security

Cyber Security Headlines: North Korean crypto tactics, Russian … – CISO Series


A look at North Korean crypto stealing tactics

The Record’s Jonathan Greig broke down a recently report on these tactics from Proofpoint, hightling the work of the APT TA444. The report describes the group as working “with a startup mentality and a passion for cryptocurrency.” While the groups activities overlap with other North Korean-linked threat actors, like Lazarus Group, it stands out as seemingly only interested in generating revenue, rather than cyber espionage.

In the past, the group spread malware through malicious documents, but in 2022 expanded to using email marketing tools. These tools allowed it to more easily get past spam filters and seem legitimate. It combines this with aggressive social media strategies, contacting potential victims on LinkedIn with faked job offers. The United States Treasury Department estimates the group used various cryptocurrency mixers to launder over $120 million. 

(The Record)

Russia saw record DDoS attacks

A new report from the Russian telco Rostelecom disclosed that in 2022 it identified 21.5 million critical web attacks, with DDoS attack impacting 600 organizations in the country across private business and state services. Russian government serviced accounted for 30% of all DDoS attacks, with total DDoS attack up 12 times from the previous year. While one attack lasted three months, most were not very powerful or long lasting. The Russian service DLBI also estimates that in the last year, data leaks impacted 75% of all Russian citizens. 

(The Record)

China leads in facial recognition tech exports

The Brookings Institution published a new study from Harvard and MIT, looking technology exports by country. It found China led all exports with 201 deals involving sending the technology abroad. US firms came in second with 128 deals. China also led the US in AI export deals, with 250 export deals compared to 136. Combined the two countries accounted for 23.5% of all AI export deals. One of the reports authors, Harvard economist David Yang, sayid while recent US foreign policy seeks to limit China’s development of new capabilities, it generally doesn’t limit the transfer of existing tech. China can lead facial recognition exports because it “already developed a comprehensive suite of surveillance AI tech that it can sell.” 

Readers Also Like:  Huge Bluetooth security flaw affecting all phones exposed! AirDrop most at risk to attacks - HT Tech

(Wired)

Kronos Malware Reemerges

Experts believe Kronos malware emerged from leaked Zeus malware source code, sold to Russian actors back in 2011. A newer variant emerged in 2014. It served as a vector for downloading other malware. After that it emerged again in 2918 as a banking trojan referred to as Osiris. This contained some differences but used the same underlying techniques. The latest resurrection of this malware seems to have come last year, attacking financial institutions as a malicious Chrome extension named Seguridad. This variant looked to steal sensitive information from a device, like login credentials and tokens. Security Intelligence reports attacks successfully used it against a financial institution in Mexico. 

(Security Intelligence)

And now a word from our sponsor, SafeBase

These days, customer trust can be an organization’s strongest competitive advantage. But how can you develop and maintain customer trust over the long term? The answer is SafeBase. After implementing SafeBase’s Smart Trust Center, many companies see shorter deal cycles, higher-value contracts, and stronger long-term customer relationships. Some even achieve a 90% reduction in security questionnaires. Learn more at safebase.com

India’s new mobile OS makes big security claims

India continues to maintain a contentious relationship with tech platforms, including mobile operating systems like Android. That OS dominates the Indian market. A recent Supreme Court ruling will see Google opening up Play Store services more broadly in the country. But last week the Indian Institute of Technology announced a new mobile OS called BharOS, aimed as a home grown alternative. India’s minister for education and skill development and entrepreneurship Dharmendra Pradhan demonstrated it this week.

Readers Also Like:  IBM boosts detection and response services with AI tech - ERP Today

Pradhan claimed the OS shipped with no preloaded apps, shared no user data, and worked with private app stores. He also claimed the OS couldn’t run malware, but provided no details about how this is even remotely possible. Screenshots of the OS show what looks like the Android keyboard app with design elements that look similar to Android. Prior reporting also says its based on the Linux kernel, so it would seem malware would be eminently possible on the platform. 

(The Register)

Hacked WordPress sites redirect to ad pages

According to a new report from Sucuri, a recently campaign infected WordPress sites with a malicious index.php file. This initially sent users to fake CAPTCHA scam pages, but recently switched to sending visitors to sketchy ad networks. Some of the ads include ones for malicious “ad blockers” that actually spur installing more malware on a system. This campaign seems like it goes back to at least 2017, but recently increased activity in December 2022 to impact over 3,600 sites. 

(Hacker News)

Blackberry malware report

That finding comes from the company’s Quarterly Threat Intelligence Report, which disclosed it stopped 1.75 million malware attacks in 90 days. The most common malware used came from Emotet, the Qakbot phishing network, and the GuLoader infostealer. The report also found that, despite its repudiation, attackers continue to find ways of targeting macOS. It found data stealer Dock2Master the most commonly installed app. The report found the app at 34% of client organizations using macOS on their networks. 

(IT Security Guru)

Readers Also Like:  Pacific Air Forces strengthens partnerships during Pacific Defender - DVIDS

Yahoo is back on top…with phishing

Check Point released its report on the most spoofed brands for Q4 2022. It found that Yahoo overtook DHL as the most imitated brand, used in 20% of all phishing attempts in the wild. Malicious emails tried to entice click through by offering prize money from Yahoo contents. DHL only moved down one on the list, down to 16% of all phishing attempts, while Microsoft came in third. Overall Check Point found the tech industry saw the most brand imitators in phishing messages, followed by shipping brands and social networks. 

(InfoSecurity Magazine)



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.