SAN MATEO, CA, December 19, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- FBI: BEC attacks targeting food shipments
- Cyberattack knocks out FuboTV during World Cup match
- Criminals using SVG files and HTML smuggling to insert QBot malware onto Windows systems
- Apple releases patch to fix zero-day iPhone hack
- LockBit breaches California finance department
- Uber breached after cyberattack on third-party vendor
- North Korean hackers impersonate researchers, access intel
- Royal ransomware targets US healthcare system
FBI: BEC attacks targeting food shipments
The FBI, the USDA and FDA OCI have issued a joint wanting to food suppliers that BEC attacks may be used against them to steal entire shipments of food using compromised email accounts. The agencies also warn that said food products would likely be resold with no regard to proper handling and processing regulations and therefore could pose a health danger. In 2021, BEC attacks cost companies $2.4 billion in losses. Read more.
Cyberattack knocks out FuboTV during World Cup match
FuboTV viewers hoping to watch the match between France and Morocco leading up the World Cup found themselves out of luck, as an apparent cyberattack knocked out the streamer’s broadcast of the game. Details regarding the specifics of the attack, or who may be responsible, are unclear at this stage on the investigation. A statement from FuboTV reports that the company has enlisted the assistance of law enforcement and security professionals at Mandiant. Read more.
Criminals using SVG files and HTML smuggling to insert QBot malware onto Windows systems
Phishing attackers have begun using a new method in which they smuggle QBot malware into Windows systems using SVG files to create installers, according to findings from researchers at Cisco Talus. QBot, once installed, provides a platform from which ransomware attacks and other malicious activity can be launched. HTML smuggling, a technique in which encoded JavaScript payloads are hidden in an HTML attachment, allows hackers to push through security protections and firewalls. Cisco is advising that, to protect against HTML smuggling, users should block JavaScript or VBScript execution for downloaded content. Read more.
Apple releases patch to fix zero-day iPhone hack
Apple has released a patch that fixes the company’s tenth zero-day exploit for the year. The bug, discovered by Google’s Threat Analysis Group, is said by Apple to have been exploited in the while and allows “maliciously crafted web content to perform arbitrary code execution on a vulnerable device.” Apple is remaining tight-lipped about the specifics of the exploit and how it has been leverage by threat actors in order to limit further spread of the hack. Users are urged to update all iOS and OS devices immediately to ensure that the exploit cannot be abused further. Read more.
LockBit breaches California finance department
Russian ransomware group LockBit has claimed credit for a breach of California’s Department of Finance in which they claim to have stolen confidential information from the agency. In a statement, the Department of Finance reports that the breach has not compromised state funds and has downplayed the breach as an “intrusion.” LockBit is purporting to have stolen 76GB of information that includes “databases, confidential data, financial documents, certification, IT documents” and court proceedings that it is threatening to release unless a ransom is paid. LockBit, however, has a history of bluffing and exaggerating the effects of their hacks, so experts are advising to take their claims with a grain of salt. Read more.
Uber breached after cyberattack on third party vendor
An attack levied against third-party vendor Teqtivity has resulted in Uber employee data being posted on a popular hacker forum. Employee email addresses, corporate reports and IT asset information compose the stolen data. The leak also purports to include source code associated with mobile device management platforms. The forum posters reference the Lapsus$ hacker group, but Uber does not believe this was conducted by them. While customer information is said to be unaffected, the stolen data can be used to stage phishing attacks against Uber workers. Read more.
North Korean hackers impersonate researchers, access intel
Microsoft has reported that Thallium, a North Korean hacker organization, is forgoing sophisticated phishing malware in favor of basic impersonation emails to get a look at Western intelligence. The efforts meant to better understand the West’s interpretation of North Korea, see threat actors sending emails to researchers that purport to be from journalists or peers. The messaging asks the recipient to comment on information about North Korea or says it will pay them to write or edit a report detailing the country’s security issues. Read more.
Royal ransomware targets US healthcare system
A ransomware operator called “Royal” has caught the attention of the US Department of Health and Human Services as it has been specifically targeting American healthcare organizations in attacks and extortion efforts that range from $250 thousand to $2 million. Since the start of 2022, Royal is believed to be composed of members of other gangs. Royal seems to be a private group as opposed to a ransomware-as-a-service purveyor. Royal’s “malware is a 64-bit Windows executable written in C++ and is launched via the command line, indicating that it involves a human operator to trigger the infection after obtaining access to a targeted environment.” Read more.
More cybersecurity news
- Last week’s news
- All cybersecurity news and articles are brought to you by NetworkTigers.
