A Bizarre Potluck of the Latest Cyber Attacks

img blog a bizarre potluck of the latest cyber attacks
logo adaptive

In today’s digital age, where the boundaries between the physical and virtual worlds blur with each passing moment, the ever-evolving landscape of cyber threats has become a perplexing and unpredictable potluck.

As we navigate the intricate web of interconnected devices, systems, and data, we find ourselves facing a bizarre assortment of cyber attacks that seem to defy the boundaries of imagination. From covert ransomware operations that hold entire organizations hostage to audacious state-sponsored hacks targeting critical infrastructure, the world of cybersecurity has transformed into a bewildering banquet of threats.

In excerpts from the articles below, you’ll read about the peculiar tactics, motivations, and consequences that make each incident a unique, intriguing, and often unsettling piece of this ever-expanding puzzle.

The extraordinary stories behind these attacks offer insights into the evolving tactics of cybercriminals and the relentless efforts of cybersecurity experts to safeguard our interconnected world. Prepare to be amazed, disturbed, and enlightened as we delve into this strange and ever-changing world of cyber threats.

National Student Clearinghouse data breach impacts 890 US Schools

In snippets from an article by Sergiu Gatlan, he wrote, “In a breach notification letter filed with the Office of the California Attorney General, Clearinghouse said that attackers gained access to its MOVEit managed file transfer (MFT) server on May 30 and stole files containing a wide range of personal information.

The personally identifiable information (PII) contained in the stolen documents includes names, dates of birth, contact information, Social Security numbers, student ID numbers, and some school-related records (e.g., enrollment records, degree records, and course-level data).

According to the data breach notification letters, the data exposed in the attack varies for each affected individual. The complete list of educational organizations affected by this massive data breach can be found here.

Clearinghouse provides educational reporting, data exchange, verification, and research services to roughly 22,000 high schools and around 3,600 colleges and universities.

The organization says its participants enroll roughly 97% of students in public and private institutions.

Clop ransomware gang behind the MoveIT hacks

The Clop ransomware gang is responsible for the extensive data-theft attacks that started on May 27, leveraging a zero-day security flaw in the MOVEit Transfer secure file transfer platform.

Starting June 15, the cybercriminals began extorting organizations that fell victim to the attacks, exposing their names on the group’s dark web data leak site.

The fallout from these attacks is anticipated to impact hundreds of organizations globally, with many already notifying affected customers over the past four months.

Despite the widespread potential victim pool, estimates from Coveware suggest that only a limited number are likely to yield to Clop’s ransom demands. Nonetheless, the cybercrime gang is expected to collect an estimated $75-100 million in payments due to the high ransom requests.

Reports have also revealed that multiple U.S. federal agencies and two U.S. Department of Energy (DOE) entities have fallen prey to these data theft and extortion attacks.”

Air Canada discloses data breach of employee and 'certain records'

In excerpts from an article by Ax Sharma, he wrote, “Air Canada, the flag carrier and the largest airline of Canada, disclosed a cyber security incident this week in which hackers “briefly” obtained limited access to its internal systems.

According to the airline, the incident resulted in the theft of a limited amount of personal information of some of its employees and “certain records.”

“We have since implemented further enhancements to our security measures, including with the help of leading global cyber security experts, to prevent such incidents in the future as part of our ongoing commitment to maintaining the security of the data we hold.”

The succinct incident disclosure did not include any details beyond that—such as what caused the incident, and ended with the company stating it had “no further public comment on this matter.”

This is not the first time Air Canada’s systems have experienced a hack.

In 2018, Air Canada disclosed that the profile information of 20,000 of its mobile app users had been accessed by unauthorized parties.

As a result of this incident, the airline, at the time, had to lockout all of its 1.7 million mobile app accounts as a safeguard.”

Nigerian man pleads guilty to attempted $6 million BEC email heist

In snippets from an article by Bill Toulas, he wrote, “Kosi Goodness Simon-Ebo, a 29-year-old Nigerian national extradited from Canada to the United States last April, pleaded guilty to wire fraud and money laundering through business email compromise (BEC).

Simon-Ebo admitted that in 2017, while he resided in South Africa, he conspired with others in the U.S. to compromise business and employee email accounts.

The scammers then used these accounts to contact businesses with spoofed sender addresses to make it appear that the emails came from trustworthy partners.

The emails contained payment requests and wiring instructions that resulted in the victims sending money to bank accounts controlled by Simo-Ebo and his co-conspirators.

From there, the scammers would move the amounts to other accounts to obscure the money trace before they eventually withdraw cash.

Additionally, the money launderers also used cashier’s checks to write checks to various individuals and business entities, again obscuring the real source of the funds.

According to the plea agreement, the scammers had a high success ratio of roughly 1 to 7, making one million out of the almost seven million they attempted to steal.

“The intended loss for transactions in which Simon-Ebo was directly involved—which were some, but not all of the transactions involving Simon-Ebo and his co-conspirators—was approximately $6,988,249, and the actual loss resulting from these transactions was at least $1,072,306,” explains the U.S. DoJ.

The BEC scourge

Business email compromise is a high-impact, multi-billion-dollar problem that threatens companies and organizations worldwide.

In 2021, the losses associated with BEC schemes reached almost $2.4 billion in the U.S. based on 20,000 complaints received by the FBI that year.

Verizon reported in June 2023 that BEC attacks have almost doubled this year, and they typically start with an email from a legitimate, compromised address.

In March 2023, the FBI warned that BEC fraudsters had diversified their tactics, and now, instead of targeting money directly, they attempt to redirect valuable hardware, construction, and solar energy products.

Also in March, a report from Microsoft warned about the speed of BEC attacks, explaining that the entire process between compromising email credentials, registering typo-squatting domains, and hijacking existing email threats only takes a couple of hours.”

Hotel hackers redirect guests to fake Booking.com to steal cards

In excerpts from an article by Ionut Ilascu, he wrote, “Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers.

By using this indirect approach and a fake Booking.com payment page, cybercriminals have found a combination that ensures a significantly better success rate at collecting credit card information.

Next-level phishing

Typically, researchers observed info-stealer campaigns that targeted the hospitality industry (e.g., Hotels, travel agencies) using “advanced social engineering techniques” to deliver info-stealing malware.

It starts with a simple query to make a reservation, or it refers to an existing one, researchers at cybersecurity Perception Point say in a report earlier this month.

After establishing communication with the hotel, the criminals invoke a reason, such as a medical condition or a special request for one of the travelers, to send important documents via a URL.

The URL leads to info-stealing malware that “is designed to operate stealthily” and collects sensitive data like credentials or financial info.

In a new report this week, researchers at internet company Akamai say that the attack goes beyond the step described above and moves to target the customers of the compromised entity.

“After the infostealer is executed on the original target (the hotel), the attacker can access messaging with legitimate customers” – Shiran Guez, information security senior manager at Akamai

Having a direct and trusted communication channel with the final victim, cybercriminals can send their phishing message disguised as a legitimate request from the now-compromised hotel, booking service, or travel agency.

The message asks for an additional credit card verification and relies on the common ingredients of a phishing text: requires immediate action and uses sound rationale to explain it.

Guez notes that the message “is written professionally and modeled after genuine hotel interactions with their guests,” which eliminates all suspicion of a ploy.

“It is important to remember that this message comes from within the booking site’s message platform itself,” the researcher highlights.

Since the communication comes from the booking site through the official channel, the target has no reason to doubt its legitimacy.

Fake Booking.com page

Guez says the victim receives a link for the alleged card verification to keep the reservation. The link triggers on the victim machine an executable that is encoded in a complex JavaScript base64 script.

The researcher stresses that the script’s purpose is to detect information about the browsing environment, and it is designed to make analysis significantly more difficult.

The attacker also included multiple security validation and anti-analysis techniques to ensure that only potential victims reach the next stage of the scam, which shows a fake Booking.com payment page.”

Ransomware access broker steals accounts via Microsoft Teams

In snippets from an article by Sergiu Gatlan, he wrote, “Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.

The financially motivated threat group behind this campaign is tracked as Storm-0324, a malicious actor known to have deployed Sage and GandCrab ransomware in the past.

“In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,” Microsoft said on Tuesday.

“For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher.”

This open-source tool enables attackers to bypass restrictions for incoming files from external tenants and send phishing attachments to Teams users.

It does this by exploiting a security issue in Microsoft Teams discovered by Jumpsec security researchers that Microsoft refused to address in July after saying that the flaw did “not meet the bar for immediate servicing.”

While Microsoft did not provide details on the end goal of Storm-0324’s attacks this time around, APT29’s attacks aimed to steal the targets’ credentials after tricking them into approving multifactor authentication (MFA) prompts.”

Summing Up the Potluck

The world of cybersecurity has undeniably transformed into a perplexing and ever-evolving landscape of cyber threats, as highlighted by the bizarre potluck of the latest cyber-attacks we have explored in this article. These incidents offer a glimpse into the intricate and often unsettling tactics employed by cybercriminals, as well as the ongoing efforts of cybersecurity experts to protect our interconnected world.

From the extensive data breach affecting numerous educational institutions orchestrated by the Clop ransomware gang, to Air Canada’s recurring struggle with cyberattacks, and the international wire fraud and money laundering scheme executed by a Nigerian national, these stories underscore the diverse and far-reaching nature of cyber threats in our digital age.

Furthermore, the rise of business email compromise (BEC) attacks, exemplified by the staggering losses reported in 2021 and the evolving tactics employed by cybercriminals, serves as a stark reminder of the need for constant vigilance in the face of evolving threats.

Finally, the exploitation of Microsoft Teams for phishing attacks by Storm-0324 illustrates the adaptability of cyber threat actors and the ever-present need for robust cybersecurity measures.

As we navigate this strange and ever-changing world of cyber threats, it becomes evident that collaboration, innovation, and a proactive approach are essential in our collective efforts to safeguard the digital realm. Only by staying informed, vigilant, and resilient can we hope to stay one step ahead of the cyber adversaries that continue to challenge our digital security.

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

Every device connecting to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and certifications fills the gaps in your business’s IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.

Using our proactive cybersecurity management, cutting-edge network security tools, and comprehensive business IT solutions, you can lower your costs through systems that are running at their prime, creating greater efficiency and preventing data loss and costly downtime. With Adaptive Office Solutions by your side, we’ll help you navigate the complexities of cybersecurity so you can achieve business success without worrying about online threats.

To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca