THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

Catch up on last week's top cybersecurity stories.
The hacker News

THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

Ever heard of a "pig butchering" scam?  Or a DDoS attack so big it could melt your brain?  This week's cybersecurity recap has it all –  government showdowns, sneaky malware, and even a dash of app store shenanigans.


Get the scoop before it's too late!

⚡ Threat of the Week

Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies took steps to arrest four people and take down nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation. In tandem, authorities outed a Russian national named Aleksandr Ryzhenkov as one of the high-ranking members of the Evil Corp cybercrime group and also a LockBit affiliate. A total of 16 individuals who were part of Evil Corp have been sanctioned by the U.K.


🔔 Top News

  • DoJ & Microsoft Seize 100+ Russian Hacker Domains: The U.S. Department of Justice (DoJ) and Microsoft announced the seizure of 107 internet domains used by a Russian state-sponsored threat actor called COLDRIVER to orchestrate credential harvesting campaigns targeting NGOs and think tanks that support government employees and military and intelligence officials.

  • Record-Breaking 3.8 Tbps DDoS Attack: Cloudflare revealed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The attack is part of a broader wave of over hundred hyper-volumetric L3/4 DDoS attacks that have been ongoing since early September 2024 targeting financial services, Internet, and telecommunication industries. The activity has not been attributed to any specific threat actor.

  • North Korean Hackers Deploy New VeilShell Trojan: A North Korea-linked threat actor called APT37 has been attributed as behind a stealthy campaign targeting Cambodia and likely other Southeast Asian countries that delivers a previously undocumented backdoor and remote access trojan (RAT) called VeilShell. The malware is suspected to be distributed via spear-phishing emails.

  • Fake Trading Apps on Apple and Google Stores: A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims as part of what's called a pig butchering scam. The apps are no longer available for download. The campaign has been found to target users across Asia-Pacific, European, Middle East, and Africa. In a related development, Gizmodo reported that Truth Social users have lost hundreds of thousands of dollars to pig butchering scams.

  • 700,000+ DrayTek Routers Vulnerable to Remote Attacks: As many as 14 security flaws, dubbed DRAY:BREAK, have been uncovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. The vulnerabilities have been patched following responsible disclosure.

📰 Around the Cyber World

  • Salt Typhoon Breached AT&T, Verizon, and Lumen Networks: A Chinese nation-state actor known as Salt Typhoon penetrated the networks of U.S. broadband providers, including AT&T, Verizon, and Lumen, and likely accessed "information from systems the federal government uses for court-authorized network wiretapping requests," The Wall Street Journal reported. "The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers."

  • U.K. and U.S. Warn of Iranian Spear-Phishing Activity: Cyber actors working on behalf of the Iranian Government's Islamic Revolutionary Guard Corps (IRGC) have targeted individuals with a nexus to Iranian and Middle Eastern affairs to gain unauthorized access to their personal and business accounts using social engineering techniques, either via email or messaging platforms. "The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials," the agencies said in an advisory. "Victims may be prompted to input two-factor authentication codes, provide them via a messaging application, or interact with phone notifications to permit access to the cyber actors."

  • NIST NVD Backlog Crisis - 18,000+ CVEs Unanalyzed: A new analysis has revealed that the National Institute of Standards and Technology (NIST), the U.S. government standards body, has still a long way to go in terms of analyzing newly published CVEs. As of September 21, 2024, 72.4% of CVEs (18,358 CVEs) in the NVD have yet to be analyzed, VulnCheck said, adding "46.7% of Known Exploited Vulnerabilities (KEVs) remain unanalyzed by the NVD (compared to 50.8% as of May 19, 2024)." It's worth noting that a total of 25,357 new vulnerabilities have been added to NVD since February 12, 2024, when NIST scaled back its processing and enrichment of new vulnerabilities.

  • Major RPKI Flaws Uncovered in BGP’s Cryptographic Defense: A group of German researchers has found that current implementations of Resource Public Key Infrastructure (RPKI), which was introduced as a way to introduce a cryptographic layer to Border Gateway Protocol (BGP), "lack production-grade resilience and are plagued by software vulnerabilities, inconsistent specifications, and operational challenges." These vulnerabilities range from denial-of-service and authentication bypass to cache poisoning and remote code execution.

  • Telegram’s Data Policy Shift Pushes Cybercriminals to Alternative Apps: Telegram's recent decision to give users' IP addresses and phone numbers to authorities in response to valid legal requests is prompting cybercrime groups to seek other alternatives to the messaging app, including Jabber, Tox, Matrix, Signal, and Session. The Bl00dy ransomware gang has declared that it's "quitting Telegram," while hacktivist groups like Al Ahad, Moroccan Cyber Aliens, and RipperSec have expressed an intent to move to Signal and Discord. That said, neither Signal nor Session support bot functionality or APIs like Telegram nor do they have extensive group messaging capabilities. Jabber and Tox, on the other hand, have already been used by adversaries operating on underground forums. "Telegram’s expansive global user base still provides extensive reach, which is crucial for cybercriminal activities such as disseminating information, recruiting associates or selling illicit goods and services," Intel 471 said. Telegram CEO Pavel Durov, however, has downplayed the changes, stating "little has changed" and that it has been sharing data with law enforcement since 2018 in response to valid legal requests. "For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3," Durov added.

🔥 Cybersecurity Resources & Insights

  • LIVE Webinars

  • Ask the Expert

    • Q: How can organizations reduce compliance costs while strengthening their security measures?

    • A: You can reduce compliance costs while strengthening security by smartly integrating modern tech and frameworks. Start by adopting unified security models like NIST CSF or ISO 27001 to cover multiple compliance needs, making audits easier. Focus on high-risk areas using methods like FAIR so your efforts tackle the most critical threats. Automate compliance checks with tools like Splunk or IBM QRadar, and use AI for faster threat detection. Consolidate your security tools into platforms like Microsoft 365 Defender to save on licenses and simplify management. Using cloud services with built-in compliance from providers like AWS or Azure can also cut infrastructure costs. Boost your team's security awareness with interactive training platforms to build a culture that avoids mistakes. Automate compliance reporting using ServiceNow GRC to make documentation easy. Implement Zero Trust strategies like micro-segmentation and continuous identity verification to strengthen defenses. Keep an eye on your systems with tools like Tenable.io to find and fix vulnerabilities early. By following these steps, you can save on compliance expenses while keeping your security strong.

  • Cybersecurity Tools

    • capa Explorer Web is a browser-based tool that lets you interactively explore program capabilities identified by capa. It provides an easy way to analyze and visualize capa's results in your web browser. capa is a free, open-source tool by the FLARE team that extracts capabilities from executable files, helping you triage unknown files, guide reverse engineering, and hunt for malware.

    • Ransomware Tool Matrix is an up-to-date list of tools used by ransomware and extortion gangs. Since these cybercriminals often reuse tools, we can use this info to hunt for threats, improve incident responses, spot patterns in their behavior, and simulate their tactics in security drills.

  • Tip of the Week

    • Keep an "Ingredients List" for Your Software: Your software is like a recipe made from various ingredients—third-party components and open-source libraries. By creating a Software Bill of Materials (SBOM), a detailed list of these components, you can quickly find and fix security issues when they arise. Regularly update this list, integrate it into your development process, watch for new vulnerabilities, and educate your team about these parts. This reduces hidden risks, speeds up problem-solving, meets regulations, and builds trust through transparency.

Conclusion

Wow, this week really showed us that cyber threats can pop up where we least expect them—even in apps and networks we trust. The big lesson? Stay alert and always question what's in front of you. Keep learning, stay curious, and let's outsmart the bad guys together. Until next time, stay safe out there!

Follow Us for More Updates


Powered by:
GetResponse

Older messages

Largest-Ever DDoS Attack Just Occurred—3.8 Tbps in Just 65 Seconds!

Saturday, October 5, 2024

THN Daily Updates Newsletter cover Mastering Spring Boot 3.0 ($31.99 Value) FREE for a Limited Time A comprehensive guide to building scalable and efficient backend systems with Java and Spring

Largest-Ever DDoS Attack Just Occurred—3.8 Tbps in Just 65 Seconds!

Friday, October 4, 2024

THN Daily Updates Newsletter cover Mastering PowerShell Scripting, Fifth Edition ($35.99 Value) FREE for a Limited Time Automate repetitive tasks and simplify complex administrative tasks using

LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort

Thursday, October 3, 2024

THN Daily Updates Newsletter cover Kubernetes Anti-Patterns ($39.99 Value) FREE for a Limited Time As the popularity of Kubernetes continues to grow, it's essential to understand and navigate the

eBook: Overcoming the Security Blind Spots of Service Accounts

Wednesday, October 2, 2024

Discover how to secure overlooked service accounts that pose hidden cybersecurity risks ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Wednesday, October 2, 2024

THN Daily Updates Newsletter cover [Watch LIVE] Modernization of Authentication: Passwords vs Passwordless and MFA Discover the Future of Cybersecurity: Understand the Role of MFA and Passwords in a

You Might Also Like

Corporate Casserole 🥘

Monday, November 25, 2024

How marketing and lobbying inspired Thanksgiving traditions. Here's a version for your browser. Hunting for the end of the long tail • November 24, 2024 Hey all, Ernie here with a classic

WP Weekly 221 - Bluesky - WP Assets on CDN, Limit Font Subsets, ACF Pro Now

Monday, November 25, 2024

Read on Website WP Weekly 221 / Bluesky Have you joined Bluesky, like many other WordPress users, a new place for an online social presence? Also in this issue: CrawlWP, Asset Management Framework,

🤳🏻 We Need More High-End Small Phones — Linux Terminal Setup Tips

Sunday, November 24, 2024

Also: Why I Switched From Google Maps to Apple Maps, and More! How-To Geek Logo November 24, 2024 Did You Know Medieval moats didn't just protect castles from invaders approaching over land, but

JSK Daily for Nov 24, 2024

Sunday, November 24, 2024

JSK Daily for Nov 24, 2024 View this email in your browser A community curated daily e-mail of JavaScript news JavaScript Certification Black Friday Offer – Up to 54% Off! Certificates.dev, the trusted

OpenAI's turbulent early years - Sync #494

Sunday, November 24, 2024

Plus: Anthropic and xAI raise billions of dollars; can a fluffy robot replace a living pet; Chinese reasoning model DeepSeek R1; robot-dog runs full marathon; a $12000 surgery to change eye colour ͏ ͏

Daily Coding Problem: Problem #1618 [Easy]

Sunday, November 24, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Zillow. Let's define a "sevenish" number to be one which is either a power

PD#602 How Netflix Built Self-Healing System to Survive Concurrency Bug

Sunday, November 24, 2024

CPUs were dying, the bug was temporarily un-fixable, and they had no viable path forward ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

RD#602 What are React Portals?

Sunday, November 24, 2024

A powerful feature that allows rendering components outside their parent component's DOM hierarchy ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

C#533 What's new in C# 13

Sunday, November 24, 2024

Params collections support, a new Lock type and others ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

⚙️ Smaller but deeper: Writer’s secret weapon to better AI

Sunday, November 24, 2024

November 24, 2024 | Read Online Ian Krietzberg Good morning. I sat down recently with Waseem Alshikh, the co-founder and CTO of enterprise AI firm Writer. Writer recently made waves with the release of