Listen to this blog post below

Here is the latest cybersecurity news to be aware of to stay protected from the clutches of malicious cyber-attacks that may pop up any moment with phishing emails, ransomware attacks, or any of the numerous other attack vectors.

 

Chinese Threat Actor, Camaro Dragon, Is Back with Self-Propagating USB Malware

Malware that spreads through infected USB drives is in the news right now. Chinese threat actors are suspected as the activities are similar to Chinese groups Mustang Panda and LuminousMoth.

The espionage malware, Camaro Dragon, started spreading when an unnamed European hospital employee connected his USB drive to an infected computer system while attending an Asian conference. The infected USB later spread the malware in the European hospital’s information system. Thus, the malware, which is prominent in Southeast Asian countries, has now made a global presence.

When a USB drive is inserted into a system infected with malware, the malware creates many hidden folders at the root of the drive and copies a Delphi loader. The malware makes use of the HopperTick launcher and WispRider backdoor infection component. The countries currently affected are Myanmar, the UK, South Korea, Russia, and India.

Camaro Dragon is also seen to be updating the malware to newer versions. Therefore, besides following precautions for email phishing protection, users must also be alert in following cybersecurity best practices associated with USB storage drives.

 

TimiSoaraHackerTeam (THT) Ransomware Disrupts US Cancer Hospital and Risks Patient Lives

The Department of Health and Human Services (HHS) has released an alert regarding a ransomware-as-a-service group that has resurfaced this week and disrupted a US cancer treatment facility.

The financially motivated RaaS group known as THT (TimiSoaraHackerTeam) was also in the news earlier when it attacked a hospital in France.

At present, it has created a stir by encrypting critical information files in an unnamed cancer facility in the USA. The attack disrupted cancer treatment and risked many patients’ lives by blocking digital services and exposing confidential patient data.

Though THT is not a well-known threat group, it may have connections with China and Eastern Europe and links with other threat actors like APT 41 and DeepBlueMagic. A unique characteristic of the group is its use of legitimate computing tools like Jetico’s BestCrypt and Microsoft’s Bitlocker.

 

ransomware report

 

FBI and CISA (Cybersecurity & Infrastructure Security Agency) have urged users to report if any traces of THT activity is noticed immediately. Users must always be prepared with proper cybersecurity tools and safeguards for ransomware protection to stay safe from THT and similar groups.

 

 

Ukrainian Cyber Police Busts Crypto Malware Group Targeting Canadians

Two Ukrainian residents targeting foreigners’ crypto wallets through a fake call center have been apprehended by the Ukraine Cyber Police force.

The fraudulent call center set up by two Ukrainian residents in the Khmelnytskyi region to steal money from foreign residents, especially those in Canada, has ended with the intervention of the law enforcement division of Ukraine.

The call center recruited staff through a highly professional interview process, and the candidates had to pass English proficiency and polygraph tests. Through the recruited staff, they reached out to foreign residents in countries like Canada through calls and text messages, offering benefits from stock trading.

They urged the customers to install software in their systems to receive the profits. The installed malware gets hold of customers’ crypto wallets, usernames, passwords, and account details.

Ukraine Cyber Police have confiscated money from the threat actors that they have made illegitimately, besides SIM cards, mobile phones, and computer systems. Those who handle cryptocurrency must remain utterly alert and use updated cybersecurity tools to stay safe from the clutches of such malicious crypto groups.

 

Millions of Organizations and Customers Vulnerable to Repo Jacking on GitHub Repositories

Aqua Nautilus has discovered vulnerabilities in GitHub datasets that can severely impact millions of organizations and their customers.

GitHub’s repositories with retired names of some existing organizations have information easily accessible to malicious actors. While the organizations’ data may be secure currently, anyone can easily access the confidential information associated with them from the repositories if they had an entry there previously with a different name which may be retired now.

Vulnerable organizations include big names like Google, Lyft, and others who prefer to remain anonymous. Some such major brands who discovered the risk have mitigated them immediately.

 

Malicious actors

 

Aqua Nautilus examined a sample of 1.25 million names in repositories and found 36,983 vulnerable. It means there could be millions of vulnerable names, considering the total repository names to be more than 300 million.

Malicious actors can quickly get old retired names of organizations existing with different names through online sources like the GHTorrent project. Subsequently, they can look for those abandoned names in GitHub and hijack the repositories (hence the name Repo Jacking) to access confidential information of the organizations and their customers.

Users must refrain from abandoning the ownership of their old names to avoid such repository hijacking and claiming of the old names by malicious actors. They must also be cautious when involved in mergers and acquisitions resulting in a name change.

Pin It on Pinterest

Share This