This Week’s Top 5 News August 2023 | 02

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

Malicious actors have been exploiting the legitimate Rust-based injector known as Freeze[.]rs to deploy the XWorm commodity malware. This attack chain begins with a phishing email containing a booby-trapped PDF file. To further their offensive actions, attackers utilize the ‘search-ms’ protocol to access an LNK file on a remote server. Freeze[.]rs, an open-source red teaming tool released on May 4, 2023, allows cybercriminals to bypass security measures and execute shellcode covertly. Additionally, the SYK Crypter, obtained from Discord’s content delivery network, is used to distribute various malware families. This attack chain includes persistent crypters with multiple layers of obfuscation and polymorphism to evade detection. The rapid adoption of offensive tools by malicious actors to achieve their goals is a growing concern in the cybersecurity landscape. For more about this story click here

 

2. New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

Researchers at Zscaler ThreatLabz have discovered a new strain of information-stealing malware called Statc Stealer that poses a significant threat to Microsoft Windows users. The malicious software is capable of stealing sensitive information from web browsers, including login data, cookies, and preferences. It also targets cryptocurrency wallets, credentials, passwords, and data from messaging apps. Statc Stealer is distributed through deceptive ads, appearing as an MP4 video file format in browsers like Google Chrome. The malware employs anti-analysis techniques and connects to a command-and-control server to exfiltrate stolen data securely. This underscores the potential for identity theft and financial fraud. eSentire also reported an updated version of Raccoon Stealer earlier this year. For more about this story click here

 

3. Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are utilizing the EvilProxy phishing-as-a-service (PhaaS) toolkit to execute account takeover attacks targeting high-ranking executives at prominent organizations. Proofpoint has observed an ongoing hybrid campaign that has targeted thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of global organizations between March and June 2023. Notably, 39% of compromised users were C-level executives, including CEOs (9%) and CFOs (17%). The attackers specifically focused on personnel with access to financial assets or sensitive information. With cybercriminals adapting their strategies to bypass multi-factor authentication (MFA) using adversary-in-the-middle (AitM) phishing kits, these campaigns represent a response to increased security measures. EvilProxy, sold as a subscription for $400 per month, compromises accounts associated with various services, and its use demonstrates the growing trend of PhaaS toolkits facilitating sophisticated phishing attacks on a large scale at an affordable cost.
For more about this story click here

 

4. China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign

Chinese hackers associated with the Ministry of State Security (MSS) have conducted cyber attacks in 17 countries across Asia, Europe, and North America between 2021 and 2023. The intrusion, attributed to a nation-state group known as RedHotel, has targeted sectors such as academia, aerospace, government, media, telecommunications, and research. The group’s objectives include intelligence gathering and economic espionage, particularly targeting organizations involved in COVID-19 research and technology R&D. RedHotel utilizes various offensive security tools and malware families, employing a multi-tiered infrastructure for reconnaissance and network access. Notably, they have been linked to the exploitation of Log4Shell flaws and the deployment of backdoors in targeted organizations.
For more about this story click here

 

5. U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

The U.K. Electoral Commission has revealed a “complex” cyber attack on its systems that remained undet for over a year. This allowed threat actors to gain access to voter data belonging to approximately 40 million individuals. The intrusion involved unauthorized access to the Commission’s servers hosting email systems, control systems, and copies of electoral registers used for research. The stolen data includes personal information such as names, email addresses, home addresses, contact telephone numbers, and content of webforms and emails. The Commission assures that the attack did not impact the electoral process or registration status and urges individuals to remain vigilant for potential unauthorized use of their personal data. The Commission has implemented security measures to protect against future attacks.
For more about this story click here

 

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!