In today’s episode, Criminals Exploit Binance Smart Chain, PEAPOD Cyber Campaign Targets Women, Lumma Stealer Spreads via Discord, NoEscape Threatens Healthcare, West Bengal Fixes Aadhaar Bug, Lingering Squid Proxy Vulnerabilities.
Recent happenings: R_70 Hacktivist Targets JFK Amid Israel-Hamas Conflict; Israeli Smart Billboards Hacked for Pro-Hamas Display; Alphv Ransomware Hits Morrison Hospital; CDW Investigates LockBit Ransomware Claims.
Latest updates: European Commission Calls for Action on Disinformation Post-Hamas Attacks; Microsoft Shifts from NTLM in Windows 11; Tech Firms Tackle Security Amid Israel Conflict; Google Boosts Online Privacy; UK Regulator Fines Equifax £11m for 2017 Data Breach.
🚨 Cyber Alerts
1. Malicious Scripts Concealed in Blockchain
Cybercriminals are using a novel code distribution technique known as ‘EtherHiding’ to conceal malicious scripts within Binance Smart Chain contracts. This technique exploits the decentralized and anonymous nature of blockchain to hide malicious code. The hackers inject these scripts into hacked websites, leading unsuspecting users to download fake browser updates, making the campaign even more challenging to detect and take down.
2. PEAPOD Cyberattack Targets EU Leaders
European Union military personnel and female political leaders focusing on gender equality initiatives were targeted using a revised version of the RomCom RAT, known as PEAPOD. The attacks have been attributed to a threat actor named Void Rabisu, also known as Storm-0978, Tropical Scorpius, and UNC2596, with alleged connections to the Cuba ransomware.
3. Lumma Stealer Infects Discord Users
Lumma Stealer, a user credential-stealing malware, is now being delivered through Discord, a popular chat platform among gamers and content creators. Threat actors exploit Discord’s content delivery network and application programming interface to host and control the malware. Lumma Stealer is available as a service in underground forums, with different subscription plans offering varying features, including log analysis tools and access to its source code.
4. NoEscape Ransomware Targets Healthcare
In a recent warning, federal authorities highlight the emergence of the NoEscape ransomware-as-a-service group, which is believed to be a successor to the Avaddon gang. NoEscape, a formidable adversary, has been targeting various industries, with a focus on professional services, manufacturing, information services, and even healthcare organizations. This group employs aggressive multi-extortion attacks, with demands ranging from hundreds of thousands to over $10 million, posing a significant threat to the healthcare and public health sectors.
5. Indian Government Portal Security Issue
A security researcher identified and reported a critical bug on the West Bengal government’s e-District web portal that inadvertently exposed residents’ Aadhaar numbers, identity documents, and fingerprints. This vulnerability allowed unauthorized access to land deeds, including personal information and biometric data. The bug was promptly fixed after the researcher’s disclosure to local authorities, preventing potential identity fraud and misuse of the exposed data.
6. Unpatched Squid Proxy Vulnerabilities
Dozens of vulnerabilities in the Squid caching and forwarding web proxy have remained unpatched for two years after a researcher, Joshua Rogers, discovered and reported them. These vulnerabilities were identified through various techniques such as fuzzing, manual code review, and static analysis, and they have the potential to cause system crashes and even allow arbitrary code execution.
💥 Cyber Incidents
7. R_70 Hacktivist Group Targets JFK Airport
Amid escalating tensions between Israel and Hamas, the hacktivist group R_70 has claimed a cyberattack on JFK Airport, one of the United States’ busiest international gateways. The alleged attack has raised security concerns and sparked questions about its potential connection to the ongoing Middle East conflict. While the status of this cyberattack remains unconfirmed, the timing is significant, coinciding with the Israel-Hamas war, a deeply rooted dispute in the Middle East.
8. Pro-Hamas Hack of Israel Billboards
Amid the Israel-Hamas conflict, two smart billboards near Tel Aviv were briefly compromised, showing anti-Israel, pro-Hamas footage. The breach allowed hackers to switch the commercials, featuring the Israeli flag under fire and images from Gaza. Cybersecurity experts have identified this as part of a broader surge in cyber threats in the region, although the smart billboard incident captured attention due to its unusual and provocative nature.
9. Morrison Hospital Hit by Ransomware
The Alphv ransomware group has targeted the Morrison Community Hospital, claiming to have stolen 5TB of patient and employee data. The group added the hospital to its dark web leak site and threatened to initiate patient calls if hospital representatives do not respond clearly. Ransomware attacks on healthcare organizations have been on the rise, with 29 US health systems, including 90 hospitals, impacted this year, and many experiencing data theft.
10. CDW Addresses Data Breach
CDW, the multibillion-dollar technology services firm, is conducting an investigation following claims made by the LockBit ransomware gang that data was stolen during a cyberattack. The company is addressing an isolated IT security matter associated with data on servers dedicated to the internal support of its subsidiary, Sirius Federal. CDW has isolated these servers from its main network and is working closely with cybersecurity experts and government authorities to investigate the breach.
📢 Cyber News
11. EU Commission’s Action Against X
The European Commission has issued a formal request for information to X following the spread of disinformation related to the recent violence in Israel. Under the Digital Services Act (DSA), which recently took effect, large platforms like X are held accountable for disseminating disinformation, illegal content, and hate speech. The European Commissioner, Thierry Breton, has urged X’s owner, Elon Musk, to promptly remove illegal content, collaborate with law enforcement authorities and Europol, and ensure a swift and comprehensive response within 24 hours.
12. Microsoft to Phase Out NTLM Authentication
Microsoft has announced its intention to discontinue the use of the New Technology LAN Manager authentication protocol in Windows 11. NTLM has been widely used for remote user authentication and session security, but it has been plagued by vulnerabilities that threat actors have exploited over the years. Microsoft has encouraged Windows admins to disable NTLM or implement security measures to mitigate its risks, and now they are introducing new Kerberos features while expanding NTLM management controls in Windows 11 to enhance security and reduce NTLM usage, ultimately leading to its deactivation.
13. Challenges for Israel’s Tech Sector
Amid the recent conflict between Israel and Hamas, the nation’s robust cybersecurity sector faces unique challenges. Israeli tech and cybersecurity companies have been founded by specialists with military backgrounds, many from Unit 8200. While sirens warning of incoming missiles frequently disrupt daily life, tech firms like Check Point are well-prepared to operate during these disruptions. However, the conflict has impacted Israel’s cybersecurity startup market, with a significant decrease in funding and an increase in cyberattacks targeting the country’s websites.
14. Google Enhances Online Privacy
Google has introduced a range of privacy and security features. Users can now easily delete the last 15 minutes of browsing data in Chrome, access the dark web report through the Google app, and set Google Password Manager for iOS auto-fill. These updates complement recent cybersecurity measures such as default passkeys and security chip integration in Pixel phones, as well as collaborations with organizations like the U.S. Cyber and Infrastructure and Security Agency to promote online safety practices nationwide, including multifactor authentication and scam awareness.
15. Equifax Fined £11m for 2017 Data Breach
The Financial Conduct Authority has imposed a substantial fine of over £11 million ($13.4 million) on Equifax Ltd. for its negligence in safeguarding UK consumer data during the 2017 data breach. The FCA found that Equifax’s UK business failed to take necessary measures to protect the personal information of 13.8 million UK consumers, which was held by its US-based parent company.
Copyright © 2023 CyberMaterial. All Rights Reserved.