Cyber Security Headlines: Cyber attack disrupts esports, Qbot overtakes Emotet, CircleCI breached

Cyber attack disrupts esport event

Organizers for the 24 Hours of Le Mans Virtual esports event confirmed it suffered a “suspected security breach” across two servers used in the event. This resulted in several drivers getting disconnected and thrown out of the game, including current Formula 1 World Champion Max Verstappen, who led the event at the time he got booted. Race organizers said they will take actions to increase security and aim to restart race activities as soon as possible. 

(BitDefender)

Qbot overtakes Emotet

Check Point released its Global Threat Index for December 2022, finding that the Qbot trojan overtook the prevalent Emotet botnet as the most prevalent malware in the wild, hitting 7% of global organizations. Among other trends found in the report, the Glupteba blockchain Trojan botnet returned to the top 10 for the first time since July, and the Android ad-distributor malware Hiddad rose to the top-three in mobile malware. Overall Check Point found a growing trend of malware masquerading as legitimate software to let attackers access systems without raising suspicions. 

(InfoSecurity Magazine)

CircleCI breach caused by infostealer

The continuous integration platform confirmed it experienced a data breach on January 4th. Infostealing malware on an employee laptop resulted in the leaked data. As a result, attackers were able to capture a valid 2FA-backed single sign-on session on December 16th. The antivirus software on the laptop did not detect the malware. Due to the employees access, attackers were able to access some production systems. CircleCI encrypted the accessed data, but the attacker extracted encryption keys from a running process. The company said it closed the attack vector and added additional layers of security. 

(Security Week)

Twitter cuts off third-party clients

Last week, users of some third-party Twitter clients began to report seeing errors with Twitter’s API, resulting in the clients no longer updating. At the time of this recording, the company and CEO Elon Musk did not comment on the outage. It remained unclear if this occurred due to a technical issue, not impossible given Twitter’s recent mass layoffs. However The Information reports that according to an internal Slack message, “Third-party app suspensions are intentional.” Slack messages also show Twitter “started to work on comms” regarding revoking this access, but had no estimate when it would be ready. 

(The Information)

And now a word from our sponsor, Cerby

Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help.

Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com.

Didi cleared to register new users

Since China launched its crackdown on Big Tech companies in 2021, Didi Global remained in the government’s regulatory crosshairs. Following a listing on the New York Stock Exchange, the Cyberspace Administration of China required the firm to undergo a “cybersecurity review.” This required it to delist from the exchange, stop accepting new registrations for new users, and delist its apps from app stores. After paying record fines last year, the company now says regulators cleared it to register new users for its core ride hailing services. The company said it took measures to ensure platform safety and data security, and safeguard national cyberspace security. 

(Reuters)

Binance freezes crypto withdrawal by Lazarus Group

Last summer, security researcher tied the North Korean threat organization Lazarus Group to an attack on the Horizon birdge used by the blockchain company Harmony. The attack exfiltrated roughly $100 million worth of crypto assets. Now Binance reported it detected the group trying to launder funds through the Huobi exchange. It contacted the exchange and worked together to freeze and recover 121 Bitcoin, worth about $2.5 million. Cryptocurrency investigator ZachXBT noted that over the weekend, the group moved about 41,000 Ether, worth about $64 million, before Binance detected any activity.  

(CoinTelegraph)

China leads in AI research

We cover a lot of potential malicious use cases of emerging AI systems. Most of the ones we cover come from companies with ties to the US. However, a new study from Nikkei and the Dutch scientific publisher Elsevier, found that of  AI-related academic papers published in 2021, China produced about 31%, 43,000 papers, almost double the papers from the US. China also led in the most cited papers, accounting for 7,401 of the top 10% of citations by other papers. Overall academic papers on AI increased from about 25,000 in 2012 to about 135,000 in 2021.  

(Nikkei)

US to launched third “Hack the Pentagon” bug bounty

The US Department of Defense initially ran the bug bounty program in 2016 and hasn’t been operated since a second 2018 initiative. DOD confirmed it will launch a third iteration. This will focus on finding vulnerabilities in the Facility Related Controls System (FRCS) network. FRCS infrastructure monitors systems used at government facilities, controlling fire and safety systems, HVAC, and physical security. The department will work with trusted contracts on the program, providing access to assets for a 72 hour “challenge phase” window. The program will only operate on unclassified systems and operation technology. 

(InfoSecurity Magazine)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.