This Week’s Top 5 News June 2023 | 03

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. The revolutionary GenAI technology, including tools like ChatGPT, poses significant risks to organizations’ sensitive data.

A research report by browser security company LayerX, titled “Revealing the True GenAI Data Exposure Risk,” provides crucial insights for stakeholders to take proactive measures. The study analyzed 10,000 employees’ GenAI usage and found that 6% of them pasted sensitive data into such tools, with 4% doing so weekly. There has been a 44% increase in GenAI usage over the last three months, with source code, internal business information, and personally identifiable information (PII) being the most exposed data types. Stakeholders can utilize this report to develop effective GenAI data protection strategies and consider adopting solutions that offer continuous monitoring, risk analysis, and real-time governance.
For more about this story click here


2. Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

The Chinese state-sponsored group UNC3886 has been exploiting a zero-day vulnerability (CVE-2023-20867) in VMware ESXi hosts to backdoor Windows and Linux systems. Mandiant researchers reported that the group, initially documented in September 2022, targets defense, technology, and telecommunications organizations in the US, Japan, and Asia-Pacific. UNC3886 is highly adept at weaponizing flaws in firewall and virtualization software that lack EDR solutions. The threat actor harvests credentials from vCenter servers and abuses the vulnerability to execute commands and transfer files between guest VMs and compromised ESXi hosts. UNC3886’s use of Virtual Machine Communication Interface (VMCI) sockets for lateral movement and persistence presents challenges for investigators, as the group disables and tampers with logging services to evade detection. For more about this story click here


3. Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations

Global organizations have been targeted by a broad business email compromise (BEC) campaign that employs adversary-in-the-middle (AitM) techniques. According to Sygnia researchers, the attackers gain initial access through successful phishing attempts and bypass Office365 authentication to achieve persistent access. The threat actors exfiltrate data and spread phishing attacks within the organization and externally. Microsoft recently reported a similar AitM phishing campaign targeting financial institutions. Typically, BEC scams involve tricking targets into sending money or revealing confidential information. Sygnia observed the attacker using a phishing email containing a link to a “shared document,” redirecting victims to an AitM phishing page to harvest credentials and one-time passwords. The threat actors then registered a new multi-factor authentication (MFA) device to maintain remote access. The phishing emails spread in a “worm-like fashion,” with the campaign’s full extent currently unknown. For more about this story click here


4. Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

Since September 2022, a fully undetectable (FUD) malware obfuscation engine called BatCloak has been used to deploy various malware strains while evading antivirus detection. According to Trend Micro researchers, BatCloak allows
threat actors to easily load multiple malware families and exploits through highly obfuscated batch files. Approximately 79.6% of the total 784 artifacts discovered have not been detected by security solutions. BatCloak forms the core of the off-the-shelf batch file builder tool Jlaive, which offers heightened security evasion by bypassing Antimalware Scan Interface (AMSI) and encrypting payloads. Despite being taken down from GitHub and GitLab, the open-source tool has been cloned and modified by other actors. BatCloak’s adaptability and flexibility underscore the ongoing development of FUD batch obfuscators in the modern threat landscape. For more about this story click here

5. Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme

A large-scale cryptocurrency scam has been discovered, involving over 1,000 fraudulent websites that have deceived users with a bogus rewards scheme since January 2021. Trend Micro researchers attribute the scam to a Russian-speaking threat actor called “Impulse Team.” The scam uses advanced fee fraud, convincing victims they’ve won cryptocurrency but must first deposit a small amount to open an account and claim the reward. Victims never receive the promised return. The scam has generated over $5 million between December 2022 and March 2023. The Impulse Team provides hosting and infrastructure for affiliates, who then focus on advertising the fraudulent activity across various platforms, including Twitter and TikTok. This discovery follows recent reports of other cryptocurrency-stealing attacks and campaigns.
For more about this story click here

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.


For more information please contact us now!