White House attributes Ukraine DDoS incidents to Russia’s GRU
Following up on a story we brought you last week, Anne Neuberger, deputy national security adviser for cyber and emerging technology, has stated that Russia was behind recent DDoS disruptions of Ukrainian government and banking websites last week. “Neuberger said the U.S. has technical information that shows digital infrastructure belonging Russia’s main intelligence directorate, the GRU, ‘transmitting high volumes of communication to Ukraine-based IP addresses and domains.’” She describes the DDoS incidents as having “limited impact,” given that “Ukrainian cyberdefenders rapidly brought back the state-owned banks and the Ministry of Defense networks.” She confirmed also that the U.S. “has provided support to Ukraine as part of the incident response.”
Master key for Hive ransomware retrieved using a flaw in its encryption algorithm
Researchers from South Korea’s Kookmin University are describing what they call “the first successful attempt at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content.” They are doing this by using a cryptographic vulnerability identified through analysis. Hive uses a number of initial compromise methods, including “vulnerable RDP servers, compromised VPN credentials, as well as phishing emails with malicious attachments, and uses double extortion.” It currently holds the eighth spot among the top 10 ransomware strains by revenue in 2021.
New phishing campaign targets Monzo online-banking customers
Monzo is a fully online banking platform based in the UK. It has more than four million customers and is seen as among the first to challenge the traditional financial system. In a new report, security researcher William Thomas explains that the phishing process begins with the “arrival of a faked SMS text showing Monzo as the sender’s name, asking the recipient to tap the provided link to reactivate their session or verify their account.” Victims are directed to a phishing site that displays an email login form and then requests information about their Monzo account, including full name, phone number, and the Monzo PIN. Monzo states that it never uses SMS to communicate with customers.
Threat actors stole at least $1.7M worth of NFTs from tens of OpenSea users
OpenSea, the world’s largest NFT exchange, has confirmed that dozens of its users have been hit by a phishing attack and have consequently lost NFTs worth $1.7 million. Analysis of the attacker’s wallet, done through blockchain analysis, revealed it contained $1.7 million of ETH (Ethereum) which had been obtained by selling some of the stolen NFTs. OpenSea Co-Founder and CEO, Devin Finzer pointed out that the company doesn’t believe the hack is connected to the OpenSea website.
Thanks to our episode sponsor, Tines
Conti takes over TrickBot and plans to replace it with BazarBackdoor
TrickBot, the popular Windows banking Trojan that has been operating since 2016, is being replaced. This, despite continuous improvements to the product such as the addition of new features like powerful password-stealing capabilities, and its pairing with Ryuk ransomware. Its growing popularity made it easier to detect, which is why the Conti gang has started using BazarBackdoor for initial access to networks.
Dangerous privilege escalation bugs found in Linux package manager Snap
Researchers from Qualys have discovered an easy-to-exploit vulnerability in Snap, which is “a universal application packaging and distribution system developed for Ubuntu but available on multiple Linux distributions.” The flaw would allow a low-privileged user to “execute malicious code as root, the highest administrative account on Linux.” This is part of a series of flaws that the Qualys researchers have discovered in various Linux components while investigating the security of Snap.
Popular e-cigarette store was compromised to steal credit cards
Element Vape, a well-known online vendor of e-cigarettes and vaping kits, has discovered a credit card skimmer embedded on its live site. It is likely likely after getting hacked. “With its presence across the U.S. and Canada, Element Vape sells e-cigarettes, vaping devices, e-liquids, and CBD products in both retail outlets and on their online store.” This attack, known as a Magecart attack, means that customer data can be exfiltrated and sent to a Telegram address. This attack was resolved the same day of the disclosure.
Jammer used to stop kids going online, wipes out a town’s internet by mistake
A parent in Toulouse, France, frustrated by his kids’ addiction to social media used a multi-band jammer to stop the kids from going online through their phones after midnight. This action also locked out the internet access to a neighboring town. Local authorities were able to triangulate the source of the jamming, based on its extremely regular schedule – on at midnight, off at 3:00 a.m. Unfortunately for the Dad in question, using a jammer is not legal in France, and he now faces a maximum fine of €30,000 and even a jail term of up to six months.
(ZDNet)