30-Sep-24: In Security News Today

North Korea Hackers Linked To Breach of German Missile Manufacturer

North Korean hackers linked to the Kimsuky APT have successfully breached Diehl Defence, a German missile manufacturer, using sophisticated phishing tactics that included fake job offers and booby-trapped PDF files. This breach is particularly alarming due to Diehl Defence’s role in producing missile systems, notably the Iris-T, which are critical to defense initiatives in South Korea. Mandiant’s investigation revealed that the attackers conducted thorough reconnaissance prior to the attack, utilizing a domain mimicking Diehl’s location to harvest login credentials from German users and potentially compromise sensitive information related to defense operations.

Media Giant AFP Hit By Cyberattack Impacting News Delivery Services

AFP, a global news agency, suffered a cyberattack affecting its IT systems and content delivery services, though news coverage remains unaffected. The company is collaborating with France’s cybersecurity agency, ANSSI, to mitigate the attack, while advising media partners to update FTP credentials as a precaution. No details about the attackers or specific attack methods have been disclosed, and investigations are ongoing.

FBI Warns of Sophisticated Iranian Hackers Targeting Personal Accounts

The FBI has warned that Iranian hackers, likely associated with the Islamic Revolutionary Guard Corps (IRGC), are using advanced social engineering techniques to target individuals involved in U.S. political campaigns, Middle Eastern affairs, and other high-profile areas. The attackers impersonate trusted contacts or service providers to deceive victims into sharing sensitive login credentials, often using fake email login pages to steal information. To mitigate the risks, the FBI advises enhanced security measures like multi-factor authentication, user training, and vigilance against phishing and spoofing attempts.

Critical RCE Vulnerabilities Found In Common Unix Printing System

New RCE vulnerabilities in the Common Unix Printing System (CUPS) have been discovered, posing significant risk to Linux environments with a critical CVSS score of 9.9. These flaws allow unauthenticated attackers to execute arbitrary code by sending malicious print jobs, potentially escalating privileges through compromised drivers. Security professionals are urged to apply immediate patches, disable CUPS if not required, and block UDP port 631 to mitigate risk, as these vulnerabilities can be exploited via internet-wide scans and lead to persistent threats like remote access Trojans.

Hawaii Health Center Discloses Data Breach After Ransomware Attack

The Community Clinic of Maui, targeted by the LockBit ransomware group in May 2024, suffered a data breach affecting over 120,000 individuals, with attackers stealing sensitive personal and medical information. Despite the clinic’s claim of no evidence of misuse, the stolen data includes Social Security numbers, bank details, and medical records, raising concerns of potential exploitation. In response, the clinic offers credit monitoring to impacted individuals, while law enforcement continues efforts to disrupt the LockBit group’s activities.

Transport, Logistics Orgs Hit By Stealthy Phishing Gambit

Since May 2024, a cyber threat actor has compromised email accounts in the transport and logistics sector, using thread hijacking to insert malware-laden attachments deep within legitimate conversations. Initially using Google Drive files to deploy malware like Lumma and NetSupport, the attacker later shifted to a “ClickFix” method, tricking victims into running malicious PowerShell scripts. These attacks exploit the high financial stakes and extensive communications within the industry, making it a lucrative target for cybercriminals seeking to intercept large transactions or redirect shipments.

Accounting Firm WMDDH Discloses Data Breach Impacting 127,000

WMDDH, a Louisiana-based accounting firm, disclosed a data breach from July 2023, compromising the personal data of over 127,000 individuals, including Social Security numbers, financial information, and medical records. The breach, initially detected due to unusual network activity, took ten months to fully assess and identify the affected individuals. WMDDH is offering one year of credit monitoring and identity theft protection services to those impacted by the incident.

Critical Flaws In Tank Gauge Systems Expose Gas Stations To Remote Attacks

Critical vulnerabilities have been identified in six Automatic Tank Gauge (ATG) systems from various manufacturers, exposing them to potential remote attacks that could lead to significant physical, environmental, and economic consequences. With thousands of ATGs accessible via the internet, malicious actors can exploit these flaws, which include severe issues such as OS command injection and authentication bypasses, granting them administrative control over these systems. Experts recommend immediate action, including limiting access to affected devices and enhancing cybersecurity measures, to mitigate the risks posed by these vulnerabilities in critical infrastructure.

US Charges 3 Iranians Over Presidential Campaign Hacking

US authorities have charged three Iranian nationals affiliated with the Islamic Revolutionary Guard Corps (IRGC) for their involvement in cyberattacks aimed at influencing the 2024 presidential election. The hackers targeted multiple campaigns, including those of Biden, Trump, and Harris, employing tactics such as spear-phishing and social engineering to steal sensitive information. In addition to the charges, the US government has announced sanctions and a $10 million reward for information leading to the arrest of these individuals, highlighting the ongoing threat posed by Iranian cyber operations to US democratic processes.

Cyber-Attacks Hit Over A Third Of English Schools

Cyber incidents have impacted 34% of English schools and colleges during the 2023/24 academic year, with phishing attacks being the most common threat. A report revealed that 20% of educational institutions were unable to recover immediately from such incidents, and 4% took over half a term to resume normal operations. Given the unique cybersecurity challenges faced by schools, including a lack of training for one in three teachers, experts are urging educational institutions to enhance their cybersecurity measures and adopt best practices to protect sensitive data and maintain operational integrity.

Microsoft: Cloud Environments Of US Organizations Targeted In Ransomware Attacks

Microsoft has issued a warning about the cybercriminal group Storm-0501, which is targeting the hybrid cloud environments of U.S. organizations across various sectors, including government and manufacturing. Active since 2021, Storm-0501 employs a ransomware-as-a-service model and has used multiple ransomware families, such as Alphv/BlackCat and LockBit, to carry out sophisticated multi-stage attacks. The group exploits weak credentials and known vulnerabilities to gain initial access, subsequently moving laterally to compromise cloud environments, create backdoor access, and deploy ransomware across networks.

British National Arrested, Charged For Hacking US Companies

British national Robert Westbrook has been charged with executing a hack-to-trade scheme against five U.S. companies, where he accessed corporate executives’ email accounts to obtain sensitive earnings information. Between January 2019 and May 2020, he allegedly profited approximately $3.75 million by trading securities based on this nonpublic information, employing tactics like password resets and auto-forwarding rules to facilitate the scheme. Awaiting extradition to the U.S., Westbrook faces serious charges including computer, securities, and wire fraud, along with potential civil penalties from the SEC.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.