What's
Security News – July 2023
Read our roundup of cybersecurity news from July 2023. Each month, we’ll bring you security cases and interesting insights to help you stay secure.
Politics
The Chinese hacking group Storm-0558 hacked email accounts of more than two dozen organizations, including American and European government agencies. The attackers manipulated authentication tokens, which they forged using a stolen Microsoft key, to gain unauthorized access to consumer accounts.
The pro-Russian group RonCom was actively exploiting a vulnerability in Windows and MS Office. This exploitation was happening even during the NATO summit in Lithuania, allowing the attackers to potentially undermine the core principles of confidentiality, availability, and integrity.
GitHub issued a warning regarding a campaign initiated by the North Korean group Lazarus. The campaign is specifically aimed at blockchain programmers, cryptocurrency experts, online betting, and cyber security. The primary objective is to infect individuals’s devices with their malicious software, employing tactics like social engineering and luring them through invitations to engage in collaboration on GitHub repositories that contain harmful NPM dependencies.
Ukraine has dismantled another large bot farm, impacting more than 100 individuals across nearly twenty locations. In the process, they seized over 150,000 SIM cards. These bots were exploited to spread Russian propaganda and rationalize the Russian invasion of Ukraine.
The Russian group “From Russia with Love” claims that they have obtained security-related information pertaining to the NATO summit in Vilnius. However, a significant portion of the data actually originated from publicly accessible information that was disclosed after the summit. The Lithuanian Cyber Defense Center confirms that no attack on critical infrastructure occurred.
The White House aims to strengthen the security of IoT devices by introducing an optional certification known as the “U.S. Cyber Trust Mark”. To qualify for this certification, devices need to meet criteria and standards outlined by the NIST organization.
Investigations and research
An ex-employee of a California-based water treatment company has been accused of an attempt to disrupt the company’s security and protective systems. After leaving the company, he wanted to cause damage by utilizing remote access software installed on his office computer.
Researchers are warning that tens of thousands of monitoring and diagnostic photovoltaic systems (such as Solar-Log, Danfoss Solar Web Server, etc.) are freely accessible on the web. This exposes them to potential hacking risks, as unauthorized users can gain access to their data. Additionally, given the presence of vulnerabilities, these systems could be exploited actively.
The Swedish Data Protection Authority has imposed two fines totaling over one million euros for the use of Google Analytics. By using Google Analytics, the fined companies violated GDPR regulations by transferring personal data to third countries that lack sufficient protection for personal data.
The Norwegian Data Protection Authority has banned behavioral advertising on the social media platforms Facebook and Instagram. Such ads are not allowed unless users grant explicit consent for their personal data to be processed for this specific purpose.
More than 15,000 Citrix devices are at risk of remote code execution, and further vulnerabilities have also been discovered. Updates and guidelines have been provided for all affected devices to mitigate their potential impact.
Security analysts examined the Honeywell Experion DCS platform for vulnerabilities. Their investigation revealed nine security flaws, with seven deemed critical. These vulnerabilities enabled remote code execution without being detected by operators. The platform plays an important role in critical infrastructure, especially within the oil industry. Prior to disclosing the vulnerability details, the company released necessary updates.
German researchers exposed numerous vulnerabilities within satellite firmware. They also observed that this domain employs an extremely limited number of security elements.
Researchers uncovered vulnerabilities within the Terrestrial Trunked Radio (TETRA) system, primarily utilized in Europe but also in other countries. These vulnerabilities enable real-time communication decryption, message injection, and the deanonymization of users. The TEA1 vulnerability found in the encryption algorithm serves as a deliberately inserted backdoor.
Attacks
The spread of malware through USB keys has tripled. Two pro-Chinese groups, Sogu and Snowydrive, are behind the Sogu and Snowydrive malware, which are significantly focused on espionage and the extraction of information. The strategic advantage of using USB keys for distribution lies in avoiding network security measures and achieving initial concealment.
Deutsche Bank confirmed that a data breach affected one of their service providers. This incident likely occurred in the context of a data theft related to MOVEit Transfer. However, it’s important to note that the bank’s systems remained untargeted and unaffected.
The largest Japanese port Nagoya had to interrupt its operations due to a ransomware attack. Given that 10% of Japan’s overall trade flows through this port, any disruption to its functioning results in substantial economic repercussions. The LockBit ransomware gang is responsible for the attack.
Scammers are targeting elderly individuals, manipulating them into installing software that allows remote access to their computers. Additionally, they convince them to dispatch funds via regular courier services by raising false alarms about supposed suspicious activity on their accounts.
The launch of Threads by Meta (formerly Facebook) within the EU is currently delayed by strict privacy regulations. These issues arise from Meta’s attempt to utilize sensitive user data from Instagram on its new platform. The Irish Data Protection Commission has previously prevented Meta from using Facebook and Instagram data in advertising campaigns on WhatsApp.
ARx Patient Solutions company has admitted that a cyber attack in 2022 resulted in the exposure of personal data of more than 40,000 individuals, primarily children. This breach was caused by a compromised employee’s account.
G&J Pepsi company fell victim to a ransomware attack. The incident was linked to a compromised employee account and a delayed installation of an Exchange server update. However, due to well-configured infrastructure, they managed to mitigate the effects of the attack within 7 hours of its detection.
An extensive attack targeted vulnerabilities in the WooCommerce Payments module, affecting hundreds of thousands of WordPress sites. Exploiting this vulnerability allowed full control over the entire site. An update addressing this vulnerability has been available since March.
An electronic dating application left sensitive data exposed on an Amazon server, leading to the disclosure of 340 GB of information. This included more than 260,000 user accounts, private messages, chat logs, audio files, and privately shared images. Users are advised to be cautious when using such applications.
As a result of a human error, details about 5,600 VirusTotal clients were exposed. This happened through unintentional upload of a CSV file containing the client data. Access to this information was restricted solely to premium platform users.
Imitations of ChatGPT, Google BARD, or Jasper on Facebook are used for spreading information-stealing malware. Some of these imitations have millions of followers, showing their widespread use.
Following a ransomware attack, Tampa General Hospital notified 1.2 million patients that their information had been compromised by hackers. The use of monitoring tools and assistance from a forensic analysis-focused company prevented the data from being encrypted, which could have potentially resulted in the hospital’s operational disruption.
Other
At the end of the year, a new version of Windows 11 – 23H2 will be released, introducing new features including Windows Copilot, inherent RGB control support, revamped File Explorer, and built-in compatibility with formats like 7z, gz, RAR, tar, and more.
GitHub has revealed the introduction of passwordless authentication within its public beta version. This novel approach will utilize access keys linked to individual devices such as computers and smartphones, effectively reducing the risk of unauthorized use and enhancing user protection against identity theft. Biometrics will also be available.
Microsoft is currently testing advanced anti-phishing protection within Windows 11. This proactive measure aims to strengthen defenses against unauthorized entry into Windows and Active Directory. Stolen login credentials are frequently used as a method to infiltrate corporate systems.
A survey involving 1 000 hackers was undertaken to explore the intersection of Artificial Intelligence and cybersecurity. It was found that as many as 85% acknowledged employing AI in their hacking activities, with a notable 98% of them using ChatGPT. Common applications of AI in hacking include task automation, data analysis, and vulnerability detection.
Critical vulnerabilities in communication technology used in industrial infrastructure have been reported to industrial manufacturers. Ignoring these vulnerabilities could have destructive consequences. Affected modules, prevalent in critical sectors like water and energy, could enable hackers to take control, manipulate operations, and induce disruptions. A similar threat in the past was presented by the Xenotime group’s deployment of the Trisis malware. CISA urges organizations to update their firmware and mitigate risks associated with this critical vulnerability.
An analysis of emails delivered in the first quarter of 2023 has been released. Interesting findings emerged, such as nearly 60% of malicious emails being focused on credential theft.
Twitter, as a source of information in cybersecurity, is losing its significance. Apart from a decrease in the number of users, there has also been a significant decline in messages, with a decline of up to 74% compared to the day prior to Twitter’s acquisition.
A list of 10 fundamental cybersecurity tips for small businesses was published.