Cybersecurity news provided by NetworkTigers on Monday, 28 February 2022.
SAN MATEO, CA — Ukraine asks hackers for assistance, Russian websites offline due to cyberattack, CISA: beware of MuddyWater, microchip manufacturer hacked, hacktivist group Anonymous declares war on Putin, Biden administration reportedly considering cyberattacks against Russia, FTC: Americans lost $5.8 billion to fraud in 2021, Russia’s cyberattacks on Ukraine could spill over to NATO allies, CISA compiles list of free cybersecurity tools, “Xenomorph” malware invades Google Play, international freight company believed to have been hit with ransomware, DC transit authority’s Twitter account hacked, Android devices being used by hackers to register disposable accounts, NFT marketplace plundered after phishing attack.
Ukraine asks hackers for assistance
In an effort to defend critical systems and infrastructure, Ukraine has asked for assistance from the country’s hacking community. Volunteers are to be divided into offensive and defensive units, with those positioned for defense to work on protecting public utilities and power plants and offensive teams working to gather intelligence on the Russian military. Thus far, hundreds of people have signed up. Read more.
Russian websites offline due to cyberattack
An apparent cyberattack has taken various Russian state websites offline as the country continues its assault on Ukraine. Hacking group Anonymous has claimed credit for some of the disruption, including taking Russia’s state television website down. Russia-based ransomware group Conti, while stating that they do not condone the war effort, have vowed to strike back at any outside cyberattacks against the nation. Read more.
CISA: beware of MuddyWater
CISA, along with other US and UK agencies, has issued a warning with regard to MuddyWater, an Iranian state-sponsored advanced persistent threat group. MuddyWater has been reportedly conducting cyber espionage campaigns around the globe. The threat actors have been targeting government and private sector organizations in defense, oil, natural gas and telecommunications. Read more.
Microchip manufacturer hacked
Nvidia, a leading manufacturer of microchips, has been hacked with their systems reportedly “completely compromised.” It is not currently known if the hack originated from Russia, although companies around the world are being vigilant with regard to the country’s aggression and Nvidua’s products are becoming increasingly important when it comes to artificial intelligence development and national security technology. Read more.
Hacktivist group Anonymous declares war on Putin
Anonymous, the hacktivist collective known for their Guy Fawkes masks and politically motivated cyber attacks, has declared “cyber war” on Russian President Vladimir Putin’s regime and taken credit for knocking Russia TV’s website offline. Anonymous has previously targeted Islamic extremists, the Ku Klux Klan, former US president Donald Trump and Elon Musk. Read more.
Biden administration reportedly considering cyberattacks against Russia
According to unconfirmed reports, President Biden has been presented with cyberattack options in response to Russia’s attack on Ukraine that range from internet shutdowns to the stoppage of trains and transport. Advisors are said to be torn between the fear of escalating Russia’s behavior and taking whatever measures may stymy the country’s advance on Ukraine. A spokesperson for the National Security Council refuted claims that Biden was mulling cyberattack options. Read more.
FTC: Americans lost $5.8 billion to fraud in 2021
In a report, the US Federal Trade Commission has revealed that Americans lost $5.8 billion to fraudsters in 2021 in a 70% increase over the previous year. Online shopping scams and imposter scams did the most damage, while identity theft also took a toll on Americans’ pocketbooks. Read more.
Russia’s cyberattacks on Ukraine could spill over to NATO allies
US Senate Intelligence Committee Chairman Mark Warner is warning that Russia’s cyberattacks on Ukraine may spill over into other countries and that Putin may give Russian ransomware gangs a “blank check” to attack political opponents as the country’s aggression towards Ukraine increases in intensity. Warner notes that as Russian malware spreads to other nations, it could be seen as an act of war depending on interpretation. Read more.
CISA compiles list of free cybersecurity tools
CISA has created a list of free cybersecurity tools for both private and business use. The tools are meant to help organizations bolster their defense, more quickly respond to security incidents and quickly detect suspicious activity. The tools are created by brands such as IBM, Google and Microsoft and are divided into categories to allow users to easily find what they are looking for. The resources are meant to help companies that CISA refers to as “target-rich” but “resource-poor.” Read more.
“Xenomorph” malware invades Google Play
A malware dubbed “Xenomorph” has been discovered hiding in the Google Play store buried in an app called “Fast Cleaner,” which is advertised as a battery life and data optimization app available to Android users. The malware grabs banking data from users after producing a fake log-in page whenever a targeted banking app is opened. Fast Cleaner has been downloaded over 50,000 times. Read more.
International freight company believed to have been hit with ransomware
Expeditors, a Seattle-based freight forwarding company that employs 18,000 people worldwide, has had to shut down the majority of their operations after experiencing a cyberattack. The company has not provided a detailed description of the incident. However, their behavior in its wake, as well as an anonymous tip, point to it being a massive ransomware attack. The company is working to restore functionality but has not provided a timeline on how quickly it expects to resume full operation. Read more.
DC transit authority’s Twitter account hacked
On Monday morning, Washington DC’s transit authority saw their Twitter account hacked and used to post obscene messages. The account is now reportedly secure and all offensive posts have been removed. The transit authority did not provide a comment on whether or not it enforces the recommended two factor authentication on its accounts. Read more.
Android devices being used by hackers to register disposable accounts
Hackers are leveraging infected Android phones to create disposable accounts that can then be used for illegal activities involving fraud. The threat encompasses users who utilize SMS PVA services and involves a “rogue platform built atop a botnet” that can allow malicious actors access to thousands of bulk phone numbers. Read more.
NFT marketplace plundered after phishing attack
NFT platform OpenSea is currently investigating a phishing scam that saw 32 users have some of their NFTs stolen. OpenSea says the attack did not exploit or compromise the marketplace’s website, which remains secure. Reportedly, the hacker has already made $1.7 million from selling some of the NFTs that have been stolen. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.