SAN MATEO, CA, October 16, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- Israeli information security professionals band together amidst war in Gaza
- New threat actor targeting women political leaders
- EPA rescinds cybersecurity rule around water safety
- October is Cybersecurity Awareness Month
- FBI and CISA update advisory for AvosLocker ransomware
- Biggest DDoS attack ever recorded reveals vulnerabilities in key area of internet architecture
- DarkGate malware spreads via messaging platforms by posing as PDFs
- Study finds that one-fifth of UK cybersecurity professionals work “unsafe hours”
- Casino giant’s loyalty program breach results in compromise of 41,000+ identities
- Rutter’s to pay $1 million in settlement for cybersecurity attacks
Israeli information security professionals band together amidst war in Gaza
Israeli cybersecurity experts are banding together to offer free support to Israeli schools and organizations targeted in a recent round of “hacktivist” activity. Israeli schoolchildren’s lessons over Zoom and digital billboards in the country have allegedly been hacked to display anti-Israel and pro-Hamas content, as well as images of rockets and burning Israeli flags. Israeli cybersecurity experts expressed confidence in their ability to protect digital assets, however, as well as guard against future incursions. Volunteers have rejected pleas from family members to hack into missing citizens’ phones to locate them, saying that they worry doing so will bring more harm to the victims. Israeli cybersecurity coalitions also refuse to take vigilante action, believing doing so may backfire in the larger effort to subdue Hamas. Read more.
New threat actor targeting women political leaders
Cybersecurity firm Trend Micro has identified an emerging threat for women political leaders worldwide. The threat actor, known as Void Rabisu, Storm-0978, Tropical Scorpius, and UNC2596, is also believed to have been linked to ongoing backdoor attacks against Ukraine and countries supporting Ukraine in the war against Russia. The RomCom RAT malware update, known as PEAPOD, has been discovered on a decoy site called wplsummit[.]com, a replica of the legitimate domain dedicated to the Women Political Leaders Summit from June 2023. The malware, which is usually distributed via phishing efforts, instead downloaded from a series of photos of conference attendees. Read more.
EPA rescinds cybersecurity rule around water safety
A recent lawsuit led by the state attorneys generals of Arkansas, Iowa, and Missouri led to the withdrawal of a federal cybersecurity rule around drinking water facilities. In March, the Environmental Protection Agency mandate required that states evaluate their public water systems’ operational technology infrastructures. The EPA cited recent attacks on water safety, such as the attempted poisoning in Oldsmar, FL, as the reason for the increased oversight. An EPA official stated that many public water utilities across the states “have failed to adopt basic cybersecurity best practices and consequently are at high risk of being victimized by a cyber-attack.” However, due to the lawsuit alleging federal overreach, the EPA was forced to rescind this rule. They hope that state and local drinking water and wastewater utilities will “voluntarily engage in reviewing public water system cybersecurity programs” for the safety of all. Read more.
October is Cybersecurity Awareness Month
The National Cybersecurity Alliance and CISA have announced the theme for this October’s Cybersecurity Awareness Month: “Secure Our World.” Each year since 2004, the Cybersecurity and Infrastructure Agency (CISA) has dedicated the month of October to raising awareness, literacy, and investment in cybersecurity techniques. As part of this month’s push, CISA has released a new finding that shows that 90% of successful hacks begin with a phishing email. The program shares four easy steps people can take to stay safer online. Read more.
FBI and CISA update advisory for AvosLocker ransomware
As of Wednesday, the Joint Cybersecurity Advisory, made up of experts from the FBI and CISA, issued a new update against AvosLocker ransomware. The advisory urged cybersecurity officials to implement secure-by-design and -default principles to guard against attack. Previous warnings have been released in January and May of 2023. This latest advisory also recommends that organizations update and even limit the use of PowerShell, the Microsoft task configuration and automation program, because of the heightened risk of infiltration by AvosLocker ransomware. Read more.
Biggest DDoS attack ever recorded reveals vulnerabilities in key area of internet architecture
Internet titans Google, Cloudflare and Amazon Web Services (AWS) released news that they fought off an enormous denial-of-service (DDoS) attack on October 11, 2023. The threat was designed to disrupt the use of the internet as well as the availability of key services and functions. The DDoS attack was the largest yet on record, generating over two minutes “more requests than the total number of article views reported by Wikipedia during the entire month of September 2023”, according to a blog post from Google. The attack was coordinated as an HTTP/2 request flood, attempting to overwhelm a site’s ability to function with a barrage of illegitimate traffic. Cloudflare engineers report that the effort revealed weaknesses in the HTTP/2 setup and that any vendor with it as part of their system may be vulnerable to future attacks. Read more.
DarkGate malware spreads via messaging platforms by posing as PDFs
The instant messaging features of popular platforms like Skype and Microsoft Teams have been targeted by DarkGate, a commodity malware that harvests personal information, conducts cryptocurrency mining, and allows for remote control of infected systems by hackers. The malware spotted circulating Microsoft Teams and Skype messages poses as a Visual Basic for Applications loader script, releasing what seems to be an innocent PDF. When opened, the infected PDF file triggers the launch of the malware. Read more.
Study finds that one-fifth of UK cybersecurity professionals work “unsafe hours”
A new report revealed that as many as one-fifth of cybersecurity professionals in the United Kingdom work “unsafe hours,” or over 48 hours per week. Despite surveys indicating positive emotions about job prospects, with many cybersecurity employees saying they work in a “booming” sector with “excellent” job prospects, at least 22% report working more than the upper limit set by the government. Additionally, 8% work more than 55 hours per week, an amount deemed a serious health hazard by the World Health Organization (WHO). Read more.
Casino giant’s loyalty program breach results in compromise of 41,000+ identities
Caesar’s Entertainment, the owner of the popular casino chain Caesars Palace, revealed that due to a social engineering hack on an outsourced IT vendor, at least 41,397 residents of the state of Maine had their personal information stolen from their hotel loyalty program’s network. Stolen information includes names, driver’s license numbers and ID numbers, but not, the hotel chain insists, financial information or credit card numbers. The hack involved a $30 million ransom, negotiated down to $15 million. Read more.
Rutter’s to pay $1 million in settlement for cybersecurity attacks
Due to a series of hacks taking place over nine months, involving the theft of information from over 1.3 million payment cards and 79 different locations, Rutter’s has been ordered to pay an additional $1 million settlement by the Office of the Pennsylvania Attorney General. The OAG determined that the company failed to take appropriate steps to protect customers’ private information, as is required by Pennsylvania’s Unfair Trade Practices and Consumer Protection Law. Read more.