top of page
    • Jan 25, 2023

Cyber Outlook Rundown 1/25/23

Cybersecurity News


A Cybersecurity briefing on noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news.

 

Noteworthy Cyber Attacks Reported

  1. LastPass’ parent company GoTo (formerly LogMeIn), has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. https://techcrunch.com/2023/01/24/goto-customer-backups-stolen-lastpass/

    1. The GoTo notification stated: "Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage affecting several products. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information." https://www.goto.com/blog/our-response-to-a-recent-security-incident/

  2. A recent incident where a bored hacker found a list of 1.5 million individuals on TSA's no-fly list sitting unprotected on an Internet-exposed server has highlighted, once again, the risky practice of using production data and sensitive information in development environments. https://www.darkreading.com/application-security/tsa-no-fly-list-snafu-highlights-risk-of-keeping-sensitive-data-in-dev-environments

  3. FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist https://www.securityweek.com/fbi-confirms-north-korean-hackers-behind-100-million-horizon-bridge-heist/

  4. Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce. https://www.darkreading.com/application-security/compromised-zendesk-employee-credentials-breach

Noteworthy Vulnerabilities / Threats Discovered

  1. Insider threats are a serious and growing problem. According to recent research, malicious employees contribute to 20% of incidents and the attacks that insiders are involved in are, on average, 10 times larger than those conducted by external actors. Data has shown an increase in insider threat attacks over the past two years, as the risk has been exacerbated by the remote working through the pandemic. To minimize insider threats, all organizations should monitor marketplaces, forums, social media, and the Dark Web for chatter about their company. This helps them to spot the early warning signs of an attack. https://www.darkreading.com/threat-intelligence/hunting-insider-threats-on-the-dark-web

  2. A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks. https://www.bleepingcomputer.com/news/security/ransomware-access-brokers-use-google-ads-to-breach-your-network/

  3. Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often related to redirecting legitimate website traffic to third party sites of their choosing — including tech support scams, adult dating, phishing, or drive-by-downloads. This report goes in-depth on how this latest wave for the violetlovelines domain behaves, how the campaign has evolved in recent months, and how to remove the malware from your website if you’ve fallen victim to this infection. https://blog.sucuri.net/2023/01/massive-campaign-uses-hacked-wordpress-sites-as-platform-for-black-hat-ad-network.html

Noteworthy InfoSec News

  1. Cybereason’s GSOC and Incident Response teams have analyzed a growing C2 framework named Sliver and created by a cybersecurity company named Bishop Fox. C2 frameworks or Command and Control (C&C) infrastructure are used by security professionals (red teamers and pentesters) to remotely control compromised machines during security assessments. They are also leveraged by threat actors for the same reason. This report describes in detail how the framework works, how to reproduce its use, how threat actors are leveraging it and how to implement detection and prevention mechanisms. https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors

  2. An Australian man has been sentenced to jail for more than two years over an SMS phishing scam, during which he stole AU$100,000 ($69,751) and targeted 450 victims. The Sydney Local Court found the man guilty of various cybercrime offences, including obtaining and supplying data with intent to commit a computer offence. https://www.zdnet.com/article/australian-man-given-two-year-jail-sentence-for-69k-phishing-scams

  3. A study by SecurityScorecard found that a large majority of critical manufacturing organizations in the Global 2000 Forbes list have unaddressed high-severity vulnerabilities in their systems. A staggering number of manufacturing companies, more than 75%, have unaddressed high-severity vulnerabilities in their systems. Read the full report here: https://resources.securityscorecard.com/davos-2023/addressing-the-trust-deficit#page=1


Check our Twitter and Discord Server for more information:

If you missed the last rundown, check it out here:

 

Additional resources:

  1. SecurityScorecard is a leader in cybersecurity ratings for millions of organizations to assist with supply chain and vendor risk management. https://securityscorecard.com/

  2. Cyware - provides threat intelligence, security orchestration and other cybersecurity resources https://cyware.com/

blockchain concept illustration in 3d, connected blocks in blockchain_edited.jpg

Check out our Twitter feed!

pngegg.png
  • Discord
  • Twitter
  • LinkedIn
bottom of page