Iranian Cyber Threats, October Patch Updates, China Infiltrates Wiretap – Cybersecurity News [September 30, 2024]
We’re back to provide you with the latest cybersecurity news of the week. This week, we dive into a joint warning from CISA and the FBI about Iranian-backed cyber activity aimed at undermining US democratic institutions. Microsoft’s Patch Tuesday for October 2024 addresses a range of critical vulnerabilities. We’ll also discuss the alarming report that China has infiltrated police wiretap systems, Sellafield’s hefty fine for cybersecurity breaches, and how gamers are tricked into downloading Lua-based malware through fake cheating script engines. Let’s explore each of these developments in detail.
CISA and FBI Warn of Iranian-Backed Cyber Activity
Big names like CISA (The Cybersecurity and Infrastructure Security Agency) and the FBI have issued a joint warning regarding cyber operations attributed to Iran’s Islamic Revolutionary Guard Corps (IRGC). According to the thorough investigations, the report suggests that these malicious cyber actors are supported by the Iranian government and are proactively engaging in social engineering tactics via email and chat platforms to undermine confidence in US democratic institutions.
Several mitigation strategies are recommended by CISA and the FBI in order to seamlessly counter these threats from future occurrences. Key actions include keeping all software and operating systems up to date, training staff to use only official business accounts for communications, and implementing phishing-resistant multifactor authentication (MFA). CISA’s Executive Assistant Director for Cybersecurity, Jeff Greene, stressed the growing risk posed by IRGC cyber actors and encouraged individuals and organizations involved in political campaigns to review and apply the measures outlined in the joint fact sheet to enhance their security posture.
Patch Updates, October 2024 Edition
Microsoft’s Patch Tuesday for October 2024 brings security fixes for 117 vulnerabilities, including two zero-day flaws under active attack. One is CVE-2024-43573, a flaw in MSHTML (the core of Internet Explorer) that allows threat actors to trick users into interacting with malicious web content, potentially compromising sensitive information. Despite Internet Explorer’s retirement, its MSHTML engine remains a risk, especially for systems handling sensitive data.
Another one comes under the critical zero-day categorization, CVE-2024-43572, which directly affects the Microsoft Management Console (MMC) and can be exploited for code execution. This vulnerability comes after the discovery of GrimResource, an attack method combining XSS vulnerabilities with crafted MSC files. Microsoft has now implemented protections to block untrusted MSC files.
Alongside Microsoft’s patches, Adobe addressed 52 vulnerabilities across its software suite, including Adobe Animate, Lightroom, and FrameMaker. Apple also released an update for macOS 15 “Sequoia” to resolve compatibility issues affecting security tools like CrowdStrike and SentinelOne, which were broken in the recent OSOS release. Users are urged to back up important data before applying patches, as some updates may cause stability issues. For a complete list of patches, refer to the SANS Internet Storm Center. It’s always wise to monitor for post-patch glitches, as compatibility issues occasionally arise after updates.
The Wiretap: China Has Infiltrated Police Wiretap Systems
The Wiretap: Allegedly a Chinese cyber-espionage group Salt Typhoon has reportedly hacked multiple telecom giants, including AT&T, Verizon, and Lumen Technologies, in an attempt to infiltrate police wiretap systems, according to a Wall Street Journal report. These types of cyberattacks raise concerns among individuals about critical communication networks being vulnerable to malicious frauds, especially the “backdoors” built for law enforcement to intercept data for criminal investigations. There are no reports or evidences as of now suggesting that these breaches affected international systems.
China is making reportedly making heavy investments in expanding its cybersecurity infrastructure and training individuals on cybersecurity concepts to aid them with critical missions in future. Seeing this, experts stress the need for curating better defense strategies and mechanisms against such sophisticated espionage campaigns. The prime targets of these tailored espionages include the ultra-sensitive government and commercial systems.
Sellafield fined for cyber security breaches
Sellafield Ltd, the organization managing one of Europe’s largest nuclear sites, has been fined £332,500. Its ITIT systems remained vulnerable to unauthorized access and data loss due to negligence in cybersecurity matters. The UK’s nuclear regulator, the Office for Nuclear Regulation (ONR), has consistently found Sellafield failing to comply with security regulations (statistics ranging from 2019 to 2023).
The Office for Nuclear Regulation (ONR) stated that such security gaps or exposed vulnerabilities could have resulted in serious consequences for the organization itself, and public safety would have been seriously hampered. Additionally, Sellafield pleaded guilty to three offenses related to cybersecurity failures and was ordered to pay £53,253.20 in prosecution costs.
The organization emphasized that the charges posed were from historical issues and that public safety or information security of prime assets was never compromised. Paul Fyfe, The ONR’s Senior Director of Regulation, noted that the firm was already aware of the failings and had failed to address the issues in a timely manner. However, improvements have been observed in the past year under new leadership, and the company is now said to be focusing more effectively on cybersecurity. Energy Secretary Ed Miliband also expressed concern, seeking assurances from the Nuclear Decommissioning Authority to ensure such failures do not occur again.
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
Gamers seeking cheating tools are being targeted by cybercriminals who are tricking them into downloading Lua-based malware disguised as popular cheating script engines like Solara and Electron. According to Morphisec researcher Shmuel Uzan, the malware, which has spread across North America, South America, Europe, Asia, and Australia, leverages the Lua gaming engine to establish persistence and deliver additional payloads. It’s a five-step mechanism process via which this malware is made active on the target host:
- The malware is first hosted on GitHub.
- The malware then intends to further exploit the GitHub repositories.
- These repositories contain ZIP archives, mainly constituting a Lua compiler, a Lua script, and a batch file.
- Once executed, the malicious script communicates with a command-and-control (C2) server.
- Then, they proceeded to tasks such as downloading RedLine Stealer or CypherIT Loader.
These actors with malicious intent curate sensitive credentials and system data, which are later sold on the Dark Web supporting the conduction of other attacks. McAfee Labs and OALabs previously identified this campaign, noting its reliance on GitHub to host malware payloads. GitHub has since taken action to remove the malicious content, highlighting the need for robust malware protection measures to safeguard against such threats.