Mid-stream hack postpones ESports league
“I’m getting hacked, bro, I’m getting hacked,” was an Esports player’s immediate reaction upon realizing he was indeed being hacked during a live-streamed game over the weekend. In separate incidents during the Apex Legends Global Series tournament, two players unexpectedly gained access to cheats which is forbidden in these kinds of competitions, prompting the organizers to suspend the game. Initially, it was suspected that hackers exploited a remote code execution (RCE) vulnerability. However, the following day, the developers behind Apex Legends’ anti-cheat system, Easy Anti-Cheat, announced on X (formerly Twitter) that they had ruled out the possibility of an RCE being involved. As of now, there have been no further updates on what transpired.
Bank loses $40 million after “systems glitch”
A costly glitch: According to the BBC, Ethiopia’s biggest commercial bank lost more than $40 million after customers realized they could withdraw more cash than they had in their accounts. The Central Bank of Ethiopia, serving more than 38 million people, stated that the glitch occurred during ‘maintenance and inspection activities,’ ruling out a cyberattack. The bank is urging individuals who withdrew extra funds to return them, promising that they will not face criminal charges. There has been no update on whether anyone has taken the bank up on that offer.
LockBit reemerges with vengeance
Despite a recent setback thanks to the FBI, the LockBit ransomware gang has made a comeback, claiming to have successfully stolen data from Crinetics Pharmaceuticals. This company, which focuses on developing therapies for endocrine diseases, told Recorded Future that suspicious activity was detected on an employee’s account. However, they assured that the incident did not disrupt daily operations and was quickly contained. Over the weekend, LockBit’s leak site listed Crinetics, demanding a $4 million ransom be paid by March 23rd, however it remains unclear whether the company intends to negotiate with the ransomware group. Meanwhile, remember when I said LockBit is back with vengeance? Despite the FBI’s seizure of the group’s hacking tools, accounts, and source code, the group’s alleged leader, LockBitSupp, stated in a recent podcast, “My only goal in life is to attack one million companies… once I reach one million, I will retire forever.” Needless to say, we will likely be reporting on stories like this for a while.
AcidPour malware hits Linux network devices
SentinelLabs researcher Tom Hegel discovered this new data-wiper malware being uploaded from Ukraine, seen as a potential variant of AcidRain malware. This makes the relationship between the two somewhat confusing, as the AcidRain antecedent was previously used to attack targets in Ukraine, including the satellite provider Viasat. AcidPour targets specific directories in embedded Linux systems, specifically targeting network appliances like routers and NAS devices. By targeting more common x86 devices, AcidPour could have a much wider impact than AcidRain, which targeted the more niche MIPS architecture.
Huge thanks to our sponsor, Vanta
Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization.
Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk.
To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Government agencies targeted by Chinese-linked APT groups
An advanced persistent threat (APT) group, possibly linked to the Chinese government and identified as Earth Krahang, has compromised 48 government agencies worldwide, with an additional 49 entities targeted, Trend Micro reports. This group is thought to be connected to Earth Lusca, a cyber penetration team within the Chinese company I-Soon, which itself has ties to the Chinese government. According to the report, Earth Krahang has targeted approximately 100 entities in 35 countries, spanning sectors such as government, finance, healthcare, and manufacturing. The group specializes in exploiting government infrastructure to disseminate malware, conduct proxy traffic, and initiate spear-phishing attacks against other governmental institutions. At this point, Trend Micro’s only recommendations are to educate employees on how to avoid social engineering attacks.
Phishing attacks get an upgrade
Digital document publishing (DDP) platforms like FlipSnack, Marq, RelayTo, and Simplebooklet are increasingly exploited by threat actors to carry out phishing scams, steal login credentials, and hijack session tokens. Unlike previous strategies that used services such as Google Drive, this new tactic involves using DDP sites to bypass email security through interactive flipbooks. The attackers capitalize on free accounts and the temporary nature of hosted content, making it easier for these threat actors to evade detection and mitigation efforts.
CSA announces IOT Device Security Specification
Right now, the best way to characterize the security of consumer connected devices is buyer beware. But the new IOT Device Security Specification from the Connectivity Standards Alliance, or CSA, looks to change that. This sets out baseline cybersecurity standards for connected home and other IOT device makers. Going through a certification process will allow an OEM to put a new Product Security Verified, or PSV mark on product packaging. Over 200 CSA member companies helped develop the specification, including smart home heavyweights Amazon, Google, Arm, and Signify. Products with the PSV mark could arrive by the 2024 holiday shopping season.
Hackers behind a sale of 100 million accounts arrested
The good guys don’t always finish last when it comes to cyber crime. The Ukranian cyber police report they’ve arrested three suspects who are accused of hijacking over 100 million emails and Instagram accounts worldwide. Investigators say the charged individuals used specialized software to brute-force account passwords and then steal them. Not only did the cyber criminals try to sell the compromised accounts on the darknet, they also used their access to the hacked account to scam victims’ contacts into sending them money. The defendants face up to 15 years in prison.