In this fast-paced world where things change overnight, ensuring cybersecurity is a rather challenging task. While adversaries are constantly looking for avenues to exfiltrate data and compromise systems, our goal is to ensure the security of our information systems. The following cyber news headlines aid in this process of understanding cybersecurity better and protecting our systems:
Ukrainian Police Arrest Nine Cybercriminals
The Ukrainian cyber-police has recently arrested nine alleged members of a renowned phishing gang. This gang was recently involved in a scam that stole $3.4 million with a fake promise of financial assistance from the EU. These nine hackers were charged for their role in developing and operating more than 400 phishing sites that urged victims to provide their banking details to be able to apply for social welfare payments from the EU.
Once victims entered their details, these hackers would compromise their accounts and transfer funds. Reportedly, these threat actors scammed over 5,000 individuals via this scheme. The Ukrainian cyber police also confiscated mobile phones, computer equipment, bank cards, and money stolen by these hackers. If convicted, the nine accused are looking at 15 years in prison. This arrest is one of the many cybersecurity measures adopted by the Ukrainian government in recent times.
Lazarus Group Suspected to be Responsible for Theft at Harmony Horizon Bridge
Cybersecurity experts suspect the North Korea-backed hacking group Lazarus to be responsible for the recent theft of a $100 million altcoin from Harmony Horizon Bridge. Horizon Bridge is a platform allowing crypto users to move funds across blockchains. In the breach that happened on 23rd June, hackers made multiple transactions and stole around $100 million from Horizon Bridge. Among the stolen assets were Tether, Ether, BNB, and Wrapped Bitcoin.
The blockchain analysis company Elliptic revealed that how the funds were stolen indicates that the hacker is linked to the Lazarus Group. Further, the attack on Harmony involved the compromise of the cryptographic keys of a multi-signature wallet – a technique typically used by the Lazarus Group. Such evidence has compelled researchers at Elliptic to conclude that the Lazarus Group was involved in the recent attack on Horizon Bridge.
CYBER.ORG to Launch Cybersecurity Education for Blind Students
The cybersecurity workforce development organization – CYBER.ORG recently announced the launch of its new project – Project Access. Project Access is a nationwide effort to make cybersecurity education accessible for visually impaired and blind students. A part of CISA’s Cybersecurity Education and Training Assistance Program (CETAP) grant, Project Access shall include a series of summer camps for students between the age group of 13 to 21. In these summer camps, they will be taught about the primary cybersecurity topics and trained to pursue careers in cybersecurity.
The program Project Access began in 2017 in collaboration with Virginia’s Department for the Blind and Vision Impaired (DBVI). It aimed at creating a cybersecurity curriculum for visually impaired and blind students. 94% of these DBVI participants were interested in pursuing careers in cybersecurity. Various non-visual techniques were used for learners new to technology, and for those with secondary disabilities, STEM career exploration and hands-on learning opportunities were created. The current CYBER.ORG program will involve local teachers conducting Linux summer camps in Michigan, Virginia, Maine, and Arkansas. Students will also be introduced to cybersecurity professionals.
These Linux camps will introduce learners to server and network operations, ways of setting up servers, verifying whether websites are 508 compliant, etc. students will also learn the basics of circuit construction, coding, cyber safety, and bot assembly. With such significant lessons on its agenda, this program aims to challenge all notions that these visually impaired students cannot make careers in cybersecurity.
LockBit Launches Big Bounty Program
It is unusual to hear about ransomware gangs launching bug bounty programs, but the LockBit ransomware group announced the first such program. Known as LockBit 3.0, this bug bounty program involved launching new extortion tactics. It all began with the launch of LockBit’s revamped RaaS operation a few days ago. The LockBit 3.0 program asked researchers to report bugs and receive rewards between $1,000 and $1 million in return.
LockBit 3.0 involved several bug bounty categories such as Locker bugs, website bugs, Tor network flaws, TOX messenger vulnerabilities, etc. Further, there is a $1 million bounty in Bitcoin or Monero for the researcher who can identify the affiliate program boss and reveal his credentials via TOX messenger. LockBit has also accepted Zcash as a payment option starting with LockBit 3.0. Because it is harder to trace and readily available at Coinbase, Zcash becomes convenient at this point as victims can easily purchase it and make ransom payments.
Currently, LockBit is one of the most popular and risky ransomware actors. This bug bounty program for a RaaS operation will only increase its impact on user devices. Since threat actors like LockBit are innovating and reaching newer realms of attacking our devices, we, too, need to improve and constantly enhance our cybersecurity measures.
Mozilla Firefox 102 Patches 19 Vulnerabilities
Mozilla recently announced that Firefox 102 patches 19 cybersecurity issues, which includes four high-severity bugs. A high-severity vulnerability exploiting a use-after-free issue in nsSHistory tracked as CVE-2022-34470 got patched in the new Firefox version. This vulnerability occurred while navigating between XML documents and could lead to a system crash. Such use-after-free vulnerabilities are also used to conduct arbitrary code execution, DoS attacks, data corruption, and a full system compromise. It was a rather risky flaw as adversaries could easily use it to evade a browser’s sandbox.
Another high-severity vulnerability that got fixed in Firefox 102 was dubbed CVE-2022-34468. This vulnerability facilitates the bypass of a CSP sandbox header without `allow-scripts` because of which when a user clicks on a javascript: link, an iframe can script without authorization.
The third significant flaw fixed in this Firefox version is dubbed CVE-2022-34479. It is a Linux-specific issue that enables adversaries to create popup windows that can overlay the address bar with web content and facilitate spoofing attacks. Along with fixing multiple other memory safety bugs, Firefox 102 improves user privacy by fixing a query parameter tracking limitation. Further, it enhances process isolation with its stricter sandboxing in audio decoding.
Beware of Copyright Infringement Emails from LockBit
The LockBit ransomware gang is back with a new scheme where they send malicious copyright infringement emails to users. The adversaries send the malicious loader as a PDF attachment with this fake copyright claim email. The email tells the recipient that using media files without the creator’s prior permission is a copyright violation and that legal actions might be taken against them if the illegal content isn’t removed from the website immediately. The attached file is supposed to contain more information on the same.
Once the recipient opens this attachment, the malware gets loaded and encrypts the device with LockBit 2.0. This attached PDF is a password-protected NSIS installer with a compressed file within a ZIP archive. It is a rather popular technique among ransomware actors to use copyright violation claims to trick users. Therefore, avoiding downloading attachments in such emails is always recommended to ensure ransomware protection.