SAN MATEO, CA, October 17, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- CISA releases “RedEye” log visualization tool
- CISA issues 25 Industrial Control System advisories
- Mango Markets loses $170 million in crypto after hack
- Hospital chain delays care after cyberattack
- Killnet “unsophisticated,” according to experts
- “Caffeine” phishing platform lowers bar of entry for staging attacks
- Russian hackers attack US airports
- Facebook login credentials at risk due to malicious apps
- Phishing scammers pretend to assist callers with malware but inject their own
CISA releases “RedEye” log visualization tool
The U.S. Cybersecurity and Infrastructure Security (CISA) has released an open-source log visualization tool called RedEye to help make it easier for operators to parse and report command and control data. RedEye is able to distill complex logs from attack frameworks and provide the information in a simpler format via graphs and shareable visuals. CISA has also released a video detailing the tool’s features. Read more.
CISA issues 25 Industrial Control System advisories
CISA has released 25 new Industrial Control System (ICS) advisories and is urging user administrators to carefully review the data for mitigation suggestions and important technical details. The advisories describe current security issues and vulnerabilities related to the systems listed. Read more.
Mango Markets loses $170 million in crypto after hack
DeFi trading platform Mango Markets is the most recent crypto platform to lose a staggering sum of money via a cyberattack. The hackers reportedly were able to manipulate the value of the platform’s native MNGO token and drain massive loans from the company. So far this year crypto hackers have stolen a total of $2 billion from various platforms. Read more.
Hospital chain delays care after cyberattack
CommonSpirit Health is experiencing its second week of delays in patient care due to a cyberattack that resulted in the hospital chain taking some systems offline. CommonSpirit operates more than 700 healthcare facilities across more than 20 states. The organization has not disclosed how many locations have been affected by the attack, but if all facilities are experiencing the effects it would be the largest attack on the US health sector yet. Read more.
Killnet “unsophisticated,” according to experts
While Russian hacker group Killnet has spread mild chaos with a string of DDoS attacks targeting public-facing US airport websites, their recent proclamation regarding an attack against JP Morgan is prompting security experts to note that the gang is proving to be ineffective as a hacktivist collective. JP Morgan suffered no ill effects in spite of Killnet’s efforts, and researchers are finding that the group’s post-war pivot to a pro-Moscow cybercrime entity has done little to further their cause aside from keeping its name in the headlines. Read more.
“Caffiene” phishing platform lowers bar of entry for staging attacks
A phishing-as-a-service (PhaaS) platform called Caffeine makes it easy for anyone to stage and execute phishing attacks via Microsoft 365. The platform forgoes the approval process that other PhaaS platforms employ to restrict who is able to use the product, instead allowing users to sign up for a subscription license. Caffeine offers customer support and other features that set it apart from competing platforms and researchers expect its phishing template options to continue to expand beyond Microsoft 360. Read more.
Russian hackers attack US airports
A number of major US airports have had their websites disrupted at the hands of the Russian hacker group Killnet. The attacks, described mostly as an “inconvenience,” have disabled public-facing internet sites that display flight times and congestion, but no malicious activity has affected any airport security, air traffic control communications or other critical systems. More than a dozen airports across the country have been targeted. Read more.
Facebook login credentials at risk due to malicious apps
Meta has identified more than 400 malicious apps that are designed to steal Facebook login information from both Android and iOS users. Disguised as games, utility apps or VPNs, the programs ask for users to “login with Facebook” and then have access to the victim’s account. The most downloaded fraudulent apps were photo editors that allowed users to apply filters to their pictures or “turn themselves into a cartoon.” Read more.
Phishing scammers pretend to assist callers with malware but inject their own
Callback phishing plots are evolving. Scammers on the other end of the line, instead of pretending to assist customers with a subscription cancellation, are now telling them that they have been subjected to malware and that it needs to be urgently addressed. The caller is then directed to a website advertising anti-virus software that is actually malware in disguise. The development shows the ever-changing nature of these types of scams as hackers continue to change their tactics to keep up with the public’s understanding of online threats. Read more.