Fraudulent Executive Sentenced, Hacktivists Target Water, Router Login Theft - Cybersecurity News [April 29, 2024]
We’re back here with the latest cybersecurity news that shook the world this week. We’ll shed light on the executive sentence issued by the U.S. military, the alert about Pro-Russian hacktivists targeting water infrastructure, the new Cuttlefish malware, the cyberattack on London Drugs, and how scammers are targeting data website users for stealing credit card details and personal information. Stay tuned!
Executive Sentenced to Six Years for Selling Counterfeit Cisco Products to U.S. Military
The CEO of multiple online stores, Onur Aksoy, was sentenced to six and a half years in prison.
The 40-year-old from Florida was arrested in Miami this week and charged on multiple accounts of trafficking counterfeit goods and for mail and wire fraud, using which he sold $100 million worth of counterfeit Cisco network equipment to different industries. Aksoy sold the equipment to government, health, education, and military organizations between 2014 and 2022.
The man imported cheap, modified network devices from China and Hong Kong and then repackaged them with fake Cisco labels and branding. Then, he sold them as genuine Cisco products on Amazon and eBay. The counterfeit devices had performance, functionality, and safety issues and also caused disruptions and damage to customer networks (including critical infrastructure). U.S. customers seized multiple of these counterfeit shipments, and Aksoy was able to evade them by using aliases and fake addresses.
The man has been sentenced to six and a half years and will have to pay $100 million restitution to Cisco. All the counterfeit products that the government has seized from the business will be destroyed.
U.S. Government Alerts on Pro-Russian Hacktivists Attacking Water Infrastructure
The U.S. government issued a new joint advisory about pro-Russian hacktivists who are seeking and hacking unsecured O.T. (Operational Technology) systems to disrupt critical infrastructure.
O.T. systems are a combination of hardware and software made for monitoring and controlling physical processing in industries. The hacktivists focus on water treatment plants and have been in action since 2022, aiming to disrupt operations and cause minor inconveniences.
Many attacks have been exaggerated in the past, but recent ones have caused major disruptions, with a group called the Cyber Army of Russia claiming responsibility for the attacks taking place all over the U.S. and Europe. The hacktivists use simple methods to exploit O.T. systems by leveraging the password and MFA (Multi-Factor Authentication) weaknesses in VNC (Virtual Network Computing) setups. The attacks have also taken place in Poland and France, and the government has shared details on how to stay safe from such attacks.
You can put HMI (Human Machine Interfaces) behind firewalls, harden the VNC installs, and enable MFA to increase the security posture of your O.T. environments. Changing default passwords and installing the latest software security updates will also go a long way.
Cuttlefish Malware Compromises Routers to Steal Login Details
A new malware infecting enterprise-grade and SOHO (small office/home office) routers was observed stealing authentication information.
The malware is named Cuttlefish and was developed by unknown actors, with some code that overlaps with HiatusRAT (which was linked to China in the past). The infection method of the threat actors is still unknown, but the attack hints at an exploit or a brute-force mechanism.
Once on the router, the malware deploys an SSH script to gather all the information from the infected device and downloads the main payload that runs in the memory to evade detection. The researchers investigating the malware, Black Lotus Labs, have reported the Cuttlefish comes in many different builds and supports most router architectures like ARM, i386, i386_i686, i386_x64, mips32, and mips64.
The malware monitors all the traffic passing through the router using a packet filter and looks for data patterns with credential markers to make out usernames, passwords, and tokens. It targets and steals credentials of cloud services like AWS and Google Cloud.
The malware is a severe threat that can hijack internal traffic and stay undetected for long periods. If you’re a business owner, you need to take care of weak credentials and monitor for logins from unusual locations for optimal malware protection. It’s also best to reboot routers regularly.
Cyberattack Forces Closure of London Drugs Pharmacy Locations
London Drugs, the Canadian pharmacy chain, closed all of its retail stores this week following a cybersecurity incident.
London Drugs has hired external experts to help investigate the incident. The attack happened over the weekend of 28 April 2024, when the store promptly closed all locations in Western Canada. The stores remain closed for 5 days, causing frustration for customers who rely on London Drugs for various pharmacy and mail services.
The organization did not share any details of the incident, and there is no evidence that customer data was compromised, a point that London Drugs emphasized in their press releases. The impact on the organization is really significant, and experts are reviewing billions of lines of code to make sure everything is secure before they reopen. London Drugs has not notified the authorities about the attack because there’s no employee, customer, or health information compromise, but they will if evidence is found indicating otherwise.
You cannot access your online account or shop online currently, but the phone lines that were down initially have been restored.
FBI Issues Warning About Scams Involving False Verification on Dating Apps
The FBI is alerting the public about new fake verification schemes that are targeting online dating platforms.
The schemes trick you into expensive subscriptions and steal your personal information. Fraudsters build a relationship with the victims on dating apps by chatting with them and then pushing them to “verify” themselves using a fake website. The website is designed to steal their personal and financial information and also signs the victims up for a low-quality dating site with a recurring monthly fee.
Scammers are using it to make away with the victim’s name, email, phone, and credit card information and establish a romantic connection with the victim, asking them to move to another application for a more personal and safe talk. Then, they share the link of the fake website, which also checks them against offender databases to make sure they appear legitimate. The scam has been around for quite a while since Tinder and Grindr but has expanded suddenly.
It’s crucial to prioritize phishing protection while using dating platforms. You need to stay safe on dating platforms and avoid visiting any other app links. Plus, it’s best not to share personal and financial details with people you have not met in person.