction with usb drop attacks that would launch a powershell script and navigate to that webpage and use the pizza code snippet to be forwarded to a malware download link. This particular malware called emptyspace is a typical cryptostealer constantly monitoring the victims clipboard for cryptowallet addresses and stealthily inserting their own drop account so that you accidentally send it to them instead. Theres a few reasons they did this instead of hardcoding it on the usb drives, firstly if their download link was taken down it wouldn’t render all their usb sticks useless they could just modify the link in the pizza picture to a new download link, secondly using ars technica as a navigation was unlikely to flag any firewalls.
Jeffrey Sullivan says
Government sector is top targeted industry for DDoS attacks in Q4 2023 | Security Info Watch
https://www.securityinfowatch.com/government/press-release/53096080/government-sector-is-top-targeted-industry-for-ddos-attacks-in-q4-2023
This article went over how the government has seen a surge in attacks in Q4 of 2023. 66% of the large attacks were against the government. With those types of stats, why haven’t we officially come out and declared war against these attackers? The government has seen a 163% increase for Q3 and up over 4,025% year over year. Why isn’t the government drafting students in this program to help out with the efforts? Lumen stated that with their Black Lotus labs threat intelligence, they can stop attacks across their network before they become destructive. I feel like with the staggering numbers Lumen is putting in this article may just be there for marketing for their services, especially that the company showed a huge loss in revenue last year. Kinda ironic if you ask me but either way, the attacks against the government are staggering and the need for professional cyber workers is only going to increase. The article also touches on DDos attacks and how to protect yourself. Some of the defenses are application layer defense using web applications firewalls, API protection and bot risk management. It ends in showing off their DDOS defense systems, Lumen DDoS hyper which can prevent attackers from successfully launching large campaigns against an organization.
Kelly Conger says
Found some more DDOS articles. https://www.theregister.com/2023/09/11/ddos_attack_against_us_bank/
Samuel Omotosho says
I found this interesting : Microsoft Provides Defense Guidance After Nation-State Compromise.
Microsoft advised a range of actions customers should take to reduce the risk of being hit by similar attack. On January 12, 2024, Microsoft detected malicious activity on its network by “Midnight Blizzard” (aka Nobelium, APT29, Cozy Bear), a Russian state-sponsored group that specializes in espionage and intelligence gathering operations.
https://www.infosecurity-magazine.com/news/microsoft-defense-guidance/
Andrew Young says
Article: Ransomware attack forces 18 Romanian hospitals to go offline
This article details a recent ransomware attack that crippled health services in Romania. Attackers targeted servers hosted by the Romanian Health Services department and were able to access, retrieve and encrypt sensitive data necessary for running the hospitals and effectively force them offline. This attack is significant because it illustrates the risks that companies may face without a security plan in place. A compromised system leading to a weakness in the availability and integrity like this can effectively halt services, especially ones as important as a hospital, and should be avoided at all costs
Link: https://www.bleepingcomputer.com/news/security/ransomware-attack-forces-18-romanian-hospitals-to-go-offline/
Nicholas Nirenberg says
“PikaBot Resurfaces with Streamlined Code and Deceptive Tactics”
The PikaBot malware has resurfaced with streamlined code and altered tactics, indicating a “devolution” in its development cycle. Significant changes include the removal of advanced obfuscation techniques and modifications to network communications. PikaBot serves as both a loader and a backdoor, allowing threat actors to execute commands and inject payloads from a command-and-control (C2) server, with recent versions focusing on simpler encryption methods and plaintext storage of bot configuration. Despite recent inactivity, PikaBot remains a significant cyber threat under constant development. Additionally, there’s a mention of an ongoing cloud account takeover campaign targeting Microsoft Azure environments, highlighting the persistence of cyber threats in exploiting vulnerabilities for malicious purposes.
Link: https://thehackernews.com/2024/02/pikabot-resurfaces-with-streamlined.html
Hashem Alsharif says
https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html
While multi factor authentication isn’t considered a perfect way to deter hackers, it definitely helps. However, this new article goes into four ways a hacker bypasses this using social engineering. The first is through adversary in the middle attacks. These trick users into thinking they are logging into a real program. Once a user enters their personal info, a hacker uses that to go through the multi factor authentication. The second is through MFA prompt bombing. Through this a notification is sent to the main phone, the user mistakes it for a real prompt and accepts it in order to end the notifications. The third is Service desk attacks, this is when the hacker calls customer support for password reset, goes through verification on the call, and logs back into the account with a new password. The last listed one is SIM swapping, which is when cell phone providers are tricked to transfer the targets sim into the control of the hackers sim.
Akintunde Akinmusire says
Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit
https://thehackernews.com/2024/02/glupteba-botnet-evades-detection-with.html
Glupteba botnet has been discovered to integrate a previously unreported Unified Extensible Firmware Interface (UEFI) bootkit feature. The bookit enables Glupteba to manipulate the OS boot process by ensuring its concealment which is difficult to detect or remove.