WEEKLY TOP TEN: October 21, 2024, 16:00 GMT
- North Korean Threat Actors Target ATMs
Researchers are observing threat actors believed to be affiliated with the DRPK using a variant of the FASTCash malware to infect Linux-based ATMs. This malware infects the payment processing switch servers, which handle card transactions, allowing for the theft of payment card information. - New Android Tool for Anti-Malware Protection
Researchers at George Tech have released a new tool for Android devices which scans for malware abusing the accessibility features, a common tactic used by malware authors. It does this by simulating accessibility events which tricks the malware into revealing it’s functions. - Ransomware Encryption Rates on a Decline
The recent Microsoft Digital Defense Report showed some hopeful news. Although ransomware attacks are still on the rise, successful encryption rates have declined by nearly 300%. This is due to security tooling and analysts catching the attack pre-encryption. Either blocking the payload from executing or stopping the threat actor prior to the encryptor being dropped. - BianLian Claims Responsibility for Attack on Children’s Hospital
Although ransomware groups are inherently immoral, most will avoid targeting critical infrastructure and healthcare organizations, likely because those attacks will put the spotlight on them, increasing the chances of law-enforcement action. However, BianLian has been relentless in attacks on those specific sectors. With their most recent example being an attack on Boston Children’s Health Physicians, an organization of 300 pediatric doctors. - Kubernetes Default Credential Allows for Root Access
A hard-coded default credential included in the Kubernetes image build process has been discovered and can lead to root access of virtual machines via SSH. Specifically, this most heavily impacts Proxmox servers, a popular server operating system built for virtualization. - Hacker Behind the Infamous NPD Breach Arrested by Brazilian Authorities
The threat actor, known online as ‘USDoD’ was behind several major data breaches including, NPD, the FBI’s InfraGuard system, and CrowdStrike’s threat actor database. Which lead CrowdStrike to investigate him and uncover his identity as Belo Horizonte a Brazilian national. This led to his arrest by the Brazilian authorities under ‘Operation Data Breach’. - US Government Places $10M Bounty on Russian Media Company
The Russian media company Rybar has been responsible for social media campaigns promoting a pro-Russian world view. The US government has now placed a ten-million-dollar bounty on information leading to the indictment or arrest of its key contributors, with the stated reason of election security. - Hackers Breach Pokémon Developers and Leak Source Code
Hackers have breached the developers of the world-famous Pokémon video game franchise and leaked source code of several iterations of the games. Some of which are unreleased titles and demos. The attackers also leaked employee data. - Fake Google Meet Pages Utilized to Deliver Infostealers
Attackers have begun using fake Google Meet pages to get users to run malware on their system as part of the ongoing ClickFix campaign. When attempting to join the fake meet an error will be displayed, prompting users to copy and paste encoded PowerShell commands into the Windows run dialog box claiming it will fix the error, when in fact, this simply executes malicious code. - Intel and AMD Processors Leave Linux Systems Vulnerable
A new vulnerability in Intel and AMD processors, which are being utilized to run Linux based operating systems was discovered by researchers. This takes advantage of Speculative Execution, which is an optimization feature used by modern processors. Abuse can lead to the theft of sensitive information such as passwords.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranking by highest risk and using multiple sources when available: