Cyber adversaries’ ways of intruding into private networks only seem to be evolving. The best way to stay ahead of them is to invest time and resources in acquiring the right cybersecurity tools. Here are this week’s top cyber news headlines to help the pursuit of creating safe cyberspace for all.
Misconfigured Cloud Servers No Longer a Rarity
Cybersecurity experts at Palo Alto Networks’ Unit 42 recently highlighted the widely known and ignored fact that cloud misconfigurations at the organization level have increased significantly. As a result of poorly configured cloud services, more and more user data is getting compromised. Palo Alto Network conducted a detailed study on the frequency and origin of these attacks between July and August 2021. The study revealed that 80% of the networks left vulnerable on purpose (honeypots) were compromised within just a day, and the period was seven days for the rest.
The most attacked SSH honeypot was targeted 169 times on the same day. On average, each honeypot was compromised 26 times a day. Another shocking instance of attackers’ proactive spirit was that an adversary compromised 96% of the researchers’ honeypots within just half a minute! This experiment is a wake-up notification to all organizations leaving their servers misconfigured. While cloud services have increased the efficiency and accessibility of data, there is an increased risk of data theft and targeted cyberattacks. As such, enterprises must take cloud security seriously and incorporate measures to check the accessibility of privileged ports.
Ukrainian Investigators Arrest Five Members of the Phoenix Gang
Ukrainian cybersecurity watchdogs recently arrested five members of the mobile hacking group Phoenix. The attackers targeted users through Apple and Samsung phishing sites. Downloading an app from these sites gave adversaries remote access to the victim’s devices. The attackers could then withdraw funds and steal and sell users’ private files for $200 per user account.
Phoenix members also indulged in money-making by unlocking stolen and lost Apple devices and selling them through store chains in Kyiv and Kharkiv. With over 200 victims and two years of operation, the arrested Phoenix members ran so-called telephone shops. The investigators searched their houses and these shops, which were underground technical centers in reality.
The search led the investigators to stolen devices and software, and hardware customized to hack accounts. A look into the attackers’ profiles revealed that they all graduated from higher technical colleges, which again hints at the consequence of not having enough job opportunities for technology graduates in the Russian region. These five Phoenix members now face charges under Article 361 of the criminal code for breaking cybersecurity rules and conducting illegal cyber activities.
Did You Know That Printers Need to be Secured?
One might think that an external device plugged occasionally is not a threat to the organization’s security, but recent research reveals that printers connected to the internet are vulnerable to DDoS attacks. Cybersecurity experts warn that unprotected printers which are exposed on the internet are prone to a series of attacks called ‘Printjack.’ With such easy accessibility, the adversaries can launch remote execution and DDoS attacks.
Experts further highlight the incompatibility of many printers (used in professional setups) with the cybersecurity norms of IoT devices. Such printers are more vulnerable to the external threat, and this can be seen in excess power consumption and heat generation, sudden unresponsiveness and poor performance of devices, etc.
While the general notion is such that we overlook the prospect of securing our endpoint systems, we must remember that these are indeed systems that can open backdoors for criminals and cause much disruption to the functioning of an enterprise.
FBI Warns of Cyber Attacks Ahead of Holiday Season
As the holiday season approaches, the Federal Bureau of Investigation (FBI) issues its much-needed notice warning netizens of cyber frauds coming ahead of the holiday season. Online shoppers tend to be very active online during this time of the year when prices of goods are unreasonably lower. However, many malicious actors thrive on this innocent impulse of people to gain from holiday offers and sales. The FBI estimates that over $53 million will be lost to holiday-related scams this year.
Over 17,000 fraud sale cases were reported with the FBI Internet Crime Complaint Center (IC3) last year, and this year too, the numbers are expected to be equally high, if not greater. Among the many lures that adversaries use, the feds expect strategies like fraudulent emails and advertisements giving out misinformation, fake shopping websites, misleading social media posts, etc. All of these tactics are designed to steal victims’ personally identifiable information (PII) and financial details.
Thus, the FBI released a list of cybersecurity best practices for shoppers this holiday season, including a range of tips from being skeptical of random offers and site links to changing passwords and avoiding public WiFis.
PerSwaysion and the Increase in Phishing Campaigns
Cybersecurity experts at Group-IB had identified a phishing campaign called PerSwaysion in January 2020, which has been operational at least since 2017. With its active presence across the UK, Germany, Hong Kong, and Germany, the campaign has targeted over 156 high-ranking officials so far.
Recent research by URLscan revealed that PerSwaysion now has a global presence with over 444 phishing attempts targeting 14 industrial sectors and 7400+ people. Victims of PerSwaysion include US government organizations and departments, among others. The increased use of the malicious campaign is attributed to its easy implementation across Microsoft services like Sway, OneNote, SharePoint, etc.
Over time several important revelations have been made about the phishing campaign. Some of these include spoofed templates of popular brands, use of JavaScript to pack malicious codes, use of a malicious setup to evade analysis by Chrome’s Developer Tools, and use of URL shorteners to avoid detection by email filters etc. These recent findings signify that ransomware protection measures need to be upgraded to handle the increasing PerSwaysion-based attacks.
More Victims in GoDaddy Breach
The recent GoDaddy breach, which had initially affected an estimated 1.2 million people, has affected the customers of several other brands that resell its Managed WordPress. These subsidiaries of GoDaddy include Domain Factory, 123Reg, Host Europe, Heart Internet, tsoHost, and Media Temple. GoDaddy confirmed that a few active and inactive Managed WordPress users across these brands had been affected by the breach, but no other brands were impacted. The concerned brands have already approached their affected customers with breach notifications and recommendations as part of their cybersecurity measures.
The user details stolen in the incident include the email IDs, usernames, passwords, and customer numbers of over 1.2 million Managed WordPress users. GoDaddy is now issuing new certificates for the victims and doing everything in its capacity to limit the effects of the attack.