Cybersecurity headlines are again crowded with news of unfortunate cyber attacks, which serve as a good reminder of why it is crucial to have adequate cybersecurity measures in place at the organizational level and follow cyber hygiene best practices at the individual level. Following are the major security headlines of this week.
Is Cloud Really The Best Security Option?
A 40-year-old California man named Hao Kuo Chi has been providing hacker-for-hire services and helping people steal private videos or pictures of iCloud users. Going by the name of icloudripper4you, Chi has stolen over 620,000 sensitive images and videos of Apple users who may have used the iCloud service to store their private content safely.
Chi pretended to be an Apple customer support technician and used social engineering to get the iCloud user ID and password of over 4700 users who had willingly sent their details to two legitimate-looking fake email accounts he created. Chi has been allegedly in this business since March 2018, but when the FBI could trace back a victim’s compromising pictures to the IP address of Chi’s home computer, they could get a search warrant. The raid at Chi’s house provided ample evidence of his malicious cybercrime. Finally, Chi agreed to plead guilty for three incidents of gaining unauthorized access to victim computers and one instance of conspiracy. He is likely to be sentenced to five years in prison for each of these cybersecurity breaches.
Earth Baku Targets Industries in The Indo-Pacific Region
As per the latest reports from Trend Micro, the threat actor Earth Baku, or APT41, has been targeting organizations in the Indo-Pacific region with cyberespionage attacks since July last year. Earth Baku uses several attack vectors like installer tool InstallUtil[.]exe, malicious email attachment, SQL injection, and the CVE-2021-26855 vulnerability to attack public and private entities working in the Indo-Pacific region. The APT41 threat actor group also used shellcode loaders (StealthMutant and StealthVector) and a backdoor (ScrambleCross) to attack the Indo-Pacific region countries, including India, Vietnam, Taiwan, Indonesia, Malaysia, and the Philippines.
Earth Baku has been operating since November 2018, but it seems like some new and skilled experts in low-level programming and software development have joined the group. Since their recent attacks are primarily targeted at the industries in the Indo-Pacific region, cybersecurity tools must be adopted by stakeholders in these nations as there can be more APT41 attacks in the near future.
DeFi Scams on The Rise, Investors Beware
DeFi platforms have attracted a lot of global crypto investors over the last year. And it is also turning out to be a goldmine for cyber attackers who are eventually discovering ways of hacking into these newly emerged digital trading platforms. A report by Atlas VPN suggests that 76% of all financial hacks in the first half of 2021 targeted DeFi platforms as opposed to a mere 25% in the previous year. The rise of DeFi hacks is evident in the attack stats of the last three years, where $0 was lost to hacks in 2019, $129 million in 2020, and $361 million in the first half of 2021.
It isn’t surprising that DeFi attacks are the most common cause of financial loss in recent times, having surpassed the losses from ransomware and phishing attacks. Cybersecurity experts at Atlas VPN remark that developer incompetencies in DeFi projects are a significant factor in inviting malicious actors. Millions are being lost to rug pull where scammers hype up the value of a coin and then disappear with all the investors’ money. Investors must watch out for new coins promising significant gains because, as tempting as they may look, they may rob you of all your invested amount.
Beware of Scams That Promise Early Access to Kanye’s New Album
When the world goes hysterical, and there is the hype about something, be it a pandemic, vaccination drive, or an album release (as in this case), the adversaries view this as an opportunity to trick people and make them download malware. The latest cybersecurity incident to draw the attention of Kaspersky experts is the spread of malicious Black Window files by adversaries in the name of Kanye West’s latest album, “Donda.”
Though this attack scheme isn’t being used on a broader scale, the adversaries are still trying to deceive people with the bait of early access to Kanye’s album. An excited fan cannot reason and makes an impulsive click when they find any file promising to be the latest album or song. This lack of precaution is causing attackers to spread two adware files among Kanye fans. These files go by the name of DONDA (Explicit) (2021) Mp3 320kbps [PMEDIA] __ – Downloader.exe and Download-File-KanyeWestDONDA320.zip_88481.msi. The adversaries either send a link to directly download Kanye’s new album or fill a survey form first. This form collects the PII (Personally Identifiable Information) of unsuspecting users before redirecting them to the website, where they are promised early access to the album but instead have malware downloaded into their systems.
ShadowPad And Chinese Hacker Groups
Chinese threat actors have been actively using a backdoor malware called ShowdowPad since 2017. This Windows backdoor comes with a lot of malicious advantages.
The espionage groups Operation Redbonus, APT41, Operation Redkanku, Tick & Tonto Team, and Fishmonger are among the primary users of ShadowPad as it provides them with anti-detection features at reduced maintenance costs. This malware-as-a-service is sold privately, where buyers are offered plugins for the malware platform separately. Further, it is open to deploying new plugins to a backdoor as long as one can correctly produce a plugin. Such innovation and freedom to enhance malware is bad news for the lay netizen. It motivates and empowers threat actors to adapt, innovate and experiment with malware at the expense of the cybersecurity of innocent users.
Bumble Fixes Security Flaw Exposing Users’ Location
A software engineer at Stripe, Robert Heaton, recently discovered a security vulnerability in the dating app Bumble. The flaw could let attackers pretend to be app users looking for a date to pinpoint their location via a trilateration attack. This flaw in Bumble’s interface was enabling malicious actors to stalk their potential victims.
Fortunately, Bumble quickly responded to Heaton and fixed the issue within 72 hours of being approached. In addition, Bumble introduced additional email security measures to prevent matching users to suspicious users or those not in their match queue.