top of page
    • Mar 15

Cyber Outlook Rundown 3/15/23

Cybersecurity News


A Cybersecurity briefing on recent noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news. We highlight useful resources to help people improve Information Security.

 

Noteworthy Cyber Attacks Reported

  1. Ransomware gang Lockbit has boasted it broke into Maximum Industries, which makes parts for SpaceX, and stole 3,000 proprietary schematics developed by Elon Musk's rocketeers. The prolific cybercrime crew also mocked the SpaceX supremo, and threatened to leak or sell on the blueprints from March 20 if the gang's demands to pay up aren't met. This may therefore be a bill Musk can't avoid to reconcile, unlike others, reportedly. https://www.theregister.com/2023/03/13/lockbit_spacex_ransomware

  2. AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January. Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan, but did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/

  3. A university hospital in Brussels has become the latest institution targeted in a spate of cyberattacks against European hospitals. Ambulances were diverted from the Centre Hospitalier Universitaire (CHU) Saint-Pierre this weekend following the attack in the early hours of Friday morning. https://therecord.media/brussels-hospital-cyberattack-belgium-saint-pierre

  4. Software firm Blackbaud has agreed to pay a $3 million penalty for failing to disclose the full scope of the ransomware attack it suffered in 2020, according to the US Securities and Exchange Commission (SEC). https://www.csoonline.com/article/3690411/blackbaud-penalized-3m-for-not-disclosing-the-full-scope-of-ransomware-attack.html

Noteworthy Vulnerabilities / Threats Discovered

  1. A Chrome Extension propelling quick access to fake ChatGPT functionality was found by the security research team of Guard.io. The malicious stealer-extension, titled “Quick access to Chat GPT” is promoted on Facebook-sponsored posts as a quick way to get started with ChatGPT directly from your browser. Although the extension gives you that (by simply connecting to the official ChatGPT’s API) it also harvests every information it can take from your browser, steals cookies of authorized active sessions to any service you have, and also employs tailored tactics to take over your Facebook account. https://labs.guard.io/fakegpt-new-variant-of-fake-chatgpt-chrome-extension-stealing-facebook-ad-accounts-with-4c9996a8f282

  2. Microsoft has identified DEV-1101 as an actor responsible for developing, supporting, and advertising Adversary-in-the-middle (AiTM) phishing kits, which can circumvent multifactor authentication and lower the barrier of entry for cybercrime, and offers an open-source kit that automates setting up and launching phishing activity. https://www.microsoft.com/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/

  3. BLACKMAMBA: USING AI TO GENERATE POLYMORPHIC MALWARE - To demonstrate what AI-based malware is capable of, HYAS researchers have built a simple proof of concept, coined Black Mamba, exploiting a large language model to synthesize polymorphic keylogger functionality on-the-fly, dynamically modifying the benign code at runtime - all without any command-and-control infrastructure to deliver or verify the malicious keylogger functionality. https://www.hyas.com/blog/blackmamba-using-ai-to-generate-polymorphic-malware

  4. Lumen Black Lotus Labs identified another, never-before-seen campaign involving compromised routers. This is a complex campaign they are calling “Hiatus”. It infects business-grade routers and deploys two malicious binaries, including a Remote Access Trojan (RAT) they’re calling HiatusRAT, and a variant of tcpdump that enables packet capture on the target device. https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/

Noteworthy InfoSec News

  1. President Biden released his FY 2024 budget proposal that seeks more funds for the Cybersecurity and Infrastructure Security Agency (CISA) and greater cyber investigative capabilities for the FBI. The budget also calls for increasing government IT modernization efforts, exploring cybersecurity efforts surrounding gender-based cybercrimes, expanding efforts to counter China's problematic behaviors, and helping Ukraine better defend itself on the digital front. This proposal increases CISA's budget to over $3 billion. https://www.csoonline.com/article/3690610/cisa-funding-to-top-3-billion-under-bidens-fy-2024-budget.html

  2. The US Transportation Security Administration (TSA) said on Tuesday that airport and aircraft operators will be required to improve their cybersecurity resilience. The new cybersecurity requirements were issued through an emergency amendment in response to the persistent threats against the country’s aviation sector and other critical infrastructure. https://www.securityweek.com/tsa-requires-aviation-sector-to-enhance-cybersecurity-resilience/

  3. International law enforcement agencies have claimed another victory over cyber criminals, after seizing the website, and taking down the infrastructure operated by crims linked to the NetWire remote access trojan (RAT). https://www.theregister.com/2023/03/10/fbi_netwire_seizure/

  4. GitHub has added SMS support and fresh account lockout prevention features to its phased rollout plans as it prepares to implement a 2FA requirement for accounts beginning Monday. https://www.techtarget.com/searchsoftwarequality/news/365532274/GitHub-2FA-plan-adds-SMS-account-lockout-safeguards

Highlighted InfoSec Resources