HomeCybersecurity NewsNews roundup November 27, 2023
All ArticlesCybersecurity News
November 27, 2023

News roundup November 27, 2023

By Ben Walker

SAN MATEO, CA, November 27, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

WailingCrab malware spreading via fake shipping emails

With holiday sales and shipment alerts peaking, cybercriminals are spreading “WailingCrab” malware in emails designed to look like delivery notifications. According to IBM X-Force researchers, the sophisticated malware “is split into multiple components, including a loader, injector, downloader and backdoor.” Designed by a threat actor known as TA544, WailingCrab is actively maintained and “has been observed incorporating features that prioritize stealth and allow it to resist analysis efforts.” Read more.

$9 million seized from pig butchering scammers by U.S. Department of Justice

The Department of Justice has reportedly seized $9 million of Tether cryptocurrency from a cybercrime group known to engage in pig butchering schemes such as romance and investment fraud. “These scammers prey on ordinary investors by creating websites that tell victims their investments are working to make them money. The truth is that these international criminal actors are simply stealing cryptocurrency,” said acting assistant attorney general of the Justice Department’s Criminal Division Nicole Argentieri. To locate the stolen money, U.S. Secret Service analysts traced deposits made by the victims, despite the criminals using a technique called “chain hopping” to launder the funds. Read more.

Blender 3D graphics suite battling ongoing DDoS attacks

Blender, a popular software used in video game development and special effects, has reportedly suffered from outages due to a sustained DDoS onslaught that began on November 18. In the brief periods between attack waves, Blender’s servers “remained overloaded by large volumes of pending legitimate requests,” making recovery challenging. I.P. blocking attempts have proven ineffective, as traffic then returns from another location. Blender’s COO took to X to show that more than 240 million illegitimate requests have been poured into the company’s servers. There is currently no data regarding who may be responsible for the attack or their motivation. Read more.

26% of cyber incidents are the result of intentional employee policy violations

A study from Kaspersky concludes that 26% of cyber incidents affecting businesses over the last two years have been caused by employees deliberately violating security protocols. The study has revealed that “22% of incidents resulted from the deliberate use of weak passwords or failing to change them promptly.” 18% was attributed to visiting insecure websites and another 25% to simply neglecting to install system or application updates. “As the numbers are alarming, it is necessary to create a cybersecurity culture in an organization from the get-go by developing and enforcing security policies, as well as raising cybersecurity awareness among employees,” advised a Kaspersky researcher. Read more. 

North Korean hackers continue to successfully engage in employment malware campaigns

Two new campaigns have been uncovered that see North Korean threat actors posing as job recruiters and potential employees to both spread malware and “obtain unauthorized employment with organizations based in the U.S. and other parts of the world.” Researchers at Palo Alto Networks Unit 42 say the campaign is partly designed to “infect software developers with malware through a fictitious job interview.” The fake job seekers use a GitHub repository to “host resumes with forged identities that impersonate individuals of various nationalities.” Read more.

E-commerce web apps contain major security gaps

As the holiday season and shopping-themed scams experience their annual spike, researchers and security experts are warning that e-commerce web apps lack the security needed to protect the information shoppers must submit to use them. New research from CyCognito reports that “more than a quarter (28%) of e-commerce web apps lack a web application firewall (WAF), including 24% of apps that collect PII. In addition, 2% of these apps still lack HTTPS, an internet protocol that uses encryption for secure communication over a computer network.” In addition, the study shows that 58% of e-commerce apps don’t ask users to consent to cookies. At 48%, nearly half of the study’s subjects contained vulnerabilities and more than a third contained exploits that could be easily taken advantage of. Read more.

Play ransomware now offered as a service to criminals

Researchers at Adlumin have found evidence that suggests that the Play ransomware strain has gone commercial and is now being offered as a service to cybercriminals. “The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it,” Adlumin said. The move to this model is lucrative, as it opens the door for inexperienced attackers to employ advanced ransomware against victims without knowing how to build their malware or even fully understanding how it works. Read more.

Old Bitcoin wallets vulnerable to new Randstorm attack

A new exploit called Randstorm allows hackers to “recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms,” based on a report from Enciphered. The exploit can be carried out on wallets created between 2011 and 2015. Randstorm is described as “a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine to dramatically reduce the quality of random numbers produced by web browsers of a certain era.” The result of the use of BitcoinJS, an open-source JavaScript package used in the development of wallets, the flaw “would stay there forever unless the funds were moved to a new wallet created with new software.” Read more.

Lumma malware uses trigonometry to evade security software

Lumma is an information-stealing malware rented to criminals hoping to steal data from web browsers and applications running on Windows. A report from Outpost24 reveals that the malware has received an update allowing it to use “trigonometry to detect human behavior, indicating that the infected system isn’t being simulated in a virtual environment” by analyzing the angle of mouse cursor movements. If the movements’ vector angles are less than 45 degrees, Lumma predicts they aren’t human and continue as directed. However, if the angles are 45 degrees or more, “the malware halts all malicious behavior but continues to monitor mouse movement until human-like behavior is detected.” Read more.

FBI takedown of QakBot results in surging use of other botnets

The FBI’s recent takedown of the widely used QakBot botnet has caused criminals to look elsewhere for alternatives. Phishing campaigns using the same strategies employed by QakBot purveyors are now spreading DarkGate and PikaBit malware and using “evasive tactics and anti-analysis techniques” to do so effectively and without detection. Different infection methods also lead researchers to believe that attackers are “testing different malware delivery options.” The outcome of cybercriminals simply turning to other malware strains to engage in the same campaigns that QakBot was used in was a criticism that the security community had regarding the effectiveness of the FBI’s operation. Read more.

More cybersecurity news

Ben Walker
Ben Walker
Ben Walker is a freelance research-based technical writer. He has worked as a content QA analyst for AT&T and Pernod Ricard.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

cybersecurity news weekly roundup november 27

Popular Articles