Round Up of Major Breaches and Scams
Corporate CEOs could soon be personally liable if they fail to adequately secure IT systems connected to the physical world, Gartner has warned. The analyst firm predicted that as many as 75% of business leaders could be held liable by 2024 due to increased regulations around so-called “cyber-physical systems” (CPSs) such as IoT and operational technology (OT). Gartner defines CPSs as “engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world, including humans.”
Here’s a phishing email we received recently that ticks all the cybercriminal trick-to-click boxes. From BEC, through cloud storage to an innocent-sounding One Note document, right into harm’s way. Instead of simply spamming out a clickable link to as many people as possible, the crooks used more labyrinthine techniques, presumably in the hope of avoiding being just one more “unexpected email that goes directly to an unlikely login page” scam.
A Chinese university professor has been handed an 18-month jail sentence for stealing IP from two US companies several years ago. Hao Zhang was charged in 2015 along with five other Chinese nationals with economic espionage and theft of trade secrets. While the five remain at large, most likely in China, Zhang made the mistake of re-entering the US and was promptly arrested. He is said to have met one of the co-conspirators, Wei Pang, while the two were studying doctorates in electrical engineering at a California university.
The Australian Computer Emergency Response Team (AusCERT) denied claims today that hackers had breached the Department of Education, Skills, and Employment (DoE), and downloaded the personal details of more than one million students, teachers, and staff. Rumors of a supposed hack first surfaced yesterday after a hacker shared an archive file on a hacker forum, which they initially advertised as data obtained from the Australian DoE.
Round Up of Major Malware and Ransomware Incidents
Earlier this year, BleepingComputer reported on hackers hiding malware in fake Windows error logs. After gaining access to a Windows system and achieving persistence, the malware would read from a “.chk” file that impersonated event logs. The apparent hexadecimal characters on the right side are actually decimal characters used to construct an encoded payload via rogue scheduled tasks.
A China-based APT has been sending organizations spear-phishing emails that distribute a never-before-seen intelligence-collecting RAT dubbed Sepulcher. Researchers discovered the new malware being distributed over the past six months through two separate campaigns. The first, in March, targeted European diplomatic and legislative bodies, non-profit policy research organizations and global organizations dealing with economic affairs. The second, in July, targeted Tibetan dissidents.
Elon Musk, chief executive of Tesla TSLA -4.7% confirmed in a tweet that the company dealt with a potentially harmful attack planned by Russian National to install ransomware software on Tesla’s computer network. The ransomware attack would have encrypted Tesla’s files exposing them to the hacker’s servers. However, the Tesla employee notified the $1 million bitcoin bribe to authorities leading the FBI to arrest Russian hacker Egor Igorevich Kriuchkov on August 22 in LA. Kriochkov now faces up to 5 years in prison for his scheme.
Round Up of Major Vulnerabilities and Patches
Cisco Systems says hackers are actively exploiting previously unpatched vulnerabilities in its carrier-grade routers that could allow adversaries to crash or severely disrupt devices. The vulnerabilities exist in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software and could allow an unauthenticated, remote attacker to immediately crash the Internet Group Management Protocol (IGMP) process, the company warned in an advisory over the weekend.
Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions. On the morning of September 1, Arsys’s Gonzalo Cruz was the first to discover the flaw and the fact that it was already being exploited by attackers to upload malicious PHP files onto vulnerable websites.