02-Apr-24: In Security News Today

Prudential Financial Data Breach Impacts 36,000 Customers

In early February 2024, Prudential Financial experienced a data breach compromising the personal information of over 36,000 individuals, including names, addresses, and ID numbers. The Alphv/BlackCat ransomware group claimed responsibility for the breach, which was promptly disclosed to regulatory bodies. Prudential has since bolstered its cybersecurity measures and is offering affected individuals two years of complimentary credit monitoring services.

Suspected MFA Bombing Attacks Target Apple iPhone Users

Apple iPhone users are being targeted by MFA bombing attacks, where attackers flood victims with legitimate password-reset notifications to take over iCloud accounts. These attacks highlight the evolving nature of multifactor authentication (MFA) bombing tactics, with threat actors exploiting phone numbers or email addresses associated with iCloud accounts. Security experts recommend stronger authentication methods beyond MFA, such as passkeys, to combat phishing attacks like MFA bombing and emphasize the need for companies to rapidly address vulnerabilities in authentication methods.

Russia Charges Suspects Behind Theft of 160,000 Credit Cards

Russia’s Prosecutor General’s Office has indicted six individuals for using malware to steal credit card and payment information from foreign online stores, a practice known as card skimming. The suspects have been accused of bypassing website protections, accessing databases, and selling over 160,000 stolen payment cards on dark web platforms. To minimize damage from such attacks, online buyers are advised to use digital payment methods and monitor credit card statements for unauthorized charges.

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

Attackers are exploiting Google Ads to distribute info-stealing malware, such as the Rhadamanthys stealer, by using ad-tracking features to trick users into downloading malicious files disguised as popular groupware installers like Slack and Notion. The malicious campaign involves redirecting users through invisible tracking URLs to fake websites resembling legitimate groupware tools, prompting them to download and execute the malware. Cybersecurity experts advise users to be cautious of ad-delivered URLs and pay attention to the actual website address when clicking on ads to avoid falling victim to such malicious campaigns.

Cybersecurity Threats Intensify in the Middle East During Ramadan

During Ramadan, Middle Eastern companies face heightened cybersecurity threats due to reduced staffing and increased e-commerce activity, with financial impacts from attacks reaching up to $100 million. Cybercriminals exploit this period by impersonating local shipping companies for phishing schemes, targeting individuals via messaging platforms. Security experts emphasize the importance of advanced preparation, enhanced security operations, and promoting vigilance among employees to mitigate these risks, underscoring the necessity of year-round cybersecurity measures beyond the holy month.

Cyberattacks Wreaking Physical Disruption on the Rise

A report by Waterfall Security Solutions revealed that there were at least 68 cyberattacks last year causing physical consequences to operational technology (OT) networks worldwide, with damages ranging from $10 million to $100 million. Most of these attacks were not direct manipulations of OT systems but downstream consequences of IT-based attacks, often involving ransomware. The attacks are increasing, with a 20% rise in incidents last year, and the manufacturing sector, particularly water facilities, is at high risk due to the dangerous mix of low difficulty and high impact for hackers.

China-linked Hackers Deploy New ‘UNAPIMON’ Malware for Stealthy Operations

China-linked cyber espionage group Earth Freybug, a subset of APT41, has been observed using a new malware named UNAPIMON for stealthy operations targeting organizations globally. The malware is designed to evade detection by leveraging legitimate executables, DLL hijacking, and API unhooking techniques. UNAPIMON, a C++-based malware, prevents monitoring of child processes and demonstrates the group’s evolving tactics in cyber attacks.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.