News

Cyber Bakery Chronicles

Your Weekly Cybersecurity Update (13 September 2024).

Gurvinder Pal Singh, The CyberChef Edwin Kwan

Gurvinder Pal Singh, The CyberChef, Edwin Kwan

4 min read
Cyber Bakery Chronicles

Your Weekly Cybersecurity Update ( 13 September 2024)

  • Hackers use cloud services to target financial and insurance firms
  • Australia is considering imposing fines on social media giants to hold them accountable for spreading misinformation.
  • Chinese hackers use new data theft malware in govt attacks
  • German intelligence says Russian GRU group behind NATO, EU cyberattacks
  • North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams
  • Transport for London staff faces systems disruptions after cyberattack

Hackers use cloud services to target financial and insurance firms

Hackers are targeting the insurance and financial industries using cloud service attacks. The group known as "Scattered Spider" is seeking to access corporate cloud instances to steal data for ransom. Their main targets are companies in the financial and insurance sectors. The hackers have shifted from their usual tactics, using methods such as phishing and searching for cloud access tokens. They target various cloud services, and once they gain access, they can sell credentials or access and hold corporate data for ransom.

To prevent these attacks, administrators should enable multi-factor authentication, educate employees on identifying and reporting phishing attempts, and ensure that the code does not include private access tokens.

Australia is considering imposing fines on social media giants to hold them accountable for spreading misinformation

Australia plans to fine internet platforms up to five percent of their global revenue for failing to prevent the spread of misinformation online. The government wants tech platforms to establish codes of conduct to govern how they prevent the spread of harmful falsehoods. This move is part of a broad regulatory crackdown in Australia, driven by concerns that foreign tech platforms are undermining the country's sovereignty.

The bill aims to target false content that can harm election integrity or public health, incite against a group or individual, or pose a risk to critical infrastructure or emergency services. The revised bill specifies that the media regulator will not have the power to force the takedown of individual pieces of content or user accounts and protects professional news, artistic, and religious content but does not protect government-authorized content.

The Australia Communications and Media Authority welcomed "legislation to provide it with a formal regulatory role to combat misinformation and disinformation on digital platforms."

Chinese hackers use new data theft malware in govt attacks

The recent cyber attacks have been linked to the China-based cyber espionage group Mustang Panda. This group has adopted new strategies and malware, including FDMTP and PTSOCKET, to carry out its activities. Additionally, researchers have found that the hackers are utilising a variant of the HIUPAN worm to deliver the PUBLOAD malware stager using removable drives on the network.

Mustang Panda, a sophisticated group also operating under the aliases HoneyMyte, Broze President, Earth Preta, Polaris, and Stately Taurus, is known for its advanced cyber espionage activities targeting governmental and non-governmental entities. Their focus is particularly on the Asia-Pacific region, but organizations in other areas are also vulnerable to their attacks.

According to Trend Micro researchers, Mustang Panda, tracked as Earth Preta, has significantly advanced its malware deployment and strategies, especially in campaigns aimed at government entities in the APAC region, including the military, police, foreign affairs agencies, welfare, the executive branch, and education. The group's continued high activity in the area and adoption of new tactics suggest a shift towards highly targeted and time-sensitive operations.

German intelligence says Russian GRU group behind NATO, EU cyberattacks

The Bundesverfassungsschutz issued a warning about a group known as UNC2589 in collaboration with international partners, including the FBI and CISA. This warning comes amid heightened anxiety in Europe over suspected Russian hackers and spies following Moscow's invasion of Ukraine. Earlier this year, Germany accused Russia of cyberattacks on its governing Social Democrats and various companies.

The group, also known as Cadet Blizzard or Ember Bear, is involved in espionage and sabotage activities, including defacing websites and publishing stolen data. The GRU unit to which it belongs is suspected of involvement in the poisoning of former Russian double agent Sergei Skripal and his daughter Yulia in Britain in 2018.

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Threat actors linked to North Korea have been using LinkedIn for a fake job recruiting operation, using coding tests to infect targets with malware. They also use social engineering tactics and software supply chain attacks to compromise Web3 organizations.

The U.S. FBI has warned about their highly tailored social engineering campaigns targeting the cryptocurrency industry to generate illicit income for North Korea. These campaigns involve impersonating known individuals or firms to carry out crypto heists.

Transport for London staff faces systems disruptions after cyberattack

Transport for London, the city's public transportation agency, shared today that their staff has limited access to systems and email due to a cyberattack on Sunday. They are working diligently with government agencies to respond and contain the impact of the attack.

Due to this situation, some services have been affected. For instance, they are currently unable to issue refunds for journeys made using contactless cards, and Oyster customers will have to self-serve online. Additionally, some live travel data, such as train arrival information, is unavailable on certain platforms.

Transport for London sincerely apologises for any inconvenience caused and is working tirelessly to restore these services as quickly as possible. Despite these challenges, they want to assure the public that London's transport network is operating "as usual," and that the cyberattack has not impacted public transport services.

The security of their systems and customer data is of utmost importance to them, and they are taking all necessary measures to mitigate any impact. They deeply appreciate your understanding and patience during this period.

Transport for London serves over 8.4 million city residents and understands the importance of their services to the community. They are committed to resolving this situation and ensuring the continued smooth operation of London's transportation network.

The U.K.'s National Crime Agency has arrested a 17-year-old teenager in connection to a cyberattack on Transport for London. The teenager was detained on suspicion of Computer Misuse Act offences relating to the attack and was later released on bail after questioning. The NCA is leading the investigation and working closely with the National Cyber Security Centre and TfL to manage the incident. It's worth noting that the NCA had previously arrested a 17-year-old male in July 2024 for a possible link to the MGM Resorts ransomware attack, which was attributed to the Scattered Spider hacking collective, acting as an affiliate for the BlackCat ransomware gang.

Read more