Cyberattacks are a constant problem but can be tackled with the right cybersecurity measures. This week’s news headlines feature one such incident, reemphasizing the significance of being vigilant online.
Beware of New Cybercrime Group Cyber Spetsnaz
A new cybercrime group called Cyber Spetsnaz has surfaced, which is pro-Russia. It is leveraging the geopolitical tensions between Ukraine and Russia to launch cyber attacks, particularly targeting NATO infrastructure. Cyber Spetsnaz recently created a division called Sparta, which solely targets NATO, its allies, and members. Sparta is also linked to the Killnet Collective group and primarily launches cyber espionage attacks to steal intelligence from NATO.
While Sparta came up in June 2022, Cyber Spetsnaz’s first division, Zarya, was introduced in April. Zarya involved a group of experienced penetration testers, hackers, and OSINT specialists. Zarya’s May 2022 project, called Operation Panopticon, involved the recruitment of around 3,000 volunteer cyber attackers. These volunteers launched attacks against the Ukrainian government, the EU, and Ukrainian and private organizations.
Cyber Spetsnaz has constantly expanded its family of attackers and defied ransomware protection measures. It has collaborated with Phoenix, Vera, Rayd, FasoninnGung, Jacky, Mirai, Sakurajima, and DDoS Gung to launch DDoS attacks. So far, Cyber Spetsnaz has attacked five Italian logistic terminals — Sech, Trieste, Yilport, TDT, and VTP. It uses proprietary tools and scripts such as Blood, GoldenEye, DDoS Ripper, Karma DDoS, Hasoki, and MHDDos to target misconfigured web servers.
Critical Vulnerability Detected in Unisoc Chips
The Unisoc Tiger T700 chips used in Motorola Moto G20, E30, and E40 smartphones, were recently found with a critical flaw. Cybersecurity experts at Checkpoint Research (CPR) were the first to trace the vulnerability. Unisoc Tiger T7000 chips are used as a replacement for MediaTek’s chips which remain unavailable due to a global shortage. A stack overflow vulnerability causes the current vulnerability in the T700 chips. Consequently, the smartphones using the chip skipped the check validating IMSI and other subscriber codes when modems connected to LTE networks.
Because of this, the modem handler created stack overflow conditions obstructing users’ access to LTE networks. This vulnerability could be used for remote code execution or to launch denial of service (DoS) attacks. CPR informed Unisoc of the vulnerability in May 2022. It was given a severity score of 9.4 out of 10. Fortunately, Unisoc patched the vulnerability soon after being notified. Google is to publish the bug in its next Android Security bulletin because Unisoc chips are frequently used in budget phones, and this vulnerability could lead to major cybersecurity issues.
Beware of Karakurt: Warn Multi Security Agencies
The latest joint advisory by the FBI, the CISA, and other cybersecurity agencies ask organizations to beware of Karakurt as the threat actor targets victims across North America and Europe. Karakurt infects systems and steals data if the ransom is not paid. However, security agencies warn victims against paying a ransom because there is no guarantee that the adversaries will delete the stolen information. Particularly in the case of Karakurt, the malware is known for selling the sensitive and confidential information of victim organizations along with demanding a hefty ransom.
On average, Krakurt demands a ransom of $25,000–$13,000,000 in BTC, which should be paid within a week. It threatens employees of leaking the stolen data till the ransom is paid. Once the deadline is missed (Karakurt takes its deadlines seriously), the malware actually leaks the stolen data! Another typical trait of Karakurt is that it exaggerates the amount of data stolen and never encrypts it. So, technically, having an updated backup system ensures the smooth functioning of an organization even after undergoing a Karakurt attack. However, the data loss and its impact on affected individuals make organizations succumb to ransom demands. The advisory asks organizations to adopt ransomware protection measures to avoid Karakurt or other ransomware attacks.
New Feature in iOS 16 and macOS Fixes Bugs Automatically
Apple has recently introduced a new feature called ‘Rapid Security Response’ in its iOS 16 and macOS Ventura, which can fix security bugs without needing a full OS update. This powerful feature will enhance macOS security by patching vulnerabilities between regular updates without requiring a system reboot.
The Rapid Security Response feature will also be effective in iOS and auto-update systems to protect them from unexpected threats and in-the-wild attacks. Apple also announced another cybersecurity feature at its annual Worldwide Developers Conference (WWDC). This new feature will allow iOS 16 users to edit Safari’s strong password suggestions to meet site‑specific requirements. It will also require apps to seek users’ permission to access the clipboard and paste content from other apps. The company has also disclosed its plans to introduce a passwordless sign-in procedure enabling users to log in to apps and websites using Face or Touch ID.
Apple Blocked Over 343,000 Suspicious Apps in 2021
Apple recently announced it could block over 343,000 suspicious iOS apps in 2021. The App Store App Review team blocked these apps for privacy violations, in addition to rejecting 157,000 other applications for misleading or spamming iOS users. Further, the company blocked 34,500 apps for using hidden or undocumented features and removed another 155,000 apps using bait-and-switch tactics.
Ensuring cybersecurity has been Apple’s motto throughout 2021, and the company prevented over 1.6 million risky apps from showing up in the app store and defrauding users last year. Apple launched its first fraud prevention analysis report in 2021, where it mentioned that over 1 million problematic apps were rejected and removed by its App Review team that year. It added that owing to these efforts; customers were saved from an estimated financial loss of $1.5 billion in 2021.
Apple’s battle against cybercrime went beyond the elimination of suspicious apps and included attempts to block the use of stolen cards. It was able to stop over 3.3 million stolen cards from being used on Apple platforms last year and blocked some 600,000 accounts using these cards to make fraudulent transactions.
Europol Announces FluBot’s Takedown
FluBot, the fastest growing Android malware operation, has been recently taken down. Along the way, FluBot has launched multiple attacks to steal victims’ banking and cryptocurrency account credentials. Law enforcement operations in 11 countries led to the successful takedown of the notorious FluBot. The countries involved in its takedown include Spain, Ireland, Finland, the Netherlands, the US, Sweden, Australia, Hungary, Switzerland, Belgium, and Finland.
In addition, the Dutch police could stop more than 6.5 million spam messages and secure 10,000 individuals from FlubBot’s network. The Spanish police arrested four FluBot members in March 2021 because the malware was most active in that region. The recent takedown results from a strenuous cybersecurity investigation by the law enforcement of the involved nations. The good thing about this takedown is that FluBot’s infrastructure remains under the control of law enforcement, and there is no way for the malware to make a return. This is a classic example of the possibility of success promised in fighting against cybercrime together.