Have you ever heard of the “pig killer” scam? Or a DDoS attack so big it could melt your brain? This week’s cybersecurity roundup has it all: government crackdowns, sneaky malware, and even a dash of app store shenanigans.
Get your scoop before it’s too late!
⚡ Threat of the week
Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies has taken action to arrest four people and take down nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation. In tandem, authorities discovered Russian citizen Alexander Ryzhankov, who was one of the high-ranking members of the cybercriminal group Evil Corp, as well as an affiliate of LockBit. A total of 16 people who were part of Evil Corp were sanctioned by the UK
🔔 Top news
- The Justice Department and Microsoft seized more than 100 Russian hacker domains: US Department of Justice (DoJ) and Microsoft announced the seizure of 107 Internet domains used by a Russian state-owned threat actor called COLDRIVER to conduct credential harvesting campaigns targeting NGOs and think tanks that support government officials, the military, and intelligence officials.
- 3.8 Tbit/s DDoS attack: Cloudflare revealed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The attack is part of a wider wave of more than a hundred hyper-volume L3/4 DDoS attacks that have been ongoing since early September 2024 and have targeted the financial services, Internet and telecommunications industries. The activity has not been attributed to any specific threat.
- North Korean hackers have deployed a new VeilShell trojan: A North Korean-linked threat called APT37 was attributed to as behind a covert campaign targeting Cambodia and likely other Southeast Asian countries that supplies a previously undocumented backdoor and remote access trojan (RAT) called VeilShell. The malware is believed to be distributed via phishing emails.
- Fake shopping apps in Apple and Google Store: A large-scale fraud campaign loan funds fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to trick victims into the so-called pig killing scam. The apps are no longer available for download. The company was found to be targeting users in Asia Pacific, Europe, Middle East and Africa. In a related development by Gizmodo informed that Truth Social users lost hundreds of thousands of dollars to a pig killing scam.
- More than 700,000 DrayTek routers vulnerable to remote attacks: As many as 14 security flaws, dubbing DRAY: A BREAKhave been discovered in home and enterprise routers manufactured by DrayTek that can be used to hijack sensitive devices. Vulnerabilities were patched after responsible disclosure.
📰 Around the cyber world
- Salt Typhoon Hacked AT&T, Verizon, and Lumen Networks: Chinese nation state actor known as Salt typhoon penetrated the networks of U.S. broadband providers, including AT&T, Verizon and Lumen, and likely accessed “information from systems the federal government uses for court-ordered wiretapping requests,” The Wall Street Journal informed. “The hackers appear to have tapped into a vast collection of Internet traffic from ISPs that count as customers large and small businesses and millions of Americans.”
- UK and US warn of Iranian phishing activity: Cyber actors working on behalf of the Iranian government’s Islamic Revolutionary Guard Corps (IRGC), purposeful individuals associated with Iranian and Middle Eastern affairs to gain unauthorized access to their personal and business accounts through social engineering techniques, either through email or messaging platforms. “Actors often try to build a relationship before offering victims access to a document via a hyperlink that redirects victims to a fake email login page to capture credentials,” the agency said. said in the consulting room. “Victims may be asked to enter two-factor authentication codes, provide them through a messaging app, or interact with phone notifications to allow access to cyber actors.”
- NIST NVD Backlog Crisis – Over 18,000 CVEs Not Analyzed: New analysis shows that the National Institute of Standards and Technology (NIST), the US government’s standards body, still has a long way to go in terms of analyzing newly disclosed CVEs. As of September 21, 2024, 72.4% of CVEs (18,358 CVEs) in NVD have not yet been analyzed by VulnCheck saidadding that “46.7% of known exploitable vulnerabilities (KEVs) remain unanalyzed by NVD (compared to 50.8% as of May 19, 2024).” It should be noted that 25,357 new vulnerabilities have been added to NVD since February 12, 2024, when NIST reduced the processing and enrichment of new vulnerabilities.
- The main weaknesses of RPKI found in BGP cryptographic protection are: A group of German researchers has found that modern implementations of public key resource infrastructure (RPKI), which was presented as a way to introduce a cryptographic layer to the Border Gateway Protocol (BGP), “lacks production-grade resilience and suffers from software vulnerabilities, conflicting specifications, and operational issues.” These vulnerabilities range from denial of service and authentication bypass to cache poisoning and remote code execution.
- Telegram’s data policy change pushes cybercriminals to alternative programs: Telegram recent decision providing users’ IP addresses and phone numbers to authorities in response to legitimate requests encourages cybercriminal groups to look for other alternatives into a messaging app including Jabber, Tox, Matrix, Signal and Session. Ransomware gang Bl00dy has announced that it is “shutting down Telegram”, while hacking groups such as Al Ahad, Moroccan Cyber Aliens and RipperSec have indicated their intention to switch to Signal and Discord. However, neither Signal nor Session support bot features or APIs like Telegram, nor do they have extensive group messaging capabilities. On the other hand, Jabber and Tox have already been used by adversaries operating on underground forums. “Telegram’s vast global user base continues to provide a wide reach, which is essential for cybercriminal activities such as information dissemination, partner recruitment, or the sale of prohibited goods and services.” – Intel 471 said. Telegram CEO Pavel Durau, however, has humiliated changes, saying that “little has changed” and that it has been sharing data with law enforcement since 2018 in response to legitimate legal requests. “For example, in Brazil we released data on 75 legal inquiries in Q1 (January-March) 2024, 63 in Q2 and 65 in Q3. In India, our largest market, we handled 2,461 legal inquiries in Q1, 2,151 in Q2 and 2,380 in Q3,” added Durau.
🔥 Cyber security resources and information
- LIVE webinars
- Ask an Expert
- Q: How can organizations reduce compliance costs while strengthening security?
- A: You can reduce compliance costs by strengthening security by intelligently integrating modern technologies and frameworks. Start by adopting unified security models such as NIST CSF or ISO 27001 to address multiple compliance requirements while simplifying audits. Focus on high-risk areas using techniques like FAIR so that your efforts target the most important threats. Automate compliance checks with tools like Splunk or IBM QRadar, and use AI to detect threats faster. Consolidate your security tools into platforms like Microsoft 365 Defender to save on licenses and simplify management. Using cloud services with built-in compliance from providers such as AWS or Azure can also reduce infrastructure costs. Raise your team’s security awareness with interactive learning platforms to create a culture that avoids mistakes. Automate compliance reporting with ServiceNow GRC to make documentation easier. Implement Zero Trust strategies such as micro-segmentation and continuous identity verification to strengthen protection. Monitor your systems with tools like Tenable.io to find and fix vulnerabilities in a timely manner. By following these steps, you can save on compliance costs while maintaining a high level of security.
- Cyber security tools
- Capa Web browser is browser-based tool which allows you to interactively explore the capabilities of the program defined by capa. It provides an easy way to analyze and visualize capa results in your web browser. capa is a free, open source tool from the FLARE team that extracts capabilities from executables, helping you sort unknown files, reverse engineer, and scan for malware.
- Matrix of ransomware tools is relevant list of tools used by extortionists and extortionist gangs. Because these cybercriminals often reuse tools, we can use this information to find threats, improve incident response, identify patterns in their behavior, and simulate their tactics in security exercises.
🔒 Tip of the week
Keep an “Ingredient List” for your software: Your software is like a recipe made from different ingredients—third-party components and open source libraries. Having created a Software Bill of Materials (SBOM)detailed list of these components, you can quickly find and fix security problems if they occur. Update this list regularly, integrate it into your development process, keep an eye out for new vulnerabilities, and keep your team informed about these parts. It reduces hidden risks, accelerates problem resolution, complies with regulations and builds trust through transparency.
Conclusion
Wow, this week really showed us that cyber threats can appear where we least expect them, even in the apps and networks we trust. The big lesson? Be alert and always doubt what is in front of you. Keep learning, stay curious, and let’s outsmart the bad guys together. Until next time, stay safe!
