The week of June 3-9, 2023, has seen significant developments in cybersecurity, including a variety of threats and breaches. The situation is fluid with significant developments, The White House extending it’s ban on TikTok, the zero-day attack on MOVEit Transfer software, Minecraft Malware, a data breach at Mercer University, Manchester University, an increase in sextortion crimes, and the surge in deepfake-related scams. We willl also dive into Verizon’s annual data breach. As we dissect these events, it’s crucial to remain informed and vigilant, bolstering our collective digital resilience against these escalating cyber threats.
MOVEit Transfer CVE-2023-34362
One of the most significant incidents this week involved a zero-day attack on the file transfer software MOVEit Transfer, exploited by the Clop ransomware group. This attack had far-reaching implications, impacting thousands of organizations worldwide, including British Airways, Boots, and the BBC, which were indirectly affected through their payroll vendor, Zellis.
Mercer University Breach
The Mercer University in Macon, Georgia, also fell victim to a data breach last month. The breach resulted in the theft of personal information, including names and Social Security numbers, of 93,512 people. The ramifications of this breach could be life-long for the victims, as this data can be used to access highly personal information, such as credit cards, bank accounts, and driving records.
Manchester University Breach
Regrettably, the University of Manchester reported a cyber incident today, confirming that some of its systems were accessed by an unauthorized party and that data were likely copied. It is not yet clear what information has been accessed by the attackers, but staff and students have been advised to watch out for any suspicious emails. The National Cyber Security Centre (NCSC.gov.uk) and National Crime Agency are among the authorities working with the university’s own experts to resolve the incident.
The U.S. Federal Bureau of Investigation (FBI) has issued a warning regarding a sharp increase in sextortion crimes. Enabled by the growth of AI technology, cybercriminals are now capable of transforming innocent photos from a victim’s social media accounts into explicit, sexually-themed images. These manipulated images are then used to extort the victims, either by threatening to circulate them on the web or share them with their friends and family unless a ransom is paid
Minecraft Malware, Fractureiser
Modded Minecraft is having a security moment. It looks like things started when a handful of burner accounts uploaded malicious mods to Curseforge and Bukkit. Those mods looked interesting enough, that a developer for Luna Pixel Studios (LPS) downloaded one of them to test-run. After the test didn’t pan out, he removed the mod, but the malicious code had already run.
Where this gets ugly is in how much damage that one infection caused. The virus, now named fractureiser, installs itself into every other Minecraft-related .jar on the compromised system. It also grabs credentials, cookies, cryptocurrency addresses, and the clipboard contents. Once that information was exfiltrated from the LPS developer, the attacker seems to have taken manual actions, using the purloined permissions to upload similarly infected mod files, and then marking them archived. This managed to hide the trapped files from view on the web interface, while still leaving them exposed when grabbed by the API. Once the malware hit a popular developer, it began to really take off.
It looks like the first of the malicious .jar files actually goes all the way back to mid-April, so it may take a while to discover all the places this malware has spread. It was first noticed on June 1, and investigation was started, but the story didn’t become public until the 7th. Things have developed rapidly, and the malware fingerprints has been added to Windows Defender among other scanners. This helps tremendously, but the safe move is to avoid downloading anything Minecraft related for a couple days, while the whole toolchain is inspected. If it’s too late and you’ve recently scratched that voxel itch, it might be worth it to take a quick look for Indicators of Compromise (IoCs).
Deepfakes and AI
The rise of generative AI technologies, such as ChatGPT and Unreal Keanu Reeves, has led to an increased awareness of these technologies, with 67% of people reportedly aware of them. However, a concerning 52% of study respondents believed they could spot a deepfake hoax, despite the reality that modern deepfakes have evolved to the point where they are undetectable by the naked eye. This false confidence has contributed to significant losses from impersonation scams, with U.S. consumers losing $2.6 billion in 2022, and the U.K. suffering £177 million in losses.
The Verizon 16th Annual Data Breach Investigations Report
This week marked the release of the Verizon 16th annual Data Breach Investigations Report, a comprehensive overview of the current state of cybersecurity. Drawing from an impressive dataset of 5,199 breaches and 16,312 security incidents, the report sheds light on the tactics, techniques, and procedures adopted by cybercriminals, emphasizing the pervasiveness of cyber threats in our digital era.
Ransomware continues to be a dominant force in the landscape of cyber threats, accounting for 24% of all breaches. These malicious software attacks, which involve the encryption of victim’s data followed by a ransom demand for its return, have been a continuing source of disruption for businesses and organizations worldwide. This report brings to light the stark financial implications of such attacks. A staggering 95% of companies that fell victim to a ransomware attack experienced substantial financial losses, ranging between $1 million to $2.25 million. These figures underscore the importance of implementing robust cybersecurity measures and fostering a culture of digital awareness to mitigate the risk of ransomware attacks.
U.S. Government TikTok Ban Now Includes Contractors
TikTok ban on U.S. government devices from earlier this year has been extended to include contractors of federal agencies. “This prohibition applies to devices regardless of whether the device is owned by the government, the contractor, or the contractor’s employees. A personally-owned cell phone that is not used in the performance of the contract is not subject to the prohibition,” stated the Department of Defense, General Services Administration and NASA in a joint interim rule. The extended ban went into effect June 2.
The world of cybersecurity is in constant flux, and the events of this week underscore the need for vigilance and proactive measures. Stay informed, stay secure, and remember that cybersecurity is everyone’s responsibility. Until next time, why not drop into our discord and be part of our Cybersecurity Awareness Initiative.
Enjoyed this post? Follow me on twitter and lets connect!
Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.