Cyber4Dev weekly update

/

NEWS:

Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrency

US Department of Justise: Two individuals were arrested Tuesday morning in Manhattan for an alleged conspiracy to launder cryptocurrency that was stolen during the 2016 hack of Bitfinex, a virtual currency exchange, presently valued at approximately $4.5 billion. Thus far, law enforcement has seized over $3.6 billion in cryptocurrency linked to that hack.

https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency

European, U.S. regulators tell banks to prepare for Russian cyberattack threat

FRANKFURT/LONDON, Feb 9 (Reuters) – The European Central Bank is preparing banks for a possible Russian-sponsored cyber attack as tensions with Ukraine mount, two people with knowledge of the matter said, as the region braces for the financial fallout of any conflict. The stand-off between Russia and Ukraine has rattled Europe’s political and business leaders, who fear an invasion that would inflict damage on the entire region. Earlier this week, French President Emmanuel Macron shuttled from Moscow to Kyiv in a bid to act as a mediator after Russia massed troops near Ukraine. Now the European Central Bank, led by former French minister Christine Lagarde and which has oversight of Europe’s biggest lenders, is on alert for the threat of cyber attacks on banks launched from Russia, the people said.

https://www.reuters.com/markets/europe/european-us-regulators-tell-banks-prepare-russian-cyberattack-threat-2022-02-09/

FTC says Americans lost $547 million to romance scams in 2021

The US Federal Trade Commission (FTC) said that Americans reported record high losses of $547 million to romance scams in 2021, up almost 80% compared to 2020 and over six times compared to losses reported in 2017. Financial losses stemming from romance scams have skyrocketed during recent years, with a total of $1.3 billion lost over the past five years. This type of fraud (also known as confidence fraud) can lead to devastating emotional scars and significant financial losses. The crooks use fake online identities that help them gain potential victims’ trust on social media platforms or dating sites.

https://www.bleepingcomputer.com/news/security/ftc-says-americans-lost-547-million-to-romance-scams-in-2021/

2021 Trends Show Increased Globalized Threat of Ransomware

Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally. This joint Cybersecurity Advisory—authored by cybersecurity authorities in the United States, Australia, and the United Kingdom—provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

https://www.cisa.gov/uscert/ncas/alerts/aa22-040a

Spain dismantles SIM swapping group who emptied bank accounts

Spanish National Police has arrested eight suspects allegedly part of a crime ring who drained bank accounts in a series of SIM swapping attacks. They presumably spoofed the targets’ bank in phishing messages via email, SMS, or direct messages on social media platforms, according to a press release published Thursday. By means of phishing, the suspects obtained the sensitive personal information needed to impersonate the potential victims and deceive phone store employees into issuing new SIM cards with the same number.

https://www.bleepingcomputer.com/news/security/spain-dismantles-sim-swapping-group-who-emptied-bank-accounts/

FBI warns: SIM-swapping attacks are rocketing, don’t brag about your crypto online

The Federal Bureau of Investigation (FBI) is warning about a big uptick in scams using smartphone SIM swapping to defraud victims. Subscriber Identity Module (SIM) swapping is an old trick, but the FBI has issued a new alert about it because of a massive leap in reported cases in 2021 compared to previous years. Smartphones are critical tools for authenticating to online services, such as banks that use SMS for sign-in codes. It is a serious problem – if crooks can gain control of these services, they can access the victim’s bank, email, social media, and bank accounts. Complaints to the FBI’s Internet Crime Complaint Center (IC3) have skyrocketed in the past year.

https://www.zdnet.com/article/fbi-warns-sim-swapping-attacks-are-rocketing-dont-brag-about-your-crypto-online/

INCIDENTS:

Cyberattack brings down Vodafone Portugal mobile, voice, and TV services

Vodafone Portugal said on Tuesday that a large chunk of its customer data services went offline overnight following “a deliberate and malicious cyberattack intended to cause damage and disruption.” The company’s 4G and 5G mobile networks, along with fixed voice, television, SMS, and voice/digital answering services are still offline following the attack. “We have already recovered mobile voice services and mobile data services are available exclusively on the 3G network in almost the entire country but, unfortunately, the scale and seriousness of the criminal act to which we were subjected implies careful and prolonged work for all other services,” the company said in a statement published on Tuesday.

https://therecord.media/cyberattack-brings-down-vodafone-portugal-mobile-voice-and-tv-services/

Web Skimmer Injected Into Hundreds of Magento-Powered Stores

More than 500 online stores running the Magento 1 eCommerce platform were compromised with a digital skimmer, eCommerce security firm Sansec says. What made the attack stand out was the clever use of a combination of SQL injection and PHP object injection, which ultimately provided the attackers with control of the Magento store. On all infected websites, the payment skimmer was being loaded from the naturalfreshmall(.)com domain. The initial intrusion vector was a known vulnerability in the Quickview plugin, which attackers typically use to inject rogue admin users into vulnerable Magento stores.

https://www.securityweek.com/web-skimmer-injected-hundreds-magento-powered-stores

Crypto Firm Meter Loses $4.4m in Cyber-Heist

Yet another cryptocurrency firm has been hacked to the tune of millions of dollars. Meter provides decentralized finance (DeFi) infrastructure services, linking siloed blockchains for users with so-called “cross-chain bridges.” Over the weekend, it revealed that an unauthorized intruder had managed to exploit a bridge vulnerability to mint a large number of Binance Coins (BNB) and wrapped Ethereum (WETH), while running down its reserves. After halting bridge transactions immediately, the firm investigated the source of the bug. “The extended code had a wrong trust assumption which allowed hacker to call the underlying ERC20 deposit function to fake an BNB or ETH transfer,” it explained on Twitter.

https://www.infosecurity-magazine.com/news/crypto-firm-meter-44m-cyber-heist

MALWARE:

Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares

The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer. The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a BleepingComputer forum post. The liberator, using the handle “Topleak,” described themselves as the developer of the three ransomwares. It’s been lovely, but now it’s time to say bye-bye, Topleak said, in the mangled English-ese that’s typified the ransomware-as-a-service (RaaS) gang’s communications over the past few years. “Neither of our team member will never return to this kind of activity, it was pleasant to work with you. All source code of tools ever made is wiped out.”

FritzFrog botnet returns to attack healthcare, education, government sectors

The FritzFrog botnet has reappeared with a new P2P campaign, showing growth of 10x within only a month. FritzFrog is a peer-to-peer botnet discovered in January 2020. Over a period of eight months, the botnet managed to strike at least 500 government and enterprise SSH servers. The P2P botnet, written in the Golang programming language, is decentralized in nature and will attempt to brute-force servers, cloud instances, and other devices — including routers — that have exposed entry points on the internet. On Thursday, cybersecurity researchers from Akamai Threat Labs said that despite having gone quiet after its previous attack wave, since December, the botnet has reappeared with an exponential growth surge.

https://www.zdnet.com/article/fritzfrog-botnet-strikes-healthcare-education-government-sectors/

Linux malware attacks are on the rise, and businesses aren’t ready for it

Cyber criminals are increasingly targeting Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks and other illicit activity – and many organisations are leaving themselves open to attacks because Linux infrastructure is misconfigured or poorly managed. Analysis from cybersecurity researchers at VMware warns that malware targeting Linux-based systems is increasing in volume and complexity, while there’s also a lack of focus on managing and detecting threats against them. This comes after an increase in the use of enterprises relying on cloud-based services because of the rise of hybrid working, with Linux the most common operating system in these environments.

https://www.zdnet.com/article/linux-malware-attacks-are-on-the-rise-and-businesses-arent-ready-for-it/

VULNERABILITIES:

iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched

Apple today released updates for iOS, iPadOS and macOS. The update fixes a single WebKit vulnerability, CVE-2022-22620. This vulnerability was reported by an anonymous researcher. It has already been exploited in the wild which explains the expedited release of this upgrade. WebKit vulnerabilities are typically exploited by exposing the device to a malicious webpage, but anything rendered using the WebKit engine could potentially be used to expose the vulnerability.

https://isc.sans.edu/diary/rss/28326

https://www.bleepingcomputer.com/news/security/apple-patches-new-zero-day-exploited-to-hack-iphones-ipads-macs/

Microsoft fixes Defender flaw letting hackers bypass antivirus scans

Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender’s malware detection engine. This security flaw [1, 2] affected the latest Windows 10 versions, and threat attackers could abuse it since at least 2014. As BleepingComputer previously reported, the flaw resulted from lax security settings for the “HKLM\Software\Microsoft\Windows Defender\Exclusions” Registry key. This key contains the list of locations (files, folders, extensions, or processes) excluded from Microsoft Defender scanning.

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-defender-flaw-letting-hackers-bypass-antivirus-scans/