Welcome to the 50th edition of Cyber Weekly Digest! We'd like to start off with a huge THANK YOU to all our readers and subscribers.
New and noteworthy this week: Our latest blog covering QR Code Phishing (or the slightly more comical term #quishing) plus a big announcement for our Northern friends - March 2024 we are taking Cyber Security... is no joke! on the road. All the way to Edinburgh! You can register to save your spot HERE
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
This week we heard about what's causing mayhem for the Russian Tax System, an eye watering request for Toyota and how our vendor partner Abnormal Security are detecting phishing scams from some of our favourite streaming services!
Keep reading to stay up to date on the latest cyber security news.
The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service (FNS), wiping the agency's database and backup copies.
Following this operation, carried out by cyber units within Ukraine's Defence Intelligence, military intelligence officers breached Russia's federal taxation service central servers and 2,300 regional servers across Russia and occupied Ukrainian territories.
The breach led to all compromised FTS servers being infected with malware, as well as the hacking of a Russian IT company that provides FNS with data center services.
Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. In the attacks detailed by Microsoft, threat actors have been observed launching phishing or password-spraying attacks against poorly secured accounts with permissions to create or modify OAuth applications. To mitigate the risks associated with such attacks, it's recommended that organisations enforce multi-factor authentication (MFA), enable conditional access policies, and routinely audit apps and consented permissions.
Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. Last month, the company confirmed that it detected unauthorized access on some of its systems in Europe and Africa, following a claim from Medusa ransomware about successfully compromising the Japanese automaker's division. The threat actors demanded a payment of $8,000,000 to delete the stolen data and gave Toyota 10 days to respond to their blackmail.
The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a report published today. Some of the popular services that are impersonated include Netflix, Hulu, Disney+, Masterclass, McAfee, Norton, and GeekSquad. In the latest attack variant detected by our vendor partner Abnormal Security, a form created using Google Forms is used as a conduit to share details of the purported subscription.
Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor. The packages are estimated to have been downloaded over 10,000 times since May 2023. The end goal of the campaign is to compromise the targeted host with malware, primarily a backdoor capable of remote command execution, data exfiltration, and taking screenshots. The backdoor module is implemented in Python for Windows and in Go for Linux.