Cyber Security

ICYMI: A Microsoft Alert, Folina, Atlasian and more



There’s no such thing as a slow week for cybercrime, which means covering up the waterfront on all the threatening intelligence and interesting stories is a difficult, if not impossible, task. This week was no exception and, in fact, we seem to offer a true True to important events that will not be missed.

Intelligent: Dangerous Malware Campaign! Data-stealing! YouTube Account Takeover! Crypto under siege! Microsoft warning!

In light of this, Dark Reading is launching a weekly “If You Miss It” (ICYMI) Digest, rounding up important news of the week that our editors didn’t have time to cover before.

Read more about ICYMI this week, as follows:

  • Smart factories are facing snowballing cyber activism
  • The Lazarus Group is probably behind the $ 100M crypto-heist
  • The 8220 adds the Atlasian bug to the Gang Active Attack chain
  • Critical infrastructure makes cyber professionals feel hopeless
  • The hacker disguises the trustwall in the crypto phishing scandal
  • Cookie-stealing YTStealer captures YouTube account
  • Folina bug is used to spread exfoliation spyware

Smart factories are facing snowballing cyber activism

According to a survey this week, 40% of smart factories worldwide have faced cyber attacks.

The smart factory – where the Industrial Internet of Things IIoT) sensors and equipment are used to reduce costs, obtain telemetry and strengthen automation – is officially a thing in which the digitization of manufacturing is underway. But cyber-attackers are also taking notice, according to the Capgemini Research Institute.

Among the sectors, heavy industry has faced the most cyber attacks (51%). These attacks also take many forms: 27% of companies have increased by 20% or more among bot-keepers who have occupied IIoT endpoints for distributed denial-of-service (DDoS) attacks; And 28% of companies said they saw an increase of 20% or more employees or vendors bringing in infected devices, for example.

“As the smart factory is one of the symbolic technologies of transformation into digitization, it is also a major target for cyber attackers, who are smelling new blood,” according to In the report.

At the same time, the firm further revealed that in almost half (47%) of companies, smart factory cybersecurity is not a C-level concern.

The Lazarus Group is probably behind the $ 100M crypto-heist

Security researchers are setting up a $ 100 million hack on the Horizon Bridge crypto exchange in the wake of North Korea’s infamous Lazarus Group developed constant threat.

Horizon Bridge allows users of the Harmony blockchain to interact with other blockchains. The theft took place on June 24, and the criminals left with various cryptocurrencies, including Ethereum (ETH), Tether (USDT), Wrapped Bitcoin (WBTC) and BNB.

According to the ellipseThere are strong indications that Lazarus was behind the incident. The group not only carries out classic APT activities such as cyber-espionage, but also acts as a money-maker for the North Korean regime, the researchers noted.

In this case the thieves have so far sent 41% of the $ 100 million stolen crypto assets to the Tornado Cash Mixer, Elliptic noted, which basically acts as a money launderer.

The 8220 adds the Atlasian bug to the Gang Active Attack chain

The 8220 gang has added the latest serious security vulnerabilities affecting Atlasian Confluence servers and data centers to deliver cryptocurrencies and an IRC bot, Microsoft warned this week.

The Chinese-speaking threat group has been actively exploiting the bug since it was released in early June.

“The group has been actively updating its strategy and payload over the past year. Recent campaigns have targeted the i686 and x86_64 Linux systems and used RCE exploitation for CVE-2022-26134 (confluence) and CVE-2019-2725 (weblogic) for initial access.” Microsoft’s Security Intelligence Center Tweets

Critical infrastructure makes cyber professionals feel hopeless

A staggering 95% of cybersecurity leaders at critical national infrastructure companies in the UK say they could see them quit their jobs next year.

According to a survey From Bridwell, 42% think a violation is inevitable and they don’t want to tarnish their careers, while 40% say they are experiencing stress and instability that is affecting their personal lives.

Already, more than two-thirds of respondents said the number of threats and successful attacks increased last year – and 69% said threats were difficult to detect and respond to.

The hacker disguises the trustwall in the crypto phishing scandal

More than 50,000 phishing emails sent from a malicious Zendesk account have made their way into the email box in recent weeks, seeking to seize TrustWallet accounts and withdraw funds.

TrustWallet is an Ethereum wallet and a popular platform for storing non-fungible tokens (NFTs). Researchers at Vade say Fish mimics the service to ask users for password recovery phrases on a smooth TrustWallet phishing page using a sleek and trustworthy TrustWallet-branded site.

Emails, meanwhile, are less likely to trigger email gateway filters because they are being sent from, a trusted, high-profile domain.

“As NFT and cryptocurrency as a whole have experienced a significant downturn in recent weeks, on-edge investors can respond quickly to emails about their crypto accounts,” according to Vader’s analysis This week.

Cookie-stealing YTStealer captures YouTube account

The Dark Web Forum has seen a never-before-seen malware-a-service threat aimed at capturing YouTube accounts.

Intezer’s researchers point out that malware, also known as YTStealer, works to steal YouTube authentication cookies from content creators to meet underground demand for access to YouTube accounts. Cookies are extracted from the browser’s database file in the user’s profile folder.

“To verify cookies and get more information about the YouTube user account, the malware launches one of the web browsers installed on the infected machine in headless mode and adds the cookie to its cookie store.” To analyze. “[That way] The malware can operate the browser in such a way that the threatening actor sits at the computer without noticing anything to the current user. “

From there, YTStealer navigates to YouTube’s Studio Content-Management page and finds data including channel names, how many subscribers there are, how old they are, if it’s monetized, if it’s an official artist channel, and whether the name exists. Verification.

Folina Bug is used to spread X-File spyware

There is a rash of cyber attacks going on, which seeks to exploit Microsoft Folina vulnerabilities to extract sensitive information from victims.

Follina is a recently patched remote code-execution (RCE) bug that can be exploited by malicious Word documents. It started life as an Unpatched Zero-Day that quickly caught up among cybercrime groups.

According to a report by a cybernetic research team shared with Dark Reading via email, analysts have found several Excel theft campaigns where Folina vulnerabilities were exploited as part of the delivery episode.

“The group that is selling the thieves is Russia-based and currently wants to expand,” the researchers said. “Recent evidence suggests the promotion of threatening actors worldwide [underway]”

Sniffs data from all Chromium-based browsers, Opera and Firefox, including stolen history, cookies, passwords and credit card information. It also retrieves FTP, Telegram and Discord certificates and looks for predefined file types located on the victim’s desktop, including a screenshot. It also targets other clients, such as Steam and crypto-wallets.


Source link