Welcome to the Cyber Watch series for today, October 13, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.
This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. You can read the full story by clicking on each headline. We encourage you to review these stories and take steps to protect your organization.
Wired News reports that after a Hamas attack on Israel triggered a declaration of war, an escalating conflict is claiming lives on both sides. Simultaneously, hacktivists from the Middle East and across the globe have entered the fray, marking a new front in modern warfare.
These hacktivists swiftly initiated attacks on Israeli and Palestinian websites and applications as the conflict unfolded. Their tactics include defacements and Distributed Denial of Service (DDoS) attacks, aiming to overwhelm their targets and disrupt services. Some groups even claim to have stolen data, targeted internet service providers and infiltrated Israel’s missile alert service, Red Alert.
Will Thomas, a member of Equinix’s cybersecurity team, reported over 60 websites enduring DDoS attacks. Notably, roughly half of these targeted Israeli government websites. Additionally, at least five sites were defaced with messages related to “Free Palestine.” The situation in the Middle East is rapidly evolving both on the ground and online, highlighting the growing significance of cyber warfare in contemporary conflicts.
Critical Vulnerabilities in ConnectedIO’s 3G/4G Routers and Cloud Platform Pose Significant Security Threats
According to a recent Hacker News, a series of high-severity security vulnerabilities have come to light in ConnectedIO’s ER2000 edge routers and their cloud-based management platform, raising concerns about potential security risks. These vulnerabilities could be exploited by malicious actors to execute malicious code and gain access to sensitive data, with the potential to compromise cloud infrastructure and expose customer and device information. They particularly affect ConnectedIO platform versions up to v2.1.0, including the widely-used 4G ER2000 edge router and cloud services.
Security experts, including Claroty’s Noam Moshe, have pointed out that these flaws could allow attackers to compromise the cloud infrastructure entirely, remotely execute code, and access critical data. The impact of these vulnerabilities isn’t limited to just the routers; they also pose a significant risk to thousands of internal networks reliant on 3G/4G routers, potentially leading to full network control, data interception, and even infiltration of Extended Internet of Things (XIoT) devices.
In a startling revelation, Security Affairs reports that blockchain analytics firm Elliptic has disclosed that malevolent actors have successfully laundered an unprecedented $7 billion through cross-chain crypto crime. This term encompasses the nefarious act of moving illicitly obtained funds between various cryptocurrencies or blockchain platforms to legitimize their origins.
One prominent actor in this ominous scenario is the North Korea-linked Lazarus Group, notorious for its cybercrime exploits. Elliptic’s report exposed that over the course of a year, from July 2022 to July 2023, this elite cybercriminal organization laundered an astonishing $900 million in cryptocurrency. The surge in cross-chain criminal activities has largely centered on crypto thefts, Ponzi schemes, scams, and the illicit financial laundering executed by groups like Lazarus.
US Government Agencies Collaborate to Enhance Cybersecurity in Open Source Software for Critical Infrastructure
A recent Security Week report reveals that a consortium of US government agencies, including CISA, the FBI, the NSA, and the Department of Treasury, have joined forces to produce comprehensive cybersecurity guidelines for the use of open source software (OSS) in operational technology (OT) environments. This initiative aligns with CISA’s Open Source Software Security Roadmap, which was released in September.
The guidance, presented in a new document, aims to promote a deeper understanding of OSS and its secure implementation within industrial control systems (ICS) and other OT systems. It provides a framework for best practices in the secure use of OSS.
Notably, the guidance covers recommendations for supporting OSS development, addressing vulnerabilities through patching, and employing Cross-Sector Cybersecurity Performance Goals (CPGs) to integrate security best practices. It underscores that security challenges common to both OSS and OT include the presence of vulnerabilities in libraries and components, a lack of commercial support, and insufficient documentation before implementation.
According to a Cyber News report, Simpson Manufacturing – a prominent engineering and building materials company – recently faced a cybersecurity incident, leading to disruptions in its business operations. On October 10th, the company encountered issues within its IT infrastructure and applications, stemming from this incident.
In response, Simpson Manufacturing took swift action by temporarily shutting down affected systems to combat intrusion and restrict unauthorized access. Although the nature and extent of the cyber attack remain undisclosed as the investigation is in its early stages, the incident is expected to have ongoing negative effects on the company.
To address this breach and determine its full scope, Simpson Manufacturing has engaged the expertise of leading third-party cybersecurity professionals. Although no specific details have been provided regarding the cyberattack’s origin, the company is diligently working to respond to and resolve the issue.
CNBC reports that over the past few weeks, significant cyberattacks have disrupted the operations of two prominent companies, raising concerns about the broader implications of such incidents. Johnson Controls, a key provider for federal agencies, experienced an attack that disrupted its internal IT infrastructure. The Department of Homeland Security is now investigating potential exposure of sensitive information, including floor plans and security details.
Meanwhile, Clorox issued an alarming earnings warning due to a substantial cybersecurity breach in August, leading to operational disruptions and product shortages. The incident has triggered a reevaluation of Clorox’s fiscal outlook for 2024 and beyond, anticipating substantial sales declines and a quarterly loss.
According to a recent Cybersecurity News report, Cloudflare, a prominent web security and performance provider, recently weathered an unprecedented storm in the form of an HTTP attack that reached a staggering peak of 201 million requests per second. Starting on August 25, 2023, this massive assault was initiated by a botnet comprising only 20,000 machines, which made it even more remarkable. To put this in perspective, the entire worldwide web typically handles between 1 to 3 billion requests per second.
While the initial wave of the attack initially affected about 1% of customer requests, Cloudflare’s security mechanisms were swiftly adapted to protect its customers without compromising the company’s infrastructure. Notably, this isn’t an isolated incident; industry giants like Google and AWS also grappled with similar challenges, highlighting the growing scale and sophistication of cyber threats.
InfoSecurity Magazine recently reported that Google is leading the charge towards passwordless authentication by making “passkeys” the default sign-in method for all users. This initiative, announced during Cyber Security Awareness Month, reflects the tech giant’s commitment to enhancing security and user convenience. It follows the successful introduction of passkey support five months earlier, driven by “really positive feedback” from users.
With this change, when users create or sign into their Google accounts, they will be encouraged to adopt passkeys as their primary authentication method. Furthermore, users will find the “Skip password when possible” option enabled in their account settings, streamlining the login process.
Google’s move aligns with the broader industry trend of reducing reliance on traditional passwords. Tech giants such as Apple, Microsoft, and Google have pledged support for the FIDO Alliance and World Wide Web Consortium (W3C) standard. This standard enables users to seamlessly access their FIDO sign-in credentials or passkeys across devices without the need for constant re-enrollment.
A recent SC Magazine report reveals a demonstration of their resilience and adaptability. According to this report, the notorious Qakbot malware gang, known as “QBot” or “Pinkslipbot,” continued their cyberattacks during August even after authorities executed a major operation to seize their infrastructure and dismantle a substantial botnet. QakBot had been a prevalent malware loader, comprising 30% of all loaders detected by ReliaQuest researchers in the first seven months of 2023.
Despite the successful seizure of gang-related assets and infrastructure, law enforcement did not make any arrests, leading experts to anticipate that key gang members would regroup and resume their cybercrimes. Cisco Talos confirmed this suspicion in an October 5 blog post, revealing that the gang had been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails in the weeks leading up to the takedown operation.
While the operation effectively disrupted the group’s command-and-control servers, it left their spam delivery infrastructure intact, indicating that the Qakbot gang is determined to adapt and persist.
A data breach at DNA testing company 23andMe has raised serious concerns as it appears to have anti-Semitic motivations. Threat actors are attempting to sell the data of nearly one million 23andMe customers, with a focus on individuals of Ashkenazi Jewish ancestry.
According to a recent Cyber Wire report, Security experts have expressed alarm at the ethnic targeting involved in this breach, highlighting the need for more robust regulation and protection of DNA data. The breach is believed to have been carried out via credential stuffing, a common but preventable attack method. Industry professionals stress the importance of multi-factor authentication and user education to defend against such incidents.
That’s all for today. Stay tuned for our next episode. See you next week!