Blog
Latest Cyberthreats and Advisories - October 28, 2022
Tech giant vulnerabilities, menacing malware and child abductions via rideshare apps…. Here are the latest threats and advisories for the week of October 28, 2022.
Threat Advisories and Alerts
Daixin Team Ransomware Group Targets U.S. Businesses
The FBI and CISA released a joint cybersecurity advisory to warn companies of the cybercrime group Daixin Team. The threat actors are a ransomware and data extortion group that have been actively targeting U.S. businesses since at least June 2022, mostly in the healthcare sector. The group gains access to victims’ systems via virtual private network (VPN) servers, and then moves laterally via Remote Desktop Protocol and Secure Shell. See the full advisory for more details, mitigations and how to prepare for a ransomware attack.
Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-294a
Criminals Use Rideshare Apps to Abduct Minors
The FBI has issued a warning to the public that threat actors are using rideshare apps to abduct minors. Why rideshare apps? The services provide criminals more privacy due to the ease of booking and lax passenger and driver security protocols, which lower the likelihood of detection. While ridesharing child abductions are rare, report any suspicious behavior involving child abduction to law enforcement immediately.
Source: https://www.ic3.gov/Media/Y2022/PSA221025
Apple Zero-Day Vulnerability Being Actively Exploited
Apple has been hit with its ninth zero-day vulnerability this year. The tech giant has released patches for the security flaw (CVE-2022-42827), which is reportedly being actively exploited in the wild. If successfully exploited, the vulnerability could enable a cybercriminal to execute arbitrary code with kernel privilege. Affected products include iPhone 8 and later, all iPad Pro models, iPad and iPad mini 5th generations and later, and iPad Air 3rd generations and later. Users are urged to update these products immediately.
Emerging Threats and Research
65,000+ Companies Potentially Affected by Microsoft Data Leak
Microsoft confirmed this week that a publicly accessible endpoint left the information of thousands of customers exposed. Though the unintentional server misconfiguration wasn’t a result of a security vulnerability and there’s no evidence of cybercrime, the error could potentially be exploited for malicious purposes. According to cybersecurity company SOCRadar, the data leak affected 65,000+ companies in 11 countries and may have exposed product orders, invoices, signed customer documents and other materials. Microsoft is currently notifying impacted customers.
Source: https://thehackernews.com/2022/10/microsoft-confirms-server.html
Clicker Malware Gets Over 20 Million Downloads in Google Play
Google Play is once again in the headlines for a massive amount of downloads of fraudulent apps within its store. This time, 16 mobile apps that were infected with clicker malware, a type of trojan that focuses on ad fraud, were downloaded over 20 million times. Clicker malware operates in the background, visiting websites without users’ knowledge, to perform ad fraud that generates fake clicks for cybercriminals to profit from. This activity not only can drain a smart phone’s battery and reduce its performance, but it can also rack up additional mobile data fees. Google has since removed the offending apps from its store.
Source: https://www.infosecurity-magazine.com/news/clicker-malware-20-million/
POS Malware Steals Details of 167,000+ Credit Cards
Details of more than 167,000 credit cards, valued at approximately $3.3 million, were stolen by cybercriminals using point-of-sale (POS) malware MajikPOS and Treasure Hunter. The two malware strains target Windows POS terminals and scan the devices to exploit instances when credit card data is read and stored in plain text. Nearly all victims of this cyberattack are Americans who possess credit cards issued by U.S. banks.
Source: https://www.theregister.com/2022/10/24/pos_malware_campaign_steals_33m/
UK Construction Company Fined £4.4 Million for Security Failings
The Information Commissioner’s Office (ICO) is fining the British construction company Interserve £4.4 million because of a series of security failings that caused data theft. The attack occurred when an Interserve employee opened a phishing email and then accidentally downloaded malware. While the company’s anti-virus flagged the security incident, the follow-up investigation was botched, enabling the cybercriminal to encrypt and steal sensitive information from 113,000 current and former employees.
Source: https://www.infosecurity-magazine.com/news/uk-construction-biz-44m-serious/
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.