This Week’s Top 5 News May 2023 | 01

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. Researchers find Israeli-made spyware deployed across Armenia

A recent report reveals that Israeli-made Pegasus phone hacking software has been used against targets in Armenia, including journalists at a U.S. government-funded news organization. Researchers from digital rights group Access Now, Amnesty International, Citizen Lab, CyberHUB-AM, and independent researcher Ruben Muradyan confirmed at least 12 cases of NSO Group’s espionage software being used against Armenian officials, journalists, and organizers. Pegasus is an advanced espionage tool that grants hackers extensive access to their targets’ smartphones. Israel-based NSO Group has faced accusations of helping governments spy on political opponents and was blacklisted by the U.S. government in 2021 over human rights concerns. Researchers believe Azerbaijan is likely responsible for the hacking activity due to its history of using Pegasus against domestic opponents. For more about this story click here

2. COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

A new strain of malware called COSMICENERGY has been discovered by Google-owned threat intelligence firm Mandiant. The malware, which targets critical systems in industrial environments, was uploaded to the VirusTotal malware scanning utility in December 2021 by a submitter in Russia. COSMICENERGY is designed to disrupt electric power by interacting with IEC 60870-5-104 (IEC-104) devices commonly used in electric transmission and distribution operations in Europe, the Middle East, and Asia. Mandiant suggests that Russian telecom firm Rostelecom-Solar may have developed the malware as a red teaming tool to simulate power disruption and emergency response exercises. The malware shares similarities with Industroyer and other specialized malware capable of sabotaging critical systems. For more about this story click here

3. Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

Barracuda, an email protection and network security provider, has issued a warning regarding a zero-day flaw (CVE-2023-2868) exploited in its Email Security Gateway (ESG) appliances. The vulnerability, a remote code injection issue, affects versions 5.1.3.001 through 9.2.0.006 and is rooted in a component that screens incoming email attachments. The flaw was identified on May 19, 2023, and Barracuda deployed a patch across all ESG devices the next day, followed by a second fix on May 21. The company discovered evidence of active exploitation, resulting in unauthorized access to a subset of email gateway appliances. Affected users have been contacted with remedial actions, and Barracuda continues to monitor the situation. The identity of the threat actors remains unknown.

In related news, Defiant reported large-scale exploitation of a now-fixed cross-site scripting (XSS) flaw in the Beautiful Cookie Consent Banner plugin installed on over 40,000 sites. The vulnerability enables unauthenticated attackers to inject malicious JavaScript into a website, potentially causing redirects to malvertising sites and site takeovers. Defiant has blocked nearly 3 million attacks against more than 1.5 million sites since May 23, 2023. For more about this story click here

4. Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

A new botnet called Dark Frost has been launching distributed denial-of-service (DDoS) attacks against the gaming industry. The botnet, which comprises of 414 machines, is modeled after Gafgyt, QBot, Mirai, and other malware strains. Targets include gaming companies, game server hosting providers, online streamers, and gaming community members. Akamai security researcher Allen West reveals that Dark Frost has an attack potential of approximately 629.28 Gbps through a UDP flood attack. The threat actor behind Dark Frost has published live recordings of their attacks on social media and has set up a Discord channel to facilitate attacks in exchange for money, indicating plans to develop a DDoS-for-hire service. This case highlights how novice cybercriminals can use existing malware to inflict significant damage on enterprises. For more about this story click here

5. Indonesian Cybercriminals Exploit AWS for Profitable Crypto Mining Operations

An Indonesian threat actor group known as GUI-vil has been exploiting Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances for illicit crypto mining operations. First detected in November 2021 by cloud security company Permiso P0 Labs, the group uses Graphical User Interface (GUI) tools to access the AWS console through a web browser. They gain initial access by weaponizing AWS keys found in exposed source code repositories on GitHub or exploiting GitLab instances with remote code execution vulnerabilities. Once inside, they escalate privileges, conduct internal reconnaissance, and create new users to blend in and persist within the victim environment. The group’s primary goal is financially driven, using EC2 instances for crypto mining activities at the expense of the targeted organizations. For more about this story click here

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!