Following are this week’s significant updates from the world of cybersecurity that would make you realize the importance of keeping yourself updated about the recent cyber happenings around the world.
Phishing Attacks Can Violate MFA
Multi-Factor Authentication(MFA) is considered a standard security protocol in most organizations. However, threat actors have devised a way to breach into organizational or individual networks using MFA. Reportedly, there are over 1200 phishing toolkits that can intercept MFA security codes. These toolkits have been in operation mainly in Europe and North America.
Cybersecurity experts at Proofpoint have explained the use of a new phishing toolkit that uses a transparent reverse proxy mechanism to lead victims to spoofed websites. Resultantly, Man-in-the-Middle (MitM) attacks could be launched against victims to steal their session cookies, usernames, and passwords in real-time. The stolen cookies can be used further to access targeted accounts without an MFA token. The Proofpoint researchers also listed the three most frequently used phishing kits in recent times – Evilginx2, Muraena/Necrobrowser, and Modlishka. Though these tools are not new, their efficacy in evading threat detection measures is frightening. The need of the hour for SMEs is to enhance their cybersecurity posture so that adversaries cannot exploit the vulnerabilities in their information systems.
Beware of Security Issues in Nooie’s Baby Cam Monitoring Devices
With around 50k-100k installations, Nooie’s Cam software is well-known, particularly among its Baby Cam users. However, some new security vulnerabilities have been detected in its software, allowing threat actors to access camera feeds and affect vulnerable devices with malicious code.
Cybersecurity experts from the infosec firm Bitdefender identified two remote code execution possibilities in two models of Nooie’s Baby Cam infant monitoring devices. They indicate that other devices from the same range might also be vulnerable to these codes. The security experts tracked a flaw used to access arbitrary cameras’ RTSPS (audio-video) feed, and Nooie’s baby cameras are linked to RTSPS streams.
Further, Nooie’s baby cameras also use Amazon Web Services (AWS) to store the video recordings on the cloud. While each user would have unique access credentials, the adversaries could easily access these credentials and view their recordings. Bitdefender first disclosed these vulnerabilities privately to the vendor in November 2020, but since it did not receive the expected response so far, the firm recently went public and shared all details of the vulnerabilities along with recommended ransomware protection measures.
Beware of Fake Windows 11 Updates Installing RedLine
Adversaries are spreading the RedLine info-stealer malware in the name of Windows 11 upgrade installers. Their timing couldn’t have been better as Microsoft continues to roll out Windows 11 updates for users worldwide! However, following the adversaries and downloading the so-called Windows 11 installer might actually download the RedLine stealer on our devices which are known for stealing credit card details, browser cookies, passwords, and other confidential information.
Cybersecurity researchers at HP traced this RedLine campaign recently where the adversaries used a seemingly authentic “windows-upgraded.com” domain to distribute malware. In a typical attack attempt, the victims receive a 1.5 MB ZIP upon clicking on ‘Download Now.’ This ZIP folder is titled “Windows11InstallationAssistant.zip.” At the time of research, the said domain was inactive, but the adversaries could easily create hundreds of other fake domains using the same strategy. It is recommended that users try and install Windows 11 only from the official Windows Upgrade website page. There are tons of malicious pages out there that only aim to infect your device and steal credentials.
Poland to Launch New Cyber Defense Unit
Poland is about to add a defense force to its military operations and recently appointed an army general to head a newly created Cyber Defense Force. The Polish Defense Minister Mariusz Blaszczak announced that the cyber defense force would strive to protect Poland’s Armed Forces from cyberattacks. This move comes as a response to the millions of cyberattacks happening globally and making it to the headlines daily. Blaszczak noted that today, cyberattacks are used to launch massive political wars, and it is necessary to shield Poland’s Armed Forces against attacks from the beginning.
Cybersecurity for the military is a matter of national security, and Poland seems to be taking it very seriously. Brig. Gen. Karol Molenda was appointed as the head of the cyber defense unit, and Molenda is now working in close association with the National Center for Cyber Security.
Google Helps Protect 150M Users with Added Security
2-step verification, though with new possibilities of intrusion, has proven to be a robust security measure. According to a Google press release, 2FA has reduced account hacks through passwords by 50%. Therefore the company has taken the onus to auto-enroll over 150 million Gmail users in 2-step verification. The venture also required 2 million YouTube users to enable 2FA. In its statement, Google mentioned that it is happy with the results of this initiative and hopes to secure more people against cyberattacks.
Emphasizing the connection between users’ Gmail and all other online accounts (such as social media, banking, online shopping, or job portal accounts), Google has notified that it wants to secure users’ non-Google accounts by blocking phishing or malware loaded spam messages at the entry-level. The company plans to offer additional protection to a select 10,000 high-risk users, including celebrities, journalists, billionaires, etc., using security keys. Since passwords are no longer enough to safeguard user accounts, Google provides security checkup features to users, recommending the proper cybersecurity measures for their accounts.
New Ransomware Sugar is All Set to Operate as a RaaS
The newly emerged ransomware family called Sugar is all set to function as Ransomware-as-a-Service (RaaS). The ransomware was first uncovered by cybersecurity experts at Walmart in November 2021.
Primarily targeting enterprise and individual networks, the Sugar ransomware is known to infect users in the US, Canada, Thailand, Israel, and Lithuania. Sugar resembles REvil and Cl0p ransomware in some aspects, and its distribution as a RaaS shall increase its attack scope and make things easier for affiliates. As its reach increases, it is advised for all organizations to enhance their ransomware protection measures.
The US to Get New Cyber Safety Review Board
A new Cyber Safety Review Board is in the making, and the Department of Homeland Security recently announced its arrival. The review board shall comprise cybersecurity experts from public and private organizations who will assess and review significant cybersecurity events. The creation of this board is a part of an executive order that was signed last year.
Reportedly, the Cyber Safety Review Board will conduct a thorough assessment of past cybersecurity events, pose questions and introduce upgraded email security measures for public and private sectors alike.