Cybersecurity Digest #58: 05/09/2022 – 16/09/2022

Cybersecurity news

  • Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information and in some cases, passwords, to Google and Microsoft respectively. While this may be a known and intended feature of these web browsers, it does raise concerns about what happens to the data after transmission and how safe the practice might be, particularly when it comes to password fields.
  • Romanian cybersecurity firm Bitdefender has released a free decryptor to help LockerGoga ransomware victims recover their files without paying a ransom. The free tool is available for download from Bitdefender’s servers and allow to recover encrypted files using instructions in usage guide.
  • The NSA has published requirements for quantum-resistant (QR) algorithms to be implemented by suppliers and operators of national security systems to process classified or important information for military and intelligence operations.
  • An international law enforcement operation has resulted in the dismantling of WT1SHOP, an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The website peddled over 5.85 million records of personally identifying information, including approximately 25,000 scanned driver’s licenses/passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, 21,800 credit cards.
  • PQShield published a white paper that lays out the quantum threat to secure end-to-end messaging and explains how post-quantum cryptography (PQC) can be added to the Signal secure messaging protocol to protect it from quantum attacks.
  • A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. The findings add to a growing list of Linux malware that has been found in the wild in recent months, including BPFDoor, Symbiote, Syslogk, OrBit, and Lightning Framework.
  • QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. Meantime the Taiwanese vendor has addressed the vulnerability.
  • A reverse-proxy Phishing-as-a-Service platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication on Apple, Google, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. The service enables low-skill threat actors who don’t know how to set up reverse proxies to steal online accounts that are otherwise well-protected.

Cybersecurity Blog Posts

 

Research and analytics

  • According to Sophos the State of Ransomware in Retail 2022 report, retail reported a 75% increase in the rate of ransomware attacks over the last year: 77% of organizations were hit in 2021, up from 44% in 2020. The increased attack rate is part of a cross-sector, global trend. The retail sector reported the second-highest rate of ransomware attacks across all sectors.
  • Security firm Cybereason has published a report on the evolution of the PlugX malware family over the past decade. First spotted in 2012, the malware was initially used by Chinese APT groups before spreading to a broader audience across the years. Currently, the malware can function as a loader and remote access trojan.
  • Mandiant has published a report on cyber-espionage group APT42 operates on behalf of the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). The full published report covers APT42’s recent and historical activity dating back to at least 2015, the group’s tactics, techniques, and procedures, targeting patterns and elucidates historical connections to APT35.
  • The Paysafe research revealed that 62% of people are so concerned about fraud they feel it is simply an inevitable risk of online shopping, a major jump from the 45% who said the same in 2021. These fears have caused 58% to not feel comfortable entering their financial data online to pay for goods and services, another jump over the 44% who felt this way in 2021.
  • SentinelOne researchers said that several ransomware gangs had adopted intermittent encryption, or partial encryption of victims’ files, as a technical way to speed up encryption operations and possibly evade detection by security tools. Among those who have are Qyick, Agenda, BlackCak/ALPHV, Black Basta, and PLAY.
  • Kroll, the leading independent provider of global risk and financial advisory solutions, today announced its report Cyber Risk and CFOs: Over-Confidence is Costly which found chief financial officers (CFOs) to be woefully in the dark regarding cyber security, despite confidence in their company’s ability to respond to an incident.
  • Barracuda released its fourth-annual threat research report on ransomware. The new report looks at ransomware attack patterns that occurred between August 2021 and July 2022. The volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month.
  • Certfa researchers have published a review of Charming Kitten APT operations, focusing on the group’s social engineering tactics, and especially on their recent modus operandi that revolves around impersonating experts in Middle East topics to set up audio or video calls with their targets, hoping to lure them on malicious sites or malware downloads.

Major Cyber Incidents