top of page
  • hayleywade1

Cyber Weekly Digest - 2024 Week #7



Welcome to the 7th edition Cyber Weekly Digest of 2024.

 

New and noteworthy this week: We loved this Forrester write up on the transition from "Security Awareness" to "Human Risk Management". Lovely little shout out for our friends at CultureAI! Forrester predicts that 90% of data breaches will include the human element in 2024!! You can request a demo here


Over the past few weeks, Ivanti has issued warnings about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. In order to help protect our customers and enable them to act swiftly, we are offering free 60 day Zscaler private access with onboarding professional services to help become as secure as possible. Contact us info@cybervigilance.uk with any questions or to request sign up.

 

Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.

 

This week we heard about the rise of Deepfakes in malware attacks, what took out the IT Infrastructure of a German battery maker, 4 ways hackers use social engineering to bypass MFA and why we need to be aware of MrAgent (terrible Tinder name fyi!)

 

Keep reading to stay up to date on the latest cyber security news.

 

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS. Active since at least mid-2023, GoldFactory is also responsible for another Android-based banking malware called GoldDigger and its enhanced variant GoldDiggerPlus as well as GoldKefu, an embedded trojan inside GoldDiggerPlus.


The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors. RansomHouse is a ransomware-as-a-service (RaaS) operation that emerged in December 2021 and is using double extortion tactics. In May 2022, the operation set up a dedicated victim extortion page on the dark web. Although the RansomHouse gang was not as active as more infamous groups like LockBit, ALPHV/Blackcat, Play, or Clop, Trellix reports that it targeted large-sized organizations throughout last year.


The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. This network of hundreds of Ubiquiti Edge OS routers infected with Moobot malware was controlled by GRU Military Unit 26165, also tracked as APT28, Fancy Bear, and Sednit. The Russian hackers' targets include U.S. and foreign governments, military entities, and security and corporate organisations.


When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can be bypassed, and it often is. If a password is compromised, there are several options available to hackers looking to circumvent the added protection of MFA. We'll explore four social engineering tactics hackers successfully use to breach MFA and emphasize the importance of having a strong password as part of a layered defense.


Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants. VARTA is a German manufacturer of batteries for the automotive, consumer, and industrial sectors, partially owned by Energizer Holdings. The brand has an R&D history spanning 136 years, and its products are available worldwide. VARTA's annual revenue exceeds $875 million.

The company announced that hackers targeted parts of its IT infrastructure on Monday night, causing a severe disruption in five production units.




12 views

Comments


bottom of page