As the scope of digitization is rising, so are the cyber threats associated with it. This has essentially given threat actors a goldmine wherein users’ details such as their names, addresses, social security numbers, etc., and other critical data, including financial details, is the metaphorical gold for them of which they can’t seem to have enough. This week’s headlines discuss these cyber threats that have affected people worldwide.
Is Telegram The New Threat?
Cybercriminals are exhibiting an affinity for the popular instant messaging app Telegram, as a joint study by Financial Times and Cyberint indicates. There has been a 100% increase in the use of Telegram among adversaries to buy, sell and share hacking tools and compromised data. The obvious conclusion is that Telegram is the new platform chosen by the threat actors to conduct their malicious practices. Groups with over a thousand subscribers have been discovered on Telegram, where the adversaries share the leaked data.
Recently a stolen data selling marketplace on Telegram with 47,000 subscribers called ‘Combolist’ was shut down to ensure ransomware protection. Many other channels exist that sell victims’ personal documents, online account details, financial card details, hacking guides, malware, etc. The probable reasons for this excessive use of Telegram by adversaries are its easy-to-use interface and legitimacy. In addition, the attackers do not risk losing their identity as Telegram only needs a phone number to register. Sometimes, it is easier to find interested buyers on Telegram than other platforms, which is yet another reason for its preference among the hacking community. Experts also highlight that Telegram’s advanced features enable the attackers to infect victim’s devices or steal data from their logged-in devices.
Telegram must use robust cybersecurity tools to stop such malicious groups from interacting and operating on its platform as it poses a severe threat to the 500 million+ users who rely on the app for their daily interactions.
Suex Condemned For Facilitating Ransomware Attacks
The Suex cryptocurrency exchange is on the radar of the US Treasury Department for its role in facilitating ransom transactions of threat actors. The Russian-linked exchange functions from St. Petersburg and Moscow, although it is registered in the Czech Republic. The Treasury Department accuses SUEX of facilitating several fraud transactions, with over 40% of its transactions linked to adversaries. SUEX is charged with Executive Order 13694 for supporting ransomware operations.
This marks the first sanction against a virtual exchange aimed at stopping all ransom payments leveraged through cryptocurrencies. The Treasury mentions that such ransom payments exceeded $400 million in 2020, and hence it was necessary to take action against such exchanges supporting cyber attacks.
The Treasury’s Office of Foreign Assets Control (OFAC) has also released an advisory to spread awareness on the sanctions risks related to ransomware payments linked to cyberattacks. The amount transacted on Suex since its launch in 2018 will leave you baffled. These statistics come from Chainalysis and reveal that Suex has received around $13 million from Ryuk, Conti, and other ransomware operators to date. Cryptocurrency scam operators have transacted over $24 million on Suex, and darknet markets account for $20 million of its funds.
LG Electronics Acquires Cybersecurity Firm Cybellum
In the latest cybersecurity acquisition, LG Electronics has acquired the Israeli automotive cybersecurity startup Cybellum. Founded in 2016, Cybellum provides risk assessment software for vehicle components and ensures ransomware protection against vulnerabilities. Recently LG had a deal with Cybellum where it acquired 63.9% of its shares. By the end of 2021, LG will acquire more company shares at rates to be finalized later.
In addition, LG signed a $20 million contract with Cybellum for future equity. Cybellum’s existing management team shall continue to operate independently even in the LG-acquired set-up where both the companies shall merge their resources in strengthening the security of LG’s automobile components.
As more and more vehicles become automatic and connected to networks, there is a greater need for robust cybersecurity measures. LG aims to boost its security systems using Cybellum’s advanced solutions. The electronics maker has invested in several joint ventures lately. These include the deal with Magna International and Alluto with Luxoft. LG is presently offering components and software for vehicles.
Have You Participated in Any iPhone 13 Reveal Event Recently?
Whenever there is a commotion or excitement among users/consumers, the adversaries sweep in to con the innocent. This time, the adversaries have used a fake Apple website and streamed a fake iPhone 13 reveal event promising free Bitcoin to unsuspecting fans. This phony website was live on 14th September, and all people who browsed for the Apple Event that day may have come across a genuine-looking stream that didn’t stream the original event and played old interviews with Tim Cook instead. These backdated videos then redirected people to a website called www.2021.apple.org. Like all typical Bitcoin scams, this website would ask users to send 0.1-20 bitcoin to the given QR code and have the amount doubled. This bait was enough to rob $69,000 from users.
However, those with a keen eye and knowledge of basic cyber hygiene etiquettes would have spotted several flaws and red alerts on the website – right from grammatical errors to the URL. As per reports, this fake website is currently down, and there is barely any chance of its revival as the hackers have already launched a successful attack, stealing $69,000 in Bitcoin from people.
Beware of New APT Group in Town – FamousSparrow
Email security researchers have spotted a new hacking group that spies on global entities. It is an advanced persistent threat (APT) group called ‘FamousSparrow’ and has been active probably since 2019. The threat actor has been linked with several attacks on international organizations, including legal firms, engineering companies, hospitality sector, and even governments. The victim organizations are based in the UK, the USA, Europe, Saudi Arabia, Israel, West Africa, and Taiwan.
From the looks of it, FamousSparrow is an independent group, unlinked to other APTs. But there is evidence of its ties with other threat actors as well. For instance, the loader used by SparklingGoblin was employed in one exploit, and the command-and-control server linked to DRDControl APT was used on another occasion. FamousSparrow also exploited ProxyLogon – the zero-day vulnerabilities used to compromise Microsoft Exchange servers in March 2021.
The APT group targets internet-facing applications and uses a custom backdoor called SparrowDoor to exfiltrate data. It is a threat to internet-facing applications like Microsoft Exchange servers, Oracle Opera, and Microsoft SharePoint. FamousSparrow is espionage driven, and as such, all internet-facing applications used by global governments need to be patched as soon as they are detected, or at least be protected from internet exposure till the bugs are fixed.
Spanish Citizens Beware of WhatsApp Linked Malware Campaign
Once again, the adversaries are using WhatsApp to infect users with Trojan. The Spanish authorities have already released an alert for citizens to guard against falling for such a phishing scam. The adversaries ask recipients to download a copy of their chats and call log from a particular location. This leads them to a .zip archive which, when opened, downloads the NoPiques malware.
The phishing emails use grammatically correct Spanish and hence appear believable at first glance. To this end, the Oficina de Seguridad del Internauta (OSI) under the Spanish National Cybersecurity Institute (INCIBE) has posted an alert on social media warning people about the malware campaign.