Cyber Watch – December 29, 2023

Welcome to the Cyber Watch series for today, December 29, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.  

This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. We encourage you to review these stories and take steps to protect your organization. Click on each headline to read the full story.

NSA Issues Software Supply Chain Security Guidance

The National Security Agency has published practical guidance for implementing detailed manifests of all components underlying purchased software platforms. These so-called software bills of materials are designed to map out dependencies and vulnerabilities concealed deep inside complex webs of third-party code and open-source libraries integrated into applications. 

Mandated for federal agencies last year by the White House, the NSA advises their urgent adoption by critical infrastructure operators and defense industrial partners to avoid compromised Chinese and Russian code slipping into sensitive systems.

Outlining a three-step approach involving ongoing risk analysis, monitoring for bugs, and incident response planning, the guidelines aim to advance standardized SBOM practices across the software ecosystem. With standards still nascent, the NSA calls for expanded public-private research to mature SBOM technologies and management tools for tracking risks.

Gamers Targeted By Malware Hidden In Torrented Video Games

Budding cybercriminals have been caught deploying stealthy malware against fans of pirated video games in a bid to plunder their financial data. Sharp-eyed threat researchers at ReasonLabs revealed this week that popular titles illegally shared on torrent sites are being trojan-horsed with malicious code unknown to security tools.

When launched, the infected game installers covertly download extensions masquerading as VPN privacy tools on the victim’s web browser. Unwitting gamers are unlikely to notice the scam apps buried amongst their collection of legitimate extensions. But once installed, the imposter ‘VPN’ quietly disables other extensions used for online cashback rewards or cyber protection before siphoning the user’s sensitive information.

With extensions and apps shielding financial activity now neutralized, the hackers have full visibility of their target’s online transactions. By hijacking extension updates, they can also inject further malware to spy on victims. In a concerning development, ReasonLabs found the phony VPN app hiding in plain sight within Google’s Chrome Web Store amongst other legitimate offerings.

NASA Issues Space Cybersecurity Guide As Hacking Threats Surge

NASA published its inaugural blueprint this week distilling the latest terrestrial cyberdefence strategies into practical guidance for rocket scientists.

With space technology set to exceed $1 trillion annually this decade, state-sponsored hackers are training sights on space infrastructure as a prime target for disruptive infiltration or espionage. Heeding FBI warnings of foreign efforts to hack the space industry, NASA hopes to foster resilient security across public and private operators through its new playbook.

Leveraging federally approved techniques from the National Institute of Standards and Technology, the guide translates complex security concepts into achievable steps using space mission terminology. Beyond fortifying its networks, NASA intends the advice to also harden systems developed by commercial space partners, academic institutes, and international collaborative missions.

Daily Malicious Files Increase by 3%, Kaspersky Reveals 

In 2023, the cybersecurity landscape witnessed a concerning surge, with cybercriminals releasing an average of 411,000 malicious files daily—an alarming 3% increase from the previous year. Kaspersky’s Security Bulletin: Statistics of the Year Report, published on December 14, 2023, unveils a shift in attack strategies, notably through the escalation of malicious desktop files, including Microsoft Office and PDFs, resulting in a 53% spike from 2022.

While Microsoft Windows remains the primary target, an intriguing rise in macOS malware is observed, particularly in France, China, and Italy, often disguised as adware. Trojans continue to dominate, with a noteworthy surge in backdoor usage, providing attackers remote control over victims’ systems. The prevalence of backdoors skyrocketed from 15,000 to 40,000 detected files per day in 2023.

LockBit emerges as the most prolific ransomware group, claiming a substantial 24.63% share in total victim numbers across data leak sites. Notably, cybercriminals heavily exploited Microsoft Office vulnerabilities, representing 69.10% of all exploited vulnerabilities.

Global Digital Skimming Operation Hits 440+ Merchants Across 17 Nations

In a sweeping cyber onslaught, over 440 online merchants in 17 countries fell prey to a sophisticated digital skimming operation. Employing the elusive digital sniping technique, threat actors strategically deployed 23 distinct sniffer families, including ATMZOW and AngryBeaver, to quietly pilfer customers’ credit card and payment data. 

Europol, in collaboration with Group-IB, ENISA, and EMPACT, has orchestrated a coordinated response, gathering comprehensive threat intelligence to aid affected merchants in fortifying their defenses against this widespread breach.

The extensive threat intelligence encompasses details on compromised websites, malware signatures, extracted domains, and URLs intricately utilized by the attackers. The operation brings to light the stealthy nature of digital skimming, often allowing threat actors to operate undetected for prolonged periods. Stolen data is clandestinely circulated in Darknet marketplaces, posing a risk for illicit transactions conducted by underground cybercriminals.

U.S. Schools Face Alarming Surge in Cyber Attacks, Doubled Incidents in 2022

A disturbing surge in cyber attacks has besieged U.S. schools, with incidents doubling to 1,981 across 45 districts in 2022. Threats extend beyond physical safety, as hackers, driven by ransom payouts and identity theft, target sensitive student data, including grades and health records. The resilience of educational institutions is tested daily, with thousands of global adversaries attempting unauthorized access.

Despite this digital onslaught, schools grapple with insufficient cybersecurity funding, leaving them ill-equipped for the evolving threat landscape. Primary concerns include phishing attacks and ransomware, the latter incurring multifaceted costs, including significant disruptions to student learning time.

Experts emphasize the pivotal role of federal funding and regulations as potent weapons against cyber threats. Opportunities for improvement include expanding funding through initiatives like the Department of Homeland Security’s Cybersecurity Grant Program and implementing regulations such as California’s Age-Appropriate Design Code Act.

At DigitalXForce, we are committed to helping the educational sector fight against cyber threats. We are offering our suite of cybersecurity solutions to all school districts in USA for free! Check out our latest Press Release for more info. 

Tesla Autopilot Vulnerability Exposed: ‘Elon Mode’ Activated by Researchers, Raising Concerns Over System Security

Researchers from Technische Universität Berlin successfully triggered a vulnerability in Tesla’s Autopilot system, activating a secretive “Elon mode” and gaining access to confidential data. The glitch, achieved with tools costing around 600 euros, allowed extraction of cryptographic keys and insights into Tesla’s AI training data. The “Elon mode” enables hands-free full self-driving, a feature that previously surfaced in hacker discoveries.

While the practicality of the attack outside a controlled environment is limited due to the need for physical access and soldering skills, the findings raise crucial questions about the safety architecture of Tesla’s Autopilot system. The researchers emphasize that all Tesla models could potentially be vulnerable, underscoring concerns about intellectual property threats.

Beware! Facebook Marketplace Faces Epidemic of Scams

Facebook Marketplace users are grappling with a surge in scams as deceptive tactics exploit trust, prompting sellers and buyers alike to fall prey to fraudulent activities. The scams range from nonexistent listings demanding prepaid debit cards to phishing attempts and fraudulent payments. 

Despite Meta’s efforts to curb the issue, scammers manipulate users into financial losses, challenging the platform’s intended purpose. The scale of the problem is significant, with surveys indicating widespread encounters with scams on the platform, and reports to the Better Business Bureau revealing the prevalence of fraudulent activities.

Scammers follow consistent patterns, utilizing toolkits, scripts, and phishing links, often sold on the dark web or advertised on platforms like Telegram. The exploitation of long-standing Facebook accounts adds a layer of authenticity to these scams, making it challenging for users to differentiate between legitimate and fraudulent transactions. 

Panasonic Avionics Hit By Cyberattack; Employee and Customer Data Exposed

Panasonic Avionics Corporation discloses a data breach from December 2022, impacting employee and customer data, including personal and health information. While the breach exposed sensitive details such as names, contact information, and financial data, the company assures that there’s no evidence of misuse. The breach prompted a thorough investigation, with 

Panasonic engaging cybersecurity and forensics experts. The compromised data encompasses a subset of devices on the corporate network, with affected information including dates of birth, medical and health insurance details, company employment status, and government identifiers like Social Security numbers.

Panasonic, a major provider of in-flight communications and entertainment systems, assures the public that its in-flight systems, connectivity, and operational platforms remain unaffected. The company pledges 24 months of free identity and credit monitoring services for impacted individuals, prioritizing the safeguarding of affected parties.

Iranian Hackers Suspected in Cyberattack on Albanian Parliament, Cellphone Provider, and Airline; Political Tensions Resurface

Albania’s Parliament faced a cyberattack, alongside a cellphone provider and an airline, allegedly orchestrated by Iranian hackers named Homeland Justice. The attack, while not breaching the parliament’s data, prompted a temporary service halt. Past cyber conflicts between Albania and Iran include a July 2022 attack, leading to severed diplomatic ties. 

The Iranian Foreign Ministry denied involvement, citing cyberattacks from the Iranian opposition group Mujahedeen-e-Khalq (MEK). In response, MEK’s spokesperson refuted any link to the recent cyberattacks, emphasizing the rights of its members in Albania. This incident underscores the persistent cybersecurity challenges entangled with geopolitical tensions, emphasizing the growing role of cyber warfare in political disputes.

That’s all for today. Stay tuned for our next episode. See you next week!