With Santa's Elves in overdrive to make the Christmas Day deadline (3 more Monday's just FYI), let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week. This week more details emerged on a large scale phishing scam, how a cyberattack caused havoc for a huge office supply retailers and who's stolen at least $3bn worth of Crypto assets over the last 6 years... Someone's on the naughty list! Keep reading to stay up to date on the latest cyber security news.
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. In late August, the vendor released security updates for two critical vulnerabilities affecting the Windows version of the platform. One of the vulnerabilities, a path traversal bug, could be exploited to generate anonymous sessions and perform HTTP requests to unauthorised endpoints. In a recent report, cybersecurity company Arctic Wolf warns of Cactus ransomware actively exploiting these flaws on publicly-exposed Qlik Sense instances that remain unpatched.
Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. The threat actors are estimated to have stolen $3 billion worth of crypto assets over the past six years, with about $1.7 billion plundered in 2022 alone. A majority of these stolen assets are used to directly fund the hermit kingdom's weapons of mass destruction (WMD) and ballistic missile programs.
American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach's impact and protect customer data. Staples operates 994 stores in the US and Canada, along with 40 fulfillment centers for nationwide product storage and dispatch. Only time will tell if data was stolen while the threat actors had access to Staple's network. If data was stolen, we will likely see the hackers attempt to extort Staples into paying a ransom by threatening to publicly leak the data.
Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system. "The threat actor downloaded the names and email addresses of all Okta customer support system users," the company said in a statement shared with The Hacker News. According to a report published by ReliaQuest last week, Scattered Spider infiltrated an unnamed company and gained access to an IT administrator's account via Okta single sign-on (SSO), followed by laterally moving from the identity-as-a-service (IDaaS) provider to their on-premises assets in less than one hour.
More details have emerged about a malicious Telegram bot called Telekopye that's used by threat actors to pull off large-scale phishing scams. The threat actors behind the operation – codenamed Neanderthals – are known to run the criminal enterprise as a legitimate company, spawning a hierarchical structure that encompasses different members who take on various roles. The ultimate goal of the operation is to pull off one of the three types of scams: seller, buyer, or refund.