Microsoft thwarts large-scale ransomware attack
The Redmond giant announced that its Defender for Endpoint solution helped mitigate a “large-scale remote encryption attempt” by the ransomware group Akira, otherwise known as Storm-1567. This started in early June 2023 against an anonymous industrial enterprise. The attackers attempted to target devices not onboarded onto Defender, but a new automatic attack disruption capability from Microsoft prevented breached accounts from “accessing endpoints and other resources in the network.” Microsoft identified containing compromised user accounts as a key way to disrupt these types of attacks.
Former Uber CISO files appeal
Earlier this year, a court convicted former Uber CISO Joe Sullivan on obstructing justice and concealing felony, related to a 2016 data breach at the company. Sullivan’s legal team filed an appeal with the US Court of Appeals for the Ninth Circuit. The filing called his conviction “profoundly flawed” and said it threatened the use of bug bounties by enterprises. Many in cybersecurity expressed concern with Sullivan’s sentencing, as at the time he acted with full approval of Uber CEO Travis Kalanick and the company’s legal team, yet bore sole legal responsibility. The government must respond to the appeal by November 9th, with oral arguments projected to start in Q2 2024.
ToddyCat group targets telcos
Researchers at Check Point identified this actively run campaign, impacting telco providers across Pakistan, Vietnam, Kazakhstan, and Uzbekistan. The attackers use spear-phishing messages with malicious attachments to load a wide variety of malware. The researchers noted ToddyCat uses somewhat “disposable” malware, using many different versions of a custom tool to try to evade detection. Ultimately the campaign attempts to install a backdoor through an emailed ZIP file attachment, and from there load further malware.
FTX hackers try to move funds
Last November when the cryptocurrency exchange FTX declared bankruptcy, it also got hit by a theft of over $400 million in cryptocurrency. No word yet on what party orchestrated the attack. However the blockchain analytics firm Elliptic released a new report showing that the attackers began moving the funds across blockchains in a seeming attempt to cash out the funds without being tracked. The report claims the attackers show ties to Russian cybercrime groups, moving some funds to a pool often used by Russia-linked threat actors. This comes after almost 10 months of inactivity. Initially the thieves converted stolen stablecoins to more liquid cryptocurrency and attempted to use mixer services to launder the funds, but stopped activity at the end of 2022. There’s no indication this new activity is linked to the trial of FTX founder Sam Bankman-Fried.
(Wired)
Huge thanks to our sponsor, Hyperproof
US sees record data breaches
According to a new report from the non-profit Identity Theft Resource Center, the US saw 2,116 reported data breaches in 2023. This set a new annual record with three months left to go in the year. The previous high came in 2021 with 1,862 data breaches. While the number of breaches jumped significantly, total victims will likely decrease in the year. The ITRC estimates 234 million victims in 2023, short of the 425 million victims last year. Data breaches from zero-day exploits say the biggest rise in the year, up 1,620% on the year. Four of the top 10 biggest breaches in Q3 came as a result of the MOVEit vulnerability.
X claims to remove hundreds of Hamas-affiliated accounts
In a response to demands from EU industry chief Thierry Breton, X CEO Linda Yaccarino claimed the social network formally known as Twitter removed hundreds of Hamas-linked accounts. It also either removed or added contextual labels on thousands of pieces of content. Under the EU’s Digital Services Act, online platforms have increased responsibility to address content that risks public security. The Financial Times’ source say these measures may not be enough, saying the EU launched an investigation into how X hosted misinformation on the Hamas attacks on Israel.
Apple fixes iOS kernel zero-day
Last week, Apple released patches for current iOS versions to fix two actively exploited zero-day vulnerabilities. It now backported those patches to fix the vulnerabilities on older versions of the OS. One zero-day was a privilege escalation in the XNU kernel. The other came from a heap buffer overflow within the libvpx codec library. Microsoft and Google also released patches to address the same vulnerability and CISA added these to its Known Exploited Vulnerabilities Catalog. So far in 2023, Apple patched 18 actively exploited zero-days on iOS and macOS.
Alameda Research allegedly paid bribes to Chinese officials
Back in 2020, China froze access to Alameda Research trading accounts on the exchanges OKX and Huobi in China. At the time those accounts held assets worth roughly $1 billion. In the fraud trial for FTX founder Sam Bankman-Fried, former Alameda co-CEO Caroline Ellison testified that her co-CEO Sam Trabucco and Bankman-Fried told her to make crypto transfers of up to $150 million to unfreeze these accounts. Ellison later discovered these payments went to Chinese officials.