Cyber Briefing - 2024.07.22
👉 What's happening in cybersecurity today?
Fake CrowdStrike Hot Fix, Remcos RAT, LATAM, GTA VI, Canadian Oil & Gas Sector, Credit Card Skimmer, Magento, LA County Superior Court Ransomware, Kofile Technologies, Social Security Numbers, Cadre Holdings , South Korea, YouTube Channels, Philippine President, Smear Campaign, Microsoft Windows, Automated Bots, Web Traffic, GraphQL API, DoS Vulnerabilities, NoName057(16), Scattered Spider, Ransomware, UK Police.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
On July 19, 2024, a failed CrowdStrike Falcon sensor update led to widespread IT outages, providing an opportunity for cybercriminals to exploit the situation. A malicious ZIP file named "crowdstrike-hotfix.zip" is being distributed, particularly targeting Latin American users. This file contains a HijackLoader payload that deploys the RemCos RAT, allowing attackers to gain remote control over infected systems. Agencies like the U.S. Cyber Defense Agency and the U.K.’s National Cyber Security Centre have issued warnings, advising users to be cautious of phishing scams and fake support offers.
Grand Theft Auto VI fans are being targeted by cybercriminals using fake beta download ads on social media. Bitdefender researchers have detected Facebook ads promoting early access to a non-existent GTA VI beta, luring users to download malware disguised as game files. These ads, targeting users in Europe, use stolen gameplay footage and convincing visuals to trick victims. The malware, once downloaded, mimics legitimate installers but deploys malicious payloads like info-stealers and remote access tools.
The Canadian Centre for Cyber Security has issued a stark warning about escalating cybersecurity threats targeting Canada's oil and gas sector, which is vital to the national economy and infrastructure. The sector, contributing approximately $120 billion to Canada's GDP, is increasingly vulnerable due to digital transformations in its operational technology (OT) systems. The report highlights a surge in cyber incidents, with a significant portion of organizations experiencing breaches, often through supply chain attacks.
Hackers have recently exploited swap files on Magento e-commerce platforms to deploy a persistent credit card skimmer, according to a report by Sucuri. By targeting the swap file where the system stores overflow data from RAM threat actors can access sensitive information without needing direct access to active memory. This method allows the malware to evade detection and removal efforts, maintaining its presence even after system reboots.
The Securities Commission Malaysia has issued a warning about investment scams utilizing deepfake technology to deceive the public. These scams feature convincing videos of prominent figures and reputable companies, created using AI to replicate voices and appearances. The videos are shared on social media and often include links leading to fraudulent investment pages. Once potential victims engage with these links, they are prompted to download applications or provide personal details, exposing them to further risks.
The Los Angeles County Superior Court will remain closed on Monday, July 22, 2024, as it continues to recover from a ransomware attack that began early on July 19. The attack has forced the shutdown of all 36 courthouse locations across the county, disrupting both internal and external court systems, including case management and jury duty portals. Presiding Judge Samantha P. Jessner stated that the closure is necessary to protect data integrity and ensure network stability.
On July 18, 2024, Kofile Technologies, Inc. reported a significant data breach that compromised sensitive consumer information, including Social Security numbers. The breach occurred due to a cyberattack that allowed unauthorized access to data stored on Kofile’s network. In response, Kofile has sent out breach notification letters to affected individuals and is offering 24 months of free credit monitoring through Experian. The company has secured its systems and is working to assess the full extent of the breach.
Cadre Holdings, a leading provider of safety and survivability products, disclosed a significant cybersecurity breach on July 15, 2024, after an unauthorized third party accessed its technology systems. The company promptly activated its response protocols, including system containment, investigation with external experts, and notification of federal law enforcement. While Cadre Holdings is still assessing the full impact of the breach, it remains unclear how the incident will affect the company’s financial condition or operations.
Recommended by LinkedIn
On July 20 and 21, 2024, South Korean drama fans were caught off guard when XRP hackers took over two prominent YouTube channels, tvN Drama and TVING. These channels, which are affiliated with the South Korean conglomerate CJ and boast millions of subscribers, were hijacked by the attackers who replaced their logos, banners, and descriptions with Ripple branding. The hackers also used YouTube's streaming features to broadcast Ripple and XRP-themed content.
The Department of National Defense (DND) of the Philippines has dismissed a circulating deepfake video depicting a man resembling President Ferdinand Marcos Jr. as fake. The video, allegedly presented at a gathering in Los Angeles by a group called “MAISUG,” features a figure in a green shirt holding a plastic pack with a crystalline substance intended to resemble illegal drugs. The DND condemned the video as a malicious attempt to destabilize Marcos Jr.'s administration and criticized the effort as an attempt to evade Philippine jurisdiction.
On July 21, 2024, Microsoft disclosed that approximately 8.5 million Windows devices were affected by a recent CrowdStrike Falcon software update failure, which led to widespread IT outages. The faulty update, deployed on July 19, 2024, caused critical systems to blue-screen globally. To assist in the recovery process, Microsoft has released a USB tool designed to help IT administrators restore impacted Windows clients and servers. Despite the issue affecting less than one percent of all Windows machines, the incident has had significant economic and operational repercussions.
As the travel industry rebounds in 2024, it faces a growing threat from automated bot attacks, which accounted for nearly 21% of all bot requests last year, according to Imperva’s 2024 Bad Bot Report. Bad bots now represent 44.5% of the industry's web traffic, up from 37.4% in 2022. These malicious bots target the industry through activities like unauthorized scraping of fare data, seat spinning to create artificial scarcity, and account takeovers.
A new report, "The State of GraphQL Security 2024," reveals that 69% of GraphQL API services are vulnerable to Denial of Service (DoS) attacks. Analyzing over 13,000 issues, the report underscores significant security gaps, including inadequate rate limiting and resource allocation. It highlights that 33% of services had high-severity issues, while 72% and 78% faced medium and low-severity problems, respectively.
On July 20, 2024, Spanish police arrested three individuals suspected of involvement in cyberattacks by the pro-Russian hacktivist group NoName057(16). The arrests, conducted in Mallorca, Huelva, and Seville, are part of an ongoing investigation into a series of Distributed Denial-of-Service (DDoS) attacks targeting critical infrastructure and government institutions in Spain and NATO countries supporting Ukraine. The detained individuals are believed to have used DDoS attacks to disrupt services and operations.
On July 18, 2024, UK authorities arrested a 17-year-old from Walsall in connection with the 2023 MGM Resorts ransomware attack. The arrest was part of a coordinated operation involving the West Midlands Police, the National Crime Agency, and the FBI. The teenager, suspected of being linked to the Scattered Spider hacking collective, faces charges under the Blackmail and Computer Misuse Act. Digital devices seized from the suspect are under investigation for further evidence.
Subscribe and Comment.
Copyright © 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: