Take a look at the first Cyber Weekly Digest of September. In this digest we take a look at how the FBI was able to take down one of the largest botnets, responsible for over 40 ransomware attacks as well as the SIM-swapping attack which led to Kroll suffering a data breach. Keep reading to stay up to date on the latest cyber security news from across the globe.
The network monitoring company LogicMonitor confirmed this week that some users of its SaaS platform have fallen victim to cyberattacks. The company says that the hacking campaign has hit a "small number" of users and is working with those affected to mitigate the attacks' impact. While LogicMonitor did not confirm that ransomware attacks hit its affected customers, anonymous sources told journalists that the threat actors hacked customer accounts and "were able to create local accounts and deploy ransomware." There are many rumours about how users were compromised, including weak passwords or threat actors utilising LogicMonitor's on-prem sensors to deploy scripts.
Entertainment giant Paramount Global disclosed a data breach after its systems were compromised and attackers gained access to personally identifiable information. It is reported that the cyber attack occurred between May and June this year when threat actors could compromise their systems. The affected individuals of the data breach are believed to be only around 100. However, whether this is an employee or customer data is still being determined. Paramount is offering the affected individuals at least two years of identity and credit protection from the company. The details of the attack are yet to be revealed as Paramount is still investigating the incident. However, journalists have reported that it is unlikely a ransomware attack or is not linked to the recent MoveIT attacks either.
VMware has released security updates to correct two security vulnerabilities in Aria Operations for Networks that could be exploited to bypass authentication and gain remote code execution. The most severe of the flaws is CVE-2023-34039 (with a CVSS score of 9.8), which relates to a case of authentication bypass arising as a result of a lack of unique cryptographic key generation. The second flaw, CVE-2023-20890 (with a CVSS score: 7.2), is an arbitrary file write vulnerability impacting Aria Operations for Networks that could be abused by an adversary with administrative access to write files to arbitrary locations and achieve remote code execution.
Risk and financial advisory solutions provider Kroll has disclosed that one of its employees fell victim to a SIM-swapping attack. The incident supposedly occurred on August 19th, where an attack targeted an employee's T-Mobile account in which the employee's phone number was transferred to the attacker's phone. This meant that the threat actor could access files containing bankruptcy claimants' personal information. SIM swapping attacks make it easy for threat actors to control a victim's phone number, intercept SMS and voice calls, and receive MFA messages. While an investigation is underway, Kroll said it found no evidence to indicate that other systems or accounts have been affected.
Qakbot, one of the largest and longest-running botnets to date, has been taken down following a multinational law enforcement operation spearheaded by the FBI and known as Operation 'Duck Hunt.' Law enforcement linked the botnet to at least 40 ransomware attacks, causing over $58 million in damages. The FBI dismantled Qakbot after it infected over 700,000 computers by infiltrating parts of the botnet's infrastructure, including one of the computers used by a Qakbot admin. Over the weekend, the FBI redirected Qakbot traffic and enabled them to access an uninstaller to deploy on compromised devices across the globe, preventing the deployment of additional malicious payloads.