Hyundai Europe Cyberattack, US Offers Bounty, Google’s Redesigned Interfaces – Cybersecurity News [February 05, 2024]

From ransomware attacks on Hyundai Motor Europe to the US cracking down on spyware and denying visas, it’s been a busy week in tech news. Here we are with the latest scoops in cybersecurity, sharing details of the above, along with the Chinese cyber attack on Dutch military networks, the US offering rewards for information on the Hive ransomware gang, and Google teasing a new sign-in page. Let’s get into them.

Hyundai Motor Europe Targeted in Black Basta Ransomware Incident

Hyundai Motor Europe was the victim of a Black Basta ransomware attack where the threat actors made away with 3 TB of corporate data.

Hyundai Motors began experiencing IT issues in early January, which were due to unauthorized third-party access in their networks. The organization did not share any details of the attack at that time but did say that trust and security were fundamental to their business. It was discovered later when threat actors shared the news that they claimed to have stolen 3 TB of data from Hyundai Europe.

The sample shared by the threat actors had folder names related to many departments – legal, sales, HR, accounting, management, and IT. The ransomware gang behind the attack, Black Basta, launched its operation in April 2022 with double-extortion attacks. It’s considered an offshoot of the Conti ransomware operations and has been behind attacks against the Toronto library, Capita, Sobeys, Knauf, Yellow Pages Canada, and many more. The pressing demand for phishing prevention solutions in businesses is evident from this news.

Hyundai suffered another attack a while back when the X (Twitter) account of Hyundai MEA was hacked to promote crypto wallet drainer sites.

US Pledges $10 Million Reward for Information on Hive Ransomware Leaders

The US State Department is offering rewards of up to $10 million to anyone who can share information that helps them locate, identify, or arrest members of the Hive ransomware gang.

The FBI highlighted how the threat actor group has extorted over $100 million from over 1300 organizations. The State Department is offering rewards for information that can help link Hive and other ransomware threat groups with foreign nations. Since 1986, the TOCRP (Transnational Organized Crime Rewards Program) has paid $135 million to people who have helped law enforcement bag threat actors.

This new offer came after the operation where the FBI seized Tor websites operated by Hive ransomware. It was a joint operation where the FBI infiltrated Hive servers and monitored the gang’s activity for 6 months, extracting and distributing 1300 decryption keys to the gang’s victims. The FBI also discovered communication records, malware file hashes, and information on nearly 250 affiliates of the gang.

The State Department will also offer $5 million for information about individuals who are conspiring to participate in or join the Hive ransomware gang.

Google Reveals Upcoming Refreshed Design for Sign-In Interfaces, Gmail Included

Google is about to change sign-in pages for the better with a modern makeover.

If you visit the login screen of any Google service, you’ll see a pop-up that hints at a new sign-in screen. The message reads, “A new look is coming soon. Google is improving its sign-in page with a more modern look and feel.” Google has been releasing many Material Design updates recently, the last one being the new style icons that the Chrome browser got in November. These new icons are distinct and boost legibility. The new update is expected to continue the minimalistic approach followed by Google’s Material Design principles and will likely create a better and more user-friendly approach during the login process.

Google has always prioritized security, and the new update will still come with top-of-the-line security. What look the update will bring to the Google Suite remains to be seen.

Dutch Military Network Compromised by Chinese Cybercriminals Using Malware

A Chinese cyber-espionage group got into the Dutch Ministry of Defence and deployed malware on many devices.

Malware trends

Images sourced from blog.virustotal.com

The MIVD (Military Intelligence and Security Service) of the Netherlands shared the news of the attack and also outlined that the threat actors made attempts to backdoor the hacked systems, but the damage of the breach was limited as the network was segmented. The network had 50 users who carried out R&D of unclassified projects and were notified.

The malware strain used was Coathanger, a RAT (Remote Access Trojan) that infects FortiGate network security appliances. Coathanger is a persistent threat that recovers after the system reboots as well. Even fully patched FortiGate devices were breached, which shows how serious the threat is. The Chinese hackers use the malware exploiting the CVE-2022-42475 FortiOS SSL-VPN vulnerability to compromise firewalls. The same vulnerability has also been used in zero-day attacks against many government organizations before.

This is the first time that the MIVD has shared a technical report for the public that outlines the working methods. The significance of this news underscores the immediate requirement for businesses to invest in Advanced Threat Defense.

US Implements Visa Restrictions for Individuals Associated with Commercial Spyware

Anthony J. Blinken, the Secretary of State, made a new announcement about a visa restriction policy that will allow the State Department to ban people linked to commercial spyware from entering the US.

The new policy will restrict entry of such individuals instead of arbitrary detentions or forced disappearances that were employed before. The Biden Administration also issued an Executive Order that prohibits the US government from using mercenary tools for surveillance that may pose risks to foreign policies or national security. From now on, the US can deny visas to individuals linked to spyware in 3 areas:

• If they use it directly to target activists, journalists, or other vulnerable groups.
• If they help develop, sell, or profit from organizations behind the spyware, especially if it’s being sold to countries with a history of human rights abuses.
• If they are close family members of individuals who fall into the first two categories.

The US State Department also thinks organizations like Intellexa SA from Greece, Intellexa Limited from Ireland, Cytrox Holdings Zrt from Hungary, and Cytrox AD from North Macedonia made spyware that’s being used around the world to bully opponents, silence critics, and spy on journalists.