Cybersecurity Digest #68: 07/02/2023 – 21/02/2023

Cybersecurity news

• Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea.
• A new Mirai botnet variant tracked as ‘V3G4’ targets 13 vulnerabilities in Linux-based servers and IoT devices to use in DDoS (distributed denial of service) attacks. The malware spreads by brute-forcing weak or default telnet/SSH credentials and exploiting hardcoded flaws to perform remote code execution on the target devices. Once a device is breached, the malware infects the device and recruits it into its botnet swarm.
• A new stealthy malware named ‘Beep’ was discovered, featuring many features to evade analysis and detection by security software. Although Beep is still in development and missing several key features, it currently allows threat actors to download and execute further payloads on compromised devices remotely.
• A recently identified financially motivated threat actor is targeting companies in the United States and Germany with custom malware, including a screenlogger it uses for reconnaissance.
• New ESXiArgs ransomware attacks are now encrypting more extensive amounts of data, making it much harder, if not impossible, to recover encrypted VMware ESXi virtual machines.
• Experts from the US Department of Homeland Security Cybersecurity and Infrastructure Protection Agency (DHS CISA) have prepared a script to restore VMware ESXi servers that were encrypted as a result of recent massive ESXiArgs ransomware attacks.

Cybersecurity Blog Posts

• The highest risk according to the results of the cyber risk index in 2022 was that the organization’s IT security goals were not aligned with business goals. The author of the article John Clay explained what a continuous assessment of cybersecurity risks is and how to build this process.
• Pingidentity experts in their article told why SSO is an ideal solution for microservices. Using SSO in microservices applications mitigates many complexities associated with the traditional authentication logic implemented in monolithic applications. With SSO, a user can provide one credential to access a suite of available services, while external parties can use APIs to access specific parts of your application.
• In organizations using cloud technologies, success can be achieved through the implementation of a structured operating model, the use of abstract tools and automation. Paloalto expert Matthew Lamb told more about these methods and processes.
• The CSO researchers demonstrated how attackers can attack a programmable logic controller to bypass authentication and perform remote code execution in industrial networks.

Research and analytics

• To help security leaders explore important 2023 security trends and customize the associated priorities for their organizations, global IT research and advisory firm Info-Tech Research Group has published its annual industry resource, the Security Priorities 2023 report.
• Cisco Talos announced Year in Review 2022 report. The ransomware space is dynamic, continually adapting to changes in the geopolitical environment, actions by defenders, and efforts by law enforcement, which increased in scope and intensity in 2022. This leads groups to rebrand under different names, shut down operations, and form new strategic partnerships. Cisco Talos observed several related trends across 2022.
• Check Point Research reports that infostealer Vidar made its return to the top ten list in January, reaching seventh place, while major campaign dubbed Earth Bogle delivered njRAT malware to targets across the Middle East and North Africa.
• According to Check Point 2023 Security Report, cyberattacks reach an all-time high in response to geo-political conflict, and the rise of ‘disruption and destruction’ malware. Cyberattacks have risen by 38% in 2022 compared to the previous year, with an average of 1,168 weekly attacks per organization being recorded.
• Corero Network Security outlines some key DDoS trends to watch out for in 2023. The number of attacks that are sleeping around the globe is on the rise, and the trend is very likely to continue throughout 2023. To begin, Corero predicts that packet-per-second DDoS attacks will continue to rise, surpassing the record-breaking sizes that Threat Intelligence Team has tracked throughout this year.
• The researchers have analyzed 2037 online stores of various sizes and running of various e-commerce platforms and found that 250 of them (12%) stored archive files in the public web folder, accessible to all. Administrators are exposing database passwords, secret API keys, administrator URLs and customer data to attackers who know where to look.
• BlackBerry Limited released new research revealing that half (51%) of IT professionals predict that we are less than a year away from a successful cyberattack being credited to ChatGPT, and 71% believe that foreign states may already be using the technology for malicious purposes against other nations.
• Cyberattacks on industrial control systems (ICS) jumped in 2022, with an 87% jump in ransomware attacks on industrial organizations and a 35% increase in the number of ransomware groups targeting industrial control and operational technology (OT) systems, according to a report Dragos ICS/OT Cybersecurity Year in Review.

Major Cyber Incidents

• Scandinavian Airlines has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data. The cyberattack caused some form of a malfunction on the airline’s online system, causing passenger data to become visible to other passengers. This data includes contact details, previous and upcoming flights, as well the last four digits of the credit card number.
• Oakland has declared a local state of emergency because of the impact of a ransomware attack that forced the City to take all its IT systems offline. Interim City Administrator G. Harold Duffey declared a state of emergency to allow the City of Oakland, California, to expedite orders, materials and equipment procurement, and activate emergency workers when needed.
• Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems.
• A new ransomware group going by the name ‘DarkBit’ has hit Technion – Israel Institute of Technology, one of Israel’s leading research universities. The ransom note posted by DarkBit is littered with messaging protesting tech layoffs and promoting anti-Israel rhetoric, as well as the group demanding a $1.7 million payment.
• Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.
• Indigo Books & Music, the largest bookstore chain in Canada, has been struck by a cyberattack, causing the company to make the website unavailable to customers and to only accept cash payments.