31 Mar Newsletter For Third Week of March 2023
The Week In Ransomware – March 10th 2023 – Police Take Action
This week’s biggest news was the coordinated, international law enforcement operation between Europol, the FBI, the Netherlands, Germany, and Ukraine that targeted the DoppelPaymer operation. As part of this operation, the police arrested two core members of the DoppelPaymer gang and raided multiple locations where they seized electronics. DoppelPaymer is believed to be one of the ransomware brands operated by the Evil Corp cybercrime operation, also known for managing and distributing the Dridex malware botnet.
AT&T Alerts 9 Million Customers Of Data Breach After Vendor Hack
AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January. “Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told BleepingComputer. The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information.
New Critical Flaw In FortiOS And FortiProxy Could Give Hackers Remote Access
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams.
Darktrace Warns Of Rise In AI-Enhanced Scams Since ChatGPT |Release
The cybersecurity firm Darktrace has warned that since the release of ChatGPT it has seen an increase in criminals using artificial intelligence to create more sophisticated scams to con employees and hack into businesses.“Darktrace has found that while the number of email attacks across its own customer base remained steady since ChatGPT’s release, those that rely on tricking victims into clicking malicious links have declined while linguistic complexity, including text volume, punctuation and sentence length among others, have increased,” the company said.
Hackers Compromised Two Large Data Centers in Asia and Leaked Major Tech Giants’ Login Credentials
According to Resecurity, Hackers breached two of the largest data center operators in Asia and leaked login credentials of high-profile companies, including tech firms Amazon, Apple, Huawei, Microsoft, and Samsung. Other high-profile businesses impacted by the cyber attacks include Alibaba Group Holdings Limited, Goldman Sachs Group, BMW AG, Walmart, and a Chinese foreign exchange platform.
IceFire Ransomware Now Encrypts Both Linux And Windows Systems
Threat actors linked to the IceFire ransomware operation now actively target Linux systems worldwide with a new dedicated encryptor. SentinelLabs security researchers found that the gang has breached the networks of several media and entertainment organizations around the world in recent weeks, starting mid-February, according to a report shared in advance with BleepingComputer. Once inside their networks, the attackers deploy their new malware variant to encrypt the victims’ Linux systems.
New HiatusRAT Malware Targets Business-Grade Routers To Covertly Spy On Victims
A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packet capture on the target device.
Emotet Malware Attacks Return After Three-month Break
The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. Emotet is a notorious malware distributed through email containing malicious Microsoft Word and Excel document attachments. When users open these documents and macros are enabled, the Emotet DLL will be downloaded and loaded into memory.
New Malware Variant Has “radio silence” Mode To Evade Detection
The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the ‘Soul’ malware framework. The particular malware was previously seen in espionage campaigns targeting critical Southeast Asian organizations, attributed to various Chinese APTs. Check Point identified a new campaign using the malware that started in late 2022 and continues through 2023, employing spear-phishing attacks for initial compromise.
Bitwarden Flaw Can Let Hackers Steal Passwords Using iframes
Bitwarden’s credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people’s credentials and send them to an attacker. The issue was reported by analysts at Flashpoint, who said Bitwarden first learned of the problem in 2018 but chose to allow it to accommodate legitimate sites that use iframes.
The TechLab Cyber Security Team responsible for monitoring, identifying, detecting, protecting, isolating, responding and recovering based on current threats provides 24x7x365 services, TechLab Security specializes in various security products, projects, network devices, end-user devices, and system.
The TechLab Cyber Security Team Major Responsibilities Are:
• Monitor, Analyze, Correlate & Escalate Intrusion Events,
• Develop Appropriate Responses; Protect, Detect, Respond,
• Conduct Incident Management and Forensic Investigation,
• Maintain Security Community Relationships,
• Various Cyber Security Consulting Services such as Penetration Testing, Vulnerability Assessment, PCI-DSS Compliance and ISO27001 implementation and Audit compliances,
• Assist in Crisis Operations.