Cybersecurity Digest #45: 7/03/2022 – 18/03/2022

Cybersecurity news

• A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows. When signing into websites, it is common to see the option to sign with Google, Microsoft, Apple, Twitter, or even Steam.
• A new Linux vulnerability known as ‘Dirty Pipe’ allows local users to gain root privileges through publicly available exploits. The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root.
• HP has disclosed 16 high-impact UEFI firmware vulnerabilities that could allow threat actors to infect devices with malware that gain high privileges and remain undetectable by installed security software. These vulnerabilities affect multiple HP models, including laptops, desktop computers, PoS systems, and edge computing nodes.
• A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric. The flaws affect APC Smart-UPS systems that are popular in a variety of activity sectors, including governmental, healthcare, industrial, IT, and retail.
• The Federal Bureau of Investigation (FBI) warns of AvosLocker ransomware being used in attacks targeting multiple US critical infrastructure sectors. This was disclosed in a joint cybersecurity advisory published this week in coordination with the US Treasury Department and the Financial Crimes Enforcement Network (FinCEN).
• Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions.
• CISA and the FBI said they’re aware of “possible threats” to satellite communication (SATCOM) networks in the US and worldwide. Security advisory also warned US critical infrastructure organizations of risks to SATCOM providers’ customers following network breaches.

Cybersecurity Blog Posts

• Paul Dunphy, principal Reasecher of the OneSpan told about how future digital identity infrastructures increase convenience while not compromising on security.
• Gil Vega, CISO of Veeam told about building trust in a zero-trust environment. As companies work to build a corporate culture of cybersecurity, they’ve begun investing in zero-trust architectures to proactively cover all attack surfaces.
• Mary K. Pratt, contributing writer of CSO told about 8 keys to more effective vulnerability management.
• Graham Cluley told about Ragnar Locker. It is a family of ransomware, which first came to prominence in early 2020 when it became notorious for hitting large organisations, attempting to extort large amounts of cryptocurrency from its victims.

Research and analytics

• Edgescan published a Vulnerability Statistics Report. As a result, time to Remediate (i.e. patch or reconfigure) a device/host layer critical risk is 61.4 days. The quickest remediation on a vulnerability that was found was 0.5 days.
• Password attacks are on the rise because passwords themselves are very vulnerable to attack. This year’s Weak Password Report takes a look at both the human side and the tech side of why passwords are the weakest link in an organization’s network. As it turned out, 93% of the passwords used in brute force attacks include 8 or more characters.
• DataGrail has published the results of its Data Privacy Trends: A CCPA Report, which examines consumer data privacy trends. In the report, the company compared the cost, volume and issues related to data privacy. As a result of the study, the number of Data Subject Requests (DSRs) nearly doubled year over year, the cost of processing Data Subject Requests more than doubled and on average, 26-50 employees are involved in the manual processing of DSRs.
• The newly issued, in-depth Cylera Labs Kwampirs Shamoon Technical Report explains extensively, with artifacts, the different phases of the investigation, analysis and findings related to the evolution of Kwampirs and its connections with Shamoon 1 and 2 – where Kwampirs starts its activity between both Shamoon versions.
• Immersive Labs conducted a study of human cyber capabilities. The report analyzes cyber knowledge, skills and judgments gained from more than half a million exercises and simulations conducted by more than 2,100 organizations over the past 18 months. They were broken down into parts to understand the cyber capabilities of the employees of the information security, application security and crisis response teams.
• According to Technavio, the perimeter intrusion detection systems market share is expected to increase by USD 5.78 billion from 2021 to 2026, and the market’s growth momentum will accelerate at a CAGR of 9.2%.
• F-Secure published a Financial Services Threat Landscape Report. The risk of legacy software and applications was a strong theme for financial services organizations F-Secure interviewed, which were unable to move away from this infrastructure due to key operational dependencies. The financial services sector is relatively heavily regulated for cybersecurity standards and assurance practice, but it still faces considerable challenges with asset identification, as well as vulnerability management of often large, complex sprawling environments.

Major Cyber Incidents

• Samsung Electronics Co. suffered a cybersecurity breach that exposed internal company data, including source code for the operation of its Galaxy smartphones.
• TransUnion South Africa has disclosed that hackers breached one of their servers using stolen credentials and demanded a ransom payment not to release stolen data. According to the company’s statement, an unauthorized person obtained access to a server based in South Africa using stolen credentials.
• A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer.
• Video games developer and distributor Ubisoft has confirmed that it was hacked earlier this month, with the Lapsus$ group believed to be responsible. The French-headquartered gaming company, known for leading titles including Assassin’s Creed, Far Cry, and Rainbow Six Siege, has around 117 million active users.
• A “massive” cyber-attack knocked several Israeli government websites offline. The incident was confirmed online by the Israel National Cyber Directorate, which said that a DDoS attack denied access to services “for a short time”.
• Automotive parts manufacturer DENSO has confirmed that it suffered a cyberattack after a new Pandora ransomware operation began leaking data allegedly stolen during the attack.