Cybersecurity Digest #52: 13/06/2022 – 24/06/2022

Cybersecurity news

• The extortionate software ech0raix has started attacking vulnerable NAS QNAP network drives again. In order to protect devices from attacks, users are advised to use strong passwords for administrator accounts, enable IP access protection and avoid using default ports 443 and 8080.
• The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy.
• A researcher has created a website that uses your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online. It is then possible to track a device across sites using the same fingerprinting method.
• Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. According to a Cisco security advisory, the flaw exists due to insufficient user input validation of incoming HTTP packets on the impacted devices.
• Cybersecurity researchers have discovered a new Android banking malware named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain.
• The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack.

Cybersecurity Blog Posts

• John Buzzard has released a post on the topic of identity fraud as a new corporate battleground. The author emphasizes the need to develop a long-term multi-level approach to continuous authentication.
• Miri Adjiashvili, Cybersecurity Expert at Cymulate drew attention to the importance of a flexible approach to penetration testing. Only an automated and continuous model can protect ever-changing networks and applications, helping companies stay safe, meet requirements and remain profitable.
• Dancho Danchev showed how infected botnet hosts can be used not only as a springboard, but also for sending phishing emails and hosting domains used in fraudulent activities themselves, thereby shifting responsibility for fraud to infected parties.

Research and analytics

• Supply Chain Security Gaps: A 2022 Global Research Report received responses from more than 1,300 IT professionals with supply chain insight, 25 percent of whom note that their organization experienced a supply chain attack in the last 12 months. Survey respondents cited these main supply chain risks as being their key concerns, first of all Ransomware (73%), Poor information security practices by suppliers (66%) and Software security vulnerabilities (65%).
• According to the data compiled by the Atlas VPN team, Apple pays five times more for exposing a vulnerability than Samsung. Exploits that allow hackers to perform network attacks without user interaction are usually worth the most in bug bounty.
• Digital infrastructure outages have gotten more and more expensive over the course of the past several years, according to a report from the Uptime Institute. Meanwhile, the total number of major outages has remained the same. The proportion of individual outages resulting in losses of over $100,000 is increasing, according to the report, up to 47% of all outages in 2021 from 40% in the previous year.
• Proofpoint unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk – vulnerability, attacks, and privilege – and how threat actors continue their ceaseless creativity as they exploit the many opportunities presented by people.
• Finding experienced candidates for cybersecurity positions remains a top challenge for many organizations. (ISC)² research reveals how cybersecurity hiring managers recruit and support the career development of entry- and junior-level practitioners.
• Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.

Major Cyber Incidents

• TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack.
• Fast Shop, one of Brazil’s largest retailers, has suffered an ‘extortion’ cyberattack that led to network disruption and the temporary closure of its online store. The cyberattack impacting the Fast Shop main website, mobile apps, and online ordering system, as the retailer took systems offline as part of its incident response protocol.
• Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, has been hit by a ransomware attack causing the company to take the network offline. The company reacted as soon as it detected the unauthorized access on its network and moved operations into manual mode.
• Services for the U.K. based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online.
• Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data. Documents filed with the Attorney General of Maine said 1,547,169 people were affected by the breach.
• Shoprite Holdings, Africa’s largest supermarket chain has been hit by a ransomware attack. The company disclosed that they suffered a security incident, warning customers in Eswatini, Namibia, and Zambia, that their personal information might have been compromised due to a cyberattack.
• Kaiser Permanente has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. An attacker accessed an employee’s email account containing patients’ protected health information (PHI).