Microsoft warns Iranians using Log4Shell
According to a new report from the Redmond giant, the Iranian group MuddyWater continues to target Israeli organizations using the Log4Shell vulnerability. Recent attacks targeted vulnerabilities in the IT management software SysAid, particularly popular in Israel. US Cyber Command disclosed earlier this year that MuddyWater showed ties to the Iranian Ministry of Intelligence and Security. The group previously used Log4Shell to target VMware apps. Microsoft reported state-sponsored actors from China, Iran, North Korea and Turkey used Log4Shell in campaigns.
Montenegro hit with Russian cyber attacks
Montenegro’s Minister of Public Administration, Marash Dukaj, wanted that a wave of Russian-based cyber attacks began hitting state agencies. Targets include utility systems, transportation infrastructure, and online portals to government services. Dukaj said the government disabled some services temporarily for security reasons, but that no citizen or business data was impacted. The U.S. Embassy in Montenegro warned American citizens of increased risks of cyber attacks in the country.
AlphaBay Turns 1
The threat intelligence firm Flashpoint published a report detailing the activities of the dark web market AlphaBay over the last year. This market relaunched in August 2021, after being taken down by law enforcement in July 2017. Flashpoint found the market hosted over 37,000 listings in the year across 12,000 vendors, with roughly 90% for illicit drugs. With the seizure and shutdowns of several prominent dark web markets in the year, Flashpoint estimates it became the top illicit market online in May 2022. The market’s next goals include finalizing a new payment module and adopting I2P as an alternative to Tor.
Mudge pulled into Twitter lawsuit
Court filings reveal Elon Musk’s attorneys subpoenaed Twitter whistleblower and former security chief Peiter “Mudge” Zatko. It’s unclear if Musk will amend his countersuit against Twitter to reflect Zatko’s filed complaints to regulatory agencies. Musk’s camp would need the judge’s permission to amend the countersuit, something that may not be granted given how close the case is to trial. Zatko accused Twitter of “material misrepresentation and omissions” about security and privacy protections built into its platform, while Musk’s countersuit takes issue with reported spam accounts.
Thanks to today’s episode sponsor, Code42
More details on Twilio attack
The communications API giant revealed more details about its recent cyberattack. It identified 163 customers whose data was accessed in the attack. Malicious actors gained access to 93 individual Authy users, and registered devices to their accounts. Twilio notified all impacted parties, and removed unauthorized devices. While Twilio received a large amount of coverage from this attack, the breach came as part of a much wider phishing campaign, believed to have compromised 9,931 accounts across 136 organizations.
NATO investigating data leak at defense contractor
The North Atlantic Treaty Organization launched an investigation into data reportedly stolen from the French contractor MBDA Missile Systems. The company confirmed that a cache of data for sale on a hacker forum included some from its systems. Leaked data includes blueprints of weapons used by Ukraine in its conflict with Russia. However MBDA said the cache contains no classified information. The data appeared online after the attackers attempted to extort MBDA for a ransom, which the contractor refused to pay.
Global ransomware expected to exceed $30 billion
This comes from Acronis’s “Mid-Year Cyberthreat Report”, which expects global ransomware losses to hit that figure in 2023. The report also found that nearly half of all breaches in the first half of 2022 involved stolen credentials. Many of these came from phishing campaigns. Acronis observed 600 malicious email campaigns in that time. The report also notes that attackers increasingly look to unpatched software to extract data, with a particular emphasis on Linux systems.
Crypto miner campaign hits 11 countries
Researchers at Check Point discovered the Turkish-based campaign, dubbed Nitrokod. Threat actors distributed the malware across popular free software websites, including Softpedia. It seems that searching for “Google Translate Desktop download” would often turn up the miner. The threat actors apparently ran the campaign since at least 2019, using a trojanized approach to perform a long multi-state infection, making it harder for researchers to find. Often the miner would only be deployed weeks after the initial install. Overall, Check Point found the software installed on systems across eleven countries.