This Week’s Top 5 Cybersecurity News Stories March 2024 | 03

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. Russia Hackers Using TinyTurla-NG to Breach European NGO’s Systems

Turla, a Russia-linked cyber threat group, has reportedly infiltrated several systems of an unnamed European NGO to deploy a backdoor named TinyTurla-NG. Cisco Talos reveals that the attackers established persistence and disabled antivirus defenses on the compromised systems. The initial breach dates back to October 2023, with data exfiltration via Chisel occurring around January 2024. TinyTurla-NG was also used in attacks on a Polish NGO. The attack involves configuring Microsoft Defender exclusions to avoid detection, installing TinyTurla-NG, and using a custom version of Chisel for data tunneling and exfiltration. The exact method of initial access is still under investigation.

For more about this story click here


2. US warns hackers are carrying out attacks on water systems

The U.S. government has alerted state governors about ongoing disruptive cyberattacks targeting the nation’s water and sewage systems. National Security Advisor Jake Sullivan and EPA Administrator Michael Regan emphasized the severity of these attacks in a recent letter, highlighting instances involving alleged Iranian and Chinese hackers. These attacks pose significant threats to critical water infrastructure and can incur substantial costs for impacted communities. Both Iran and China have previously denied such cyber activities. The letter urges governors to assess and bolster cybersecurity measures across water systems to mitigate potential cyber incidents and ensure the safety of these essential services.

For more about this story click here


3. New BunnyLoader Malware Variant Surfaces with Modular Attack Features

Cybersecurity researchers have identified an evolved version of BunnyLoader, a stealer and malware loader. BunnyLoader 3.0, enhanced by its developer Player, features modularized functions for data theft, improved keylogging, and DoS attack capabilities. Initially identified as malware-as-a-service, BunnyLoader has advanced its evasion techniques and data gathering abilities. It now includes distinct binaries for its various modules and employs sophisticated infection chains involving PureCrypter and other malware. The development highlights the continuous evolution of malware in the cybercrime landscape, paralleling other notable threats like SmokeLoader.

For more about this story click here


4. Vietnam’s struggle with cyber security

Despite being an active participant in international operations and having a significant internet user base, Vietnam faces growing cyber threats, notably from Chinese hackers. This vulnerability was evident in incidents since 2011, including attacks on Vietnamese government and private sector websites, airports, and airlines. In 2023, cyber-attacks in Vietnam surged, with a substantial number targeting government offices. The Vietnamese government recognizes these cyber threats as challenges to national sovereignty and stability, prompting a range of defensive measures. These include enhancing cybersecurity laws, establishing dedicated cyber defense units, and coordinating national responses to cyber incidents. Additionally, Vietnam is developing its own 5G infrastructure, moving away from reliance on foreign technologies like Huawei. The country remains vigilant in its cyber defense efforts, continually adapting to evolving cyber threats.

For more about this story click here


5. Hackers Group TOXINBIO Recruiting New Members After Law Enforcement Crackdown

Following a multi-national law enforcement operation that arrested key members and disrupted its infrastructure, the infamous ransomware group TOXINBIO is ramping up its recruitment efforts. This response to the coordinated crackdown, which involved meticulous investigations, indicates an escalating and dynamic challenge in the realm of cyber threats.

For more about this story click here

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!