Gone are the days when only a password and anti-virus could protect systems from malicious actors. Newer and more sophisticated cyberattack vectors are being invented daily, so it is now important to consider ransomware protection, especially when it comes to protecting your organization’s information assets. Following the latest cybersecurity news headlines is also essential. Therefore, we bring you the major cyber news headlines from the past week:
Beware of Scams Twitter Users With Verified Accounts
In the latest scam, adversaries are targeting Twitter users with verified accounts. A verified account receives a blue tick or blue badge from Twitter to recognize the owner’s distinguished work in any field. Verified Twitter account holders are usually influencers, public figures, celebrities, sportspersons, authors, or other notable individuals. Of late, verified users are receiving emails from Twitter stating that their account has been suspended for some fake reason.
Receiving such a message often clouds our reasonability, and we end up doing what the attackers want us to do. In a typical verified Twitter account suspension scam, the attackers send a DM to the victims informing them of the account suspension. To enunciate the authenticity of the emails, they also mention that Twitter takes the security of its platform very seriously. The victims are told that their accounts have been marked as unsafe and inauthentic. The story after this is familiar: the attackers send a link to verify the username and password, and once a victim enters the details, the attacker gains access to the victim’s account.
Cybersecurity experts highlight that such phishing scams can’t be easily identified. Therefore, if you find yourself sharing your login credentials in response to such an email or text, act immediately and change your password at the earliest to prevent account takeovers.
Increasing Cyber Attacks on Law Enforcement Firms
Los Angeles-based cybersecurity company, Resecurity recently reported an increase in cyberattacks targeting law enforcement agencies in Q2 of 2022. The company claimed that adversaries are targeting law enforcement officers’ email and other online accounts to get access to their internal systems. In a typical attack, threat actors send fake subpoenas and emergency data requests to victims from already hacked accounts of law enforcement officers.
Such an attack scheme has already been used to target companies like Facebook (Meta), Apple, Discord, and Snapchat. Adversaries could gather sensitive information from such attacks to launch cyberespionage and extortion campaigns. The attack groups frequently using these schemes include the Recursion and LAPSUS$ groups. Resecurity further reported that adversaries are making money on the dark web by selling the credentials of police officers worldwide.
Resecurity pointed out the lack of security in law enforcement IT infrastructure, which attackers can easily misuse for malicious purposes. Such attacks on law enforcement have increased in the recent past, with Conti claiming the latest attack on the Intelligence Agency in Peru as just another example.
As per reports, such malicious attacks are mainly targeting countries of South-East Asia, Latin America, and offshore jurisdictions. Resecurity is actively taking part in the fight against these threat actors and is committed to providing actionable cyber threat intelligence (CTI) to law enforcement, technology companies, and financial institutions.
AstraLocker Ransomware to Shut Down
The AstraLocker ransomware recently announced that it was shutting down its operations and switching to cryptojacking. The AstraLocker developer shared the decryptors with VirusTotal (a malware analysis platform) as a final step before shutting down the operations. The archive was evaluated, and the decryptors were found to be legitimate. Although the ransomware group stopped functioning, they hinted at a comeback sometime later and said they would now explore crypto jacking.
The ransomware gang did not mention the reason for the shutdown, but it is likely because of its recent publicity and the chance of landing on law enforcement’s radar. Emisoft is currently working on releasing a universal AstraLocker decryptor and hopes to help its victims with data decryption and ransomware protection.
PwnKit: New Vulnerability in CISA’s KEV Catalog
A Linux vulnerability called PwnKit was recently added to CISA’s Known Exploited Vulnerabilities Catalog. With a CVSS score of 7.8 and records of active exploitation, PwnKit has been tracked as CVE-2021-4034. It first came to light in January 2022 and allowed attackers full admin rights over a compromised device. Successful exploitation of PwnKit could induce pkexec and lead to arbitrary code execution.
The vulnerability is dangerous because its escalation in Polkit’s pkexec utility enables hackers to execute commands as another user. Polkit controls system-wide privileges in Unix-like operating systems and facilitates communication between non-privileged and privileged processes. So far, cybersecurity experts haven’t been able to identify the threat actors that exploited PwnKit. Still, they advise organizations to patch security issues at the earliest to avoid the risk of potential exposure.
Google Patches A Zero-Day WebRTC Flaw
Google recently issued a patch for a zero-day WebRTC flaw affecting Chrome. Tracked as CVE-2022-2294, the vulnerability was actively exploited to infect browsers with real-time comms capabilities. The bug details have been listed in the Chromium project bug log, and Google’s notification calls it a “Heap buffer overflow in WebRTC.”
First reported by Jan Vojtesek Avast’s Threat Intelligence team, this Chrome bug can be fixed with version 103.0.5060.114 for Windows and Chrome 103.0.5060.71 for Android. Google mentioned that the bug had been actively exploited, but there is no way to ensure cybersecurity other than getting the Chrome patch. Experts advise against using browser-based comms tools till the patches are released.
Beware of Phishing Emails from the Singaporean Transportation Division
A new phishing scam has emerged in Singapore where adversaries pose as personnel from the “Division of Transportation” and send emails to citizens saying that they have committed a traffic offense for which they need to make a payment and provide their details. Clicking on the attached link leads citizens to a spoofed website. In Singapore, vehicle owners are asked to provide the driver’s details before issuing a traffic offense notice to the offender.
One might think that the system is getting digitized, but the traffic police never issue digital notices. Cybersecurity experts advise the public to refrain from clicking on links that come with unsolicited texts and emails. Always verify the authenticity of an email before revealing your personal or financial details. Furthermore, citizens are asked to report any fraudulent charges on their debit or credit cards.
Google Introduces Password Manager Service
Google recently announced some improvements to its password manager service that aim to bring a consistent look across different Google platforms. This service will include a management experience that will remain consistent for Android and Chrome settings. With these updates, multiple passwords for the same site will get auto-clubbed together, and users will also be able to add passwords manually. So far, Google has no plans to launch this service as a standalone app, but Android users will be able to add it as a shortcut on their home screen.
On the other hand, iOS users who have Chrome as their default autofill provider can now avail of the Password Manager’s auto-generating strong and unique passwords. Android’s built-in Password Checkup feature is also getting an upgrade. These enhanced cybersecurity features can check for hacked credentials and highlight weak or reused passwords. To ensure ransomware protection, Google has also incorporated a feature that sends compromised password warnings to Chrome users.