The number of cyberattacks is increasing at an alarming rate. The majority of these cyber attacks are not even reported, and at times, not even detected. To ensure that your organization isn’t targeted by one such malicious attack, you must ensure that your organization has a robust cybersecurity posture and adequate ransomware protection and phishing protection measures in place. This week’s headlines cover some major cyberattacks that will give you a good idea of what you can expect if your organization does not have a solid cybersecurity posture.
Beware of Malicious Websites Promoted Through SEO Fraud-as-a-Service
Cybersecurity researchers at ESET have discovered a new trojan that manipulates search engine results. The malicious IISerpent trojan, which uses various SEO techniques to improve the ranking of malicious websites, went undiscovered until now. The fake websites probably hire the trojan to improve their ranking in Google searches from where they will find their targets. It derives its name from its execution in Internet Information Services (IIS) web servers to exploit Search Engine Page Results (SERPs).
IISerpent operates to protect malicious websites by blocking all HTTP requests. This equates to one threat actor group providing SEO fraud as a service to fellow threat actors. Netizens are advised to refrain from installing IIS extensions from suspicious sources and update their IIS servers at the earliest.
SIM Swapping Attacker Pleads Guilty
SIM swapping attacks are a major cyber threat, and the US Department of Justice arrested two Massachusetts men Declan Harrington and Eric Meiggs, back in November 2019. While Meiggs is scheduled to be sentenced on 24th May 2022, Harrington recently pleaded guilty to several charges.
Harrington is a young man of 21 with five-wire frauds and one computer fraud and abuse, conspiracy, and aggravated identity theft (each) to his credit. Of these, wire fraud comes with a maximum of 20-years in prison and a $250k fine.
Before their arrest, Meiggs and Harrington were involved in several account takeovers and cybersecurity incidents that compromised victims’ email and social media accounts. They primarily used SIM swapping techniques to launch these attacks. They even used extreme measures like threatening victims at some point in their attack scheme. One such recorded incident was when they threatened to kill a man’s wife if he didn’t disclose his Instagram password!
Google Fixes Nine High-Severity Flaws In Chrome
This year, Google is set to patch vulnerabilities and has already fixed over half a dozen vulnerabilities in Chrome. It recently announced patches for nine high-severity vulnerabilities in the Chrome web browser. These shall arrive in the Chrome 92.0.4515.159 version on Windows, Linux, and Mac computers. The most serious of these vulnerabilities were dubbed as CVE-2021-30598 and CVE-2021-30599. Both these flaws existed in the V8 JavaScript engine and were detected by Manfred Paul in July this year. Paul received a bug bounty of $21k for each of these vulnerabilities.
The other flaws fixed in this Chrome version include the CVE-2021-30600 and CVE-2021-30601, which existed in the Printing and Extensions API, respectively. The reporters of these bugs received $20,000 each as a bounty. Two other use-after-free vulnerabilities in WebRTC and ANGE dubbed as CVE-2021-30602 and CVE-2021-30604 were patched along with a high-severity flaw in WebAudio detected by Google’s inhouse researcher and dubbed as CVE-2021-30603. Google’s efforts at ensuring email security for users are evident in these programs.
Indra Threat Group Allegedly Attacked Iranian Infrastructure
It was only last month that the Indra threat group attacked Iran’s railways, and the transport ministry was targeted in a cyberattack. Before that, the group also used a wiper to target the networks of several Syrian entities. The same tactics used in the Syrian attacks were observed in the attacks on Iranian infrastructure, and cybersecurity researchers believe that this threat group is independent of any nation-state support. The Indra group has been using versions of the Stardust, Meteor, and Comet wipers to infiltrate into the victims’ networks since 2019.
The group has clearly expressed its disapproval of the Iranian regime and is known for attacking organizations associated with the Islamic Revolutionary Guard Corps (IRGC). While the Indra group hasn’t owned up to the recent attack on Iranian infrastructure, its involvement is quite apparent.
Threat Actors Steal $2.6 Million From Fetch.ai Via a Binance Fraud
Adversaries got into the Binance cryptocurrency exchange’s system sometime in early June and stole about $2.6 million worth of assets from a UK-based AI organization’s account. The incident happened on 6th June 2021 when $2.6 million worth of holdings belonging to Fetch.ai were sold off from Binance by the adversaries. Consequently, Fetch.ai filed a lawsuit against Binance, and now the London High Court has ordered Binance to investigate the matter and freeze the attackers’ accounts.
In a statement provided to Information Security Media Group, Binance says it already has the policy to do as the court requests. Binance already has the practice of freezing suspicious accounts and says that it will accommodate the court’s requests and do the same this time to ensure cybersecurity for its users. Further, Binance is also trying to recover the lost assets of Fetch.ai.
What Must an Organization do When Attacked?
When a cyberattack hits an organization and affects its users and stakeholders, the least they can do is not misstate facts about the breach. However, the latest revelation proves that Pearson has primarily tried to downplay and hide a 2018 cyberattack that impacted over 13,000 schools, universities, and district customers. Even now, the organization is just trying to evade allegations by paying a penalty of $1 million.
Chinese attackers had infiltrated Pearson’s AIMSweb1.0 web-based software used to store student’s details such as their names, email addresses, DOBs, and academic performance. The SEC Enforcement Division’s Cyber Unity Chief – Kristina Littman, states that Pearson avoided disclosing the cybersecurity incident to investors till the last minute when the matter finally reached the media. In its statement, too, Pearson understated the attack’s impact and overstated its data protection measures. After an attack, the least an organization can do is present the facts about the incident and help victims prepare for the after-attack risks.