Since cyberattacks are a challenge we are constantly battling against, it is important to be updated with the latest cybersecurity recommendations and patches released by organizations worldwide. The following are this week’s most significant cyber news headlines:
The FBI Warns of Data Leaks Affecting Higher Education Institutes
The FBI has recently issued an alert cautioning netizens of the increasing number of cyberattacks targeting higher education institutions. It reported that the instances of credentials belonging to these higher education institutes being sold on the dark web had increased alarmingly, allowing adversaries to access educational institutions’ networks and user accounts.
Recently, the FBI reported that usernames and passwords belonging to US-based colleges and universities are being actively sold on Russian cybercriminal forums. These stolen details also include VPN access to these institutions, and some sellers have attached screenshots as proof. The prices for which these databases are being sold range from a few to thousands of US dollars.
Because these cyberattacks are rampant, the FBI recommends universities and colleges review their remote desktop protocols, keep all software and operating systems up-to-date, and provide regular cybersecurity training to staff and faculty members. Further, the FBI encourages institutions to raise awareness among students on the importance of adopting phishing protection measures.
Interpol Arrests Three Cybercriminals Using Agent Tesla
The International Criminal Police Organization (Interpol) recently arrested three Nigerian men in Lagos who were allegedly using the Agent Tesla RAT to steal sensitive data and reroute financial transactions from corporate organizations. This arrest was a part of an international operation called Killer Bee. The three suspects, aged between 31 and 38, were found to possess fake documents, like forged official letters and fraudulent invoices. So far, they have targeted oil and gas companies in the Middle East, Southeast Asia, and North Africa.
First discovered in 2014, Agent Tesla is a popular malware-as-a-service RAT tool that adversaries use to steal sensitive and confidential information such as keystrokes, credentials, information from operators’ targets, clipboard data, etc. Agent Tesla’s stability and flexibility, along with its feature of exfiltrating sensitive information from victims, make it a go-to tool for threat actors involved in espionage campaigns.
The cybersecurity operation Killer Bee was led by INTERPOL’s General Secretariat headquarters and law enforcement agencies from 11 countries across Southeast Asia and the National Central Bureaus (NCBs). One of the three accused arrested in Lagos is called Hendrix Omorume. He has been charged with three counts of serious financial fraud and would face a one-year prison sentence. The two other suspects are still on trial.
Beware of Messages Seeking Financial Assistance For Ukraine Crisis
The FBI has recently released a warning advising people to stay clear of fraudulent schemes seeking donations or financial assistance related to the Ukraine crisis. Scammers have always taken advantage of our worldly miseries, be it the phishing-themed emails during the peak of the COVID-19 pandemic or now when there is a war ongoing in Ukraine. In the current scheme, the adversaries are posing as Ukrainian entities needing humanitarian aid or fundraising efforts (monetary and cryptocurrency donations).
If you feel a Ukraine-themed scheme has tricked you, then file a report with the FBI’s Internet Crime Complaint Center and mention the specifics of the incident. These include the contact details of the charity or individual that approached you, the financial transaction details, and other details of the attack scheme being executed. To ensure ransomware protection, you must look at it rationally if an online communication seeking immediate assistance for the Ukrainian Crisis reaches you.
Increase in Ransomware Attacks Targeting The Government Sector
A recent cybersecurity report indicates that there has been an increase in the number of ransomware attacks targeting the government sector in the second quarter of 2022. In the last six months, 48 government organizations in 21 countries underwent ransomware attacks from 13 threat actor groups.
Be it the constant attacks on the Costa Rica government or those on the governments of Brazil and Peru, there has been a massive increase in cyberattacks targeting government institutions and undertakings. Since these ransomware attacks are unlikely to dwindle, national governments must strive to strengthen their threat detection and management capabilities. In case a ransomware attack targets a nation, robust security measures must be in place to respond quickly, swiftly, and effectively to it without causing much disruption to regular operations.
Verizon’s 2022 DBI Report Presents Some Shocking Figures
Verizon’s 2022 Data Breach Investigation Report (DBIR) was published recently, presenting some shocking figures. It is reported that the education sector has undergone the highest number of cyberattacks in recent times, with 30% of these being ransomware attacks. Of the 1241 attacks on the sector, 282 resulted in data leaks. Around 80% of all attacks on the education sector involved system intrusion, basic web app attacks, and other errors. Financial motives inspired 95% of all attacks, and over 63% of attacks involved compromising personal information.
Since the education sector is so vulnerable to cybersecurity issues, it is recommended to implement local device credential protection solutions, monitor systems for abnormal traffic, enable network segmentation, and use brute force protection.
New Zero-Day Detected in Microsoft Office
Cybersecurity researchers have discovered a new Office zero-day vulnerability that is being exploited in the dark. Adversaries use this flaw to run PowerShell commands using the Microsoft Diagnostic Tool (MSDT) in Word documents. Known as Follina (CVE-2022-30190), this vulnerability works without any elevated privileges, easily bypasses Windows Defender, and runs scripts or binaries without enabling macros. It affects multiple Office versions, such as Office 2013, Office 2016, Office 2021, and Office Pro Plus.
The flaw was identified when a researcher found a malicious Word document developed to run arbitrary PowerShell code whenever it was opened. While there are no patches or workarounds available at the moment, experts advise using defender ASR rules to prevent Office applications from creating child processes.