IT Security Newsletter

IT Security Newsletter - 2/2/2024

Written by Cadre | Fri, Feb 2, 2024

Interpol operation Synergia takes down 1,300 servers used for cybercrime

An international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. Command and control servers (C2) are devices operated by threat actors to control malware used in their attacks and to collect information sent from infected devices. These servers allow the threat actors to push down additional payloads or commands to execute on infected devices, making them integral architecture in many attacks. READ MORE...

Ukraine Military Targeted With Russian APT PowerShell Attack

A sophisticated Russian advanced persistent threat (APT) has launched a targeted PowerShell attack campaign against the Ukrainian military. The attack is most likely perpetrated by malicious threat actors related to Shuckworm, a group with a history of campaigns against Ukraine, motivated by geopolitical, espionage, and disruption interests. The malicious campaign, tracked by Securonix under the name STEADY#URSA, employs a newly discovered SUBTLE-PAWS PowerShell-based backdoor. READ MORE...

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day. An indictment unsealed this week and first reported on by Ars Technica alleges that Chicago man Robert Powell was the ringleader of a SIM-swapping group. READ MORE...

DDoS attack power skyrockets to 1.6 Tbps

DDoS attack trends for the second half of 2023 reveal alarming developments in their scale and sophistication, according to Gcore. The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods continue to dominate, constituting 62% of DDoS attacks. TCP floods and ICMP attacks also remain popular at 16% and 12% of the total, respectively. All other DDoS attack types, including SYN, SYN+ACK flood, and RST Flood, accounted for a mere 10% combined. READ MORE...

Tax season is here, so are scammers

The Internal Revenue Service has announced that the 2024 tax filing season has officially begun, with an expected 146 million individual tax returns to be filed. While it is costly and complex for the IRS to process so many digital and paper documents, it can also be a headache for many Americans. Unsurprisingly, this is also the time of year where we see an increase in tax-related scams. READ MORE...

PurpleFox malware infects thousands of computers in Ukraine

The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or regular people's computers hasn't been determined, but the agency has shared detailed information on how to locate infections and remove the malware. READ MORE...

Google Play Used to Spread 'Patchwork' APT's Espionage Apps

The Indian APT group Patchwork, known for its targeted spear phishing cyberattacks against Pakistanis, has been caught abusing Google Play to distribute six different Android espionage applications posing as legit messaging and news services. In reality, they come loaded with a newly discovered remote access Trojan (RAT) called VajraSpy. Researchers from ESET who uncovered the campaign found that VjjaraSpy RAT intercepts calls, SMS messages, files, contacts, and more. READ MORE...

DraftKings Hacker Sentenced to 18 Months in Prison

A Wisconsin man has been sentenced to 18 months in prison for his role in a credential stuffing attack targeting user accounts at a fantasy sports and betting website. According to court documents, in November 2022, the man, Joseph Garrison, 19, used username and password pairs from other data breaches to access approximately 60,000 user accounts at the target site that were using the same passwords. READ MORE...

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet, initially identified in August 2020, is a peer-to-peer (rather than centrally-controlled) botnet powered by malware written in Golang. It targets SSH servers by brute-forcing login credentials, and has managed to compromise thousands of them. READ MORE...

Rise of deepfake threats means biometric security measures won't be enough

Cyber attacks using AI-generated deepfakes to bypass facial biometrics security will lead a third of organizations to doubt the adequacy of identity verification and authentication tools as standalone protections. Or so says consultancy and market watcher Gartner, as deepfakes dominate the news since sexually explicit AI-generated viral images of popstar Taylor Swift prompted fans, Microsoft, and the White House to call for action. READ MORE...

  • ...in 1848, The Treaty of Guadelupe Hidalgo formally ends the Mexican War.
  • ...in 1876, the National League of Professional Baseball Clubs, which comes to be more commonly known as the National League (NL), is formed.
  • ...in 1922, James Joyce's serialised novel "Ulysses" is published in its first collected edition in Paris.
  • ...in 1949, actor Brent Spiner, best known as Lt. Cmdr Data on "Star Trek: The Next Generation", is born in Houston, TX.