Top news stories this week
- Rescued. Crackdown on cyber scam camps in Myanmar rescues 7,000 individuals.
- NoName. Pro-Russia threat actor targets Italian airlines using DDoS attacks.
- Infostealers. US military and defense credentials, including from Boeing, appear in cybercrime marketplaces.
- Power move. Australia’s security chief warns critical infrastructure systems “routinely” mapped by foreign regimes.
- Consequences. Lee Enterprises tallies cyberattack costs as US healthcare contractor agrees to USD 11.2 million settlement.
- Novel attacks. New phishing campaign utilizes device codes and Golang malware leverages Telegram.
1. 7,000 individuals rescued from cyber scam camps in Myanmar
Around 7,000 people rescued from cyber scam camps in Myanmar will be transferred to Thailand amid a crackdown on cross-border scam operations. Many of those trapped in the operations are victims of human trafficking, facing threats, torture, and sexual violence. In the scam camps workers are forced to run online scams such as romance fraud, cryptocurrency swindles, and fake investment schemes.
So what?
While it is a large takedown of scam centres, the impact of this operation remains to be seen as the criminal groups behind these operations have been able to relocate.
[Researcher: Milda Petraityte]
2. Pro-Russia threat actor targets Italian airlines in DDoS attacks
A pro-Russia hacker group named NoName057(16) has launched Distributed Denial-of-Service (DDoS) attacks against several Italian organizations, including Milan's Linate and Malpensa airports, Intesa Sanpaolo bank, and the ports of Taranto and Trieste. The attacks aimed to disrupt daily services and were reportedly in retaliation for remarks made by the Italian President that criticised Russia.
So what?
Politically motivated threat actors are increasingly employing DDoS attacks as a technique to target their victims. Organizations should use DDoS protection services, increase bandwidth and continuously monitor networks to defend against DDoS attacks.
[Researcher: Aditya Ganjam Mahesh]
3. Lockheed Martin and US defense firms at risk of credential compromise
Credentials from US military and defense networks, including companies Lockheed Martin and Boeing, are on sale in cybercrime marketplaces for just USD 10, posing a significant security risk.
So what?
Avoid downloading items from unverified sources, as doing so can severely compromise the security of sensitive and important data.
[Researcher: Lena Krummeich]
4. Australian critical infrastructure systems “routinely” mapped by foreign regimes, claims AISO head
In his annual threat speech, the director-general of Australia’s national security agency, the Australian Security Intelligence Organization (AISO), warned that foreign regimes are actively “pre-positioning cyber access vectors they can exploit in the future”. He further commented that one of the units targeting Australia had also been carrying out the same activities on critical networks in the United States.
SO WHAT?
Organizations should ensure they have a continually updated view of their risk posture, in particular supply dependencies – to be carried out concurrently with adequate preparation.
[Researcher: Lester Lim]
5. Lee Enterprises counts cyberattack costs as US healthcare contractor agrees to USD 11.2 million settlement
US media conglomerate Lee Enterprises has said that a cyberattack, which has disrupted the deliveries of newspapers including the Arizona Star, will likely have a material impact on its finances.
Separately, US federal contractor Health Net Federal Services, has agreed to pay USD 11.2 million to settle allegations that it misled the government about meeting cybersecurity standards.
So What?
Cyberattacks can be costly. Organizations should regularly test their cyber defenses to build resilience against threats and ensure compliance isn't just a tick-box exercise.
[Researcher: Blanche MacArthur]
6. Hackers compromise email accounts with device code phishing as Golang malware leverages Telegram
Microsoft has warned that pro-Russian hackers are targeting victims in a new phishing campaign that leverages device codes. In this attack chain, threat actors build rapport with a victim and send them a device code to input into a legitimate service, often disguised as a legitimate Teams meeting invitation. Once victims enter the codes to authenticate, the hackers steal the resulting access tokens.
Separately, Golang malware now utilizes Telegram as a command and control channel. The malware uses Telegram primarily because it is difficult for defenders to differentiate between malicious and legitimate traffic.
SO WHAT?
Threat actors continually improve their tactics, techniques, and procedures. Organizations should implement regular mandatory employee cybersecurity training as this remains one of the best approaches to defend against novel techniques.
[Researcher: Jon Seland]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
