Special Bulletin: New Cyberthreats to You and Your Business
Cybercrime is on the rise, and businesses and individuals alike need to be aware of the latest threats. These cyberthreats not only put your private data at risk, but also your business' sensitive financial data, client data, and employee data.
Below we have gathered new threats that you should be aware of. Vector Choice is here to help you and your business mitigate these threats and plan how to move forward.
> BadBazaar Spyware
Trojanized Signal and Telegram apps containing BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by an APT hacking group known as GREF. These apps include, FlyGram and Signal Plus Messenger. This malware previously targeted China but is now targeting users in other countries, including the United States. BadBazaar capabilities include device precise location, stealing call logs and SMS, recording phone calls, taking pictures using the camera, exfiltrating contact lists and stealing files or databases.
> UNC481 Hackers
The hacking group, which has been named UNC4841, is described as "highly
responsive to defensive efforts" and known to adapt its techniques to continue
to maintain persistent access to targets.
The zero-day flaw in the Barracuda ESG appliances allows attackers to execute
arbitrary code on the affected devices. This can then be used to install
malware, steal data, or disrupt operations.
> Hackers Targeting Cisco Adaptive Security Appliance
A hacking campaign is leveraging
brute-force and password-spraying attacks to target Cisco Adaptive Security
Appliance (ASA) SSL VPNs in order to breach networks. The attackers are
exploiting lapses in security defenses, such as not enforcing multi-factor
authentication (MFA).
Organizations that are not using MFA for their Cisco VPNs are at risk of being
breached. MFA adds an extra layer of security by requiring users to provide a
second factor, such as a code from their phone, in addition to their password.
This makes it much more difficult for attackers to gain access to accounts.
The hacking campaign is believed to have been active since at least March 2023,
and it has targeted organizations in a variety of industries, including
healthcare, finance, and government. In some cases, the attackers have been
successful in gaining access to networks and deploying ransomware.
> Intel Class Action Lawsuit
A
class-action lawsuit is being formed against Intel for the "Downfall"
chip bug, which could impact billions of processors and result in up to 39%
less performance in some workloads. The lawsuit alleges that Intel knew about
the bug for years but failed to disclose it to consumers, which has led to
financial losses and other damages.
The "Downfall" chip bug is a
speculative execution attack that can allow attackers to take control of a
computer system. The bug affects Intel processors that were manufactured
between 2011 and 2021, which could mean that billions of devices are
vulnerable.
Intel has released a fix for the bug,
but it comes at a cost. The fix can result in up to 39% less performance in
some workloads, which could be a major inconvenience for businesses and
consumers.
The class-action lawsuit is seeking
damages for the financial losses and other damages that have been caused by the
"Downfall" chip bug. The lawsuit is also seeking to force Intel to
disclose all information about the bug and to take steps to mitigate the risks.
> Malicious NPM Packages
A threat actor is leveraging malicious NPM packages to target developers in the cryptocurrency sector with an aim to steal source code and configuration files from victim machines. The threat actor has been linked to malicious activity dating back to 2021 and has continuously published malicious packages since then.The
packages are designed to execute immediately after installation and capture
system metadata, source code, and secrets from specific directories. The data
is then archived and transmitted to a predefined FTP server.
The threat actor is using package names that suggest the targeting is geared towards the cryptocurrency sector, such as "binarium-client", "binarium-crm", and "rocketrefer".
> Hackers Exploiting Windows Container Isolation Framework (WFIP)
Researchers
have found a new way for hackers to exploit Windows Container Isolation
Framework (WFIP) to bypass endpoint security solutions. The vulnerability
allows attackers to create a malicious container that can escape isolation and
run arbitrary code on the host machine.
The
vulnerability is in the way that WFIP handles file permissions. By creating a malicious
container with a specific set of permissions, attackers can trick WFIP into
allowing the container to escape isolation and run arbitrary code on the host
machine.
This
vulnerability is a serious threat to organizations that use Windows containers.
It allows attackers to bypass endpoint security solutions and gain access to
sensitive data or systems.
> Microsoft Teams Phishing Attack
A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware. Messages are being sent by two compromised external Office 365 accounts targeting other organizations. These accounts trick other teams' users into downloading and opening a ZIP file named "Changes to the vacation schedule." The malicious code is then hidden in the file masquerading as a PDF document. If the Sophos antivirus is not found, the malware continues to download.
DarkGate has been circulating since 2017. It is a potent malware that supports
a wide range of malicious activities, including hVNC for remote access, cryptocurrency
mining, reverse shell, keylogging, clipboard stealing, and information
stealing.
All the threats above can happen due to various business vulnerabilities that have not been taken care of, or that you might not be aware of. There are many steps you can take to protect your business and sensitive information above. First steps include scheduling a Pen Test and or Vulnerability Assessment to find exposures. From there, a certified and qualified IT team can come up with a plan to access and mitigate those vulnerabilities including:
- Updating and replacing old technology
- Enabling Multi-Factor Authentication on all programs and applications containing sensitive information
- Detecting and Blocking Malicious Threats
- Running ongoing vulnerability assessments
- Having a Backup and Disaster Recovery (BDR)
VECTOR CHOICE ADVANTAGE
Vector Choice is here to help mitigate the threat of cyberattacks. We are here to pinpoint your vulnerabilities, create the right action plan, and safeguard data assets. We can perform and implement all the necessary actions listed above, and more, to keep your businesses sensitive information safe.One step you can take now is to replace outdated technology. Outdated technology increases security risks, fails to be compliant with mandated regulations, reduces productivity and increases costs. Businesses are four more times likely to experience a data breach if they use outdated technology. Read more here.
Microsoft 2012 server is reaching end of life soon. It will end support on October 10, 2023. This will then expose your business to more and more cyberthreats, making your business an easy target. To learn more about updating outdated technology and the Microsoft 2012 server end of life, follow the link here.
If you
are interested in accessing and finding your businesses vulnerabilities,
schedule a Free Pen Test now!
If you
are interested in Backup and Disaster Recovery (BDR), read more here.
If you
would like to talk to someone about Vector Choice and what we can do to
mitigate cyberattacks, please schedule a Free 10-Minute Discovery Call.
