Cyberattacks are a persistent problem in the online world. Since a lot of our work today involves online operations, staying abreast of the latest hacking patterns is important to take necessary phishing prevention measures. The following are this week’s major phishing news headlines to help you stay updated:
Cyberattack Hits Finland Parliament Website
A cyberattack targeted Finland’s parliament website. The attack comes at a time when Finland and Sweden have applied for NATO membership. Owing to the sensitive and unstable state of national security in Ukraine caused by the Putin-led Russian wars, Finland found security for its nation in NATO membership. The country had foreseen cyberattacks from Russia because of its decision to join NATO. As US President Biden approved Finland’s admittance to NATO, the nation was attacked with DoS attacks on its external servers.
While the parliament, security service providers, and the Cybersecurity Center had taken phishing protection measures to limit the attack’s spread, there was still an expected move of retaliation, aggression, or disapproval from the threat actors towards the NATO membership. Biden’s approval made the US the 23rd nation to approve Finland and Sweden’s acceptance as NATO countries. The US president opined that this move was for the greater security and stability of the world.
Security Flaw in Zimbra Email Suite Detected
A high-severity security flaw in the Zimbra email suite was recently added to CISA’s Known Exploited Vulnerabilities Catalog. The Zimbra flaw allows adversaries to steal users’ login credentials. Tracked as CVE-2022-27824, this flaw was first discovered on March 11th and will enable attackers to steal users’ email account login details without user interaction. Adversaries can also use the flaw to carry out Memcache poisoning using CRLF injection. This, in turn, tricks the software into forwarding all the IMAP traffic to the attackers when users log in.
Since it is a high-severity flaw, CISA has mandated all federal agencies to get the security patch before August 25th. It is typically a Memcached poisoning bug, enabling adversaries to steal information and inject malicious commands. In addition, threat actors can use response smuggling to forward IMAP traffic to a rogue server and smuggle unauthorized HTTP responses.
Zimbra released a patch for this flaw on May 10th in its ZCS 9.0.0 Patch 24.1 and ZCS 8.8.15 Patch 31.1. To ensure protection against phishing, federal and non-federal agencies and other organizations are advised to get the patch immediately.
Cyberattack Hits BRP Inc.
BRP Inc. recently announced that it underwent a cyberattack that temporarily suspended its operations. The Ski-Doo snowmobile and Sea-Doo watercraft maker was compelled to shut down its operations to contain the attack’s spread. As a result of the attack, its share prices had a 0.4% dip and fell to $95.11 on the Toronto Stock Exchange. As part of its phishing attack prevention measures, the company engaged an external cybersecurity firm to investigate the breach and secure its systems.
BRP Inc. made the breach known after announcing its latest acquisition of one of its long-term suppliers – Shawinigan. Amidst its flourishing business deals, this cyberattack comes as a minor hiccup, but BRP Inc. is all set to recover quickly from the breach.
Beware of the AEPIC Leak Attack Method Targeting Intel CPU
Cybersecurity researchers at the Graz University of Technology, the Sapienza University of Rome, Amazon Web Services, and the CISPA Helmholtz Center for Information Security have recently discovered a new Intel CPU attack method. Tracked as CVE-2022-21233, the AEPIC Leak flaw enables attackers to access potentially sensitive user information.
The AEPIC Leak affects the CPU’s Advanced Programmable Interrupt Controller (APIC) component. The APIC is responsible for prioritizing, accepting, and dispatching interrupts to processors. Adversaries can conduct the ÆPIC Leak attack only with privileged access or administrator access to the APIC MMIO. Applications relying on the Intel Software Guard Extensions (SGX) technology are much less susceptible to a ÆPIC Leak as the SGX technology provides anti-phishing protection with protection from privileged attackers.
The researchers who discovered the attack noted that an architectural bug caused the ÆPIC Leak, eventually exposing sensitive data without using any side channels. The ÆPIC Leak has been described as the first CPU bug to expose sensitive data architecturally.
Unfortunately, the recent patch for side-channel attacks does not protect against the ÆPIC Leak attacks. Therefore, Intel is working on microcode updates and SGX SDK patches to ensure protection from the vulnerability.
Data Breach Hits Email Marketing Firm Klaviyo
The email marketing firm Klaviyo recently underwent a data breach where hackers illegally accessed its internal systems and stole employees’ credentials. The initial attack vector was phishing, and the adversaries downloaded marketing lists linked to cryptocurrency-related customer accounts and other Klaviyo products. They also stole customer details such as their names, email addresses, and contact numbers.
The attack occurred on August 3rd when adversaries stole employee login credentials and accessed internal Klaviyo support tools. Thirty-eight customers with a presence in the cryptocurrency industry were affected by this Klaviyo breach. As part of its anti-phishing measures, Klaviyo notified law enforcement and hired third-party security experts to investigate the breach. The company warns customers to watch out for targeted phishing or smishing attacks.
Data Leak at Smartphone Hacking Firm Cellebrite
The Israeli smartphone hacking firm Cellebrite recently underwent a data breach. Cellebrite is renowned for its excellent methods of unlocking iPhones for security agencies and law enforcement in the US. An anonymous group of threat actors recently released 4 TB of data belonging to Cellebrite. This exposed data includes Cellebrite’s Team Foundation Server and its flagship product – Cellebrite Mobilogy.
So far, only journalists and researchers have access to this huge Cellebrite database, and as such, no signs of misuse of the information have been recorded. Approximately 3.6 TB of data was compromised and leaked from Cellebrite Mobilogy and 430 GB of data from Cellebrite Team Foundation Server. Apparently, the leaked data is divided into two parts – Cellebrite Mobilogy and Cellebrite Team Foundation Server. Cellebrite is taking measures to prevent phishing attacks, but so far, the hacker group responsible for the attacks hasn’t been identified. The hacking technique hasn’t been disclosed either.
Cyberattack Hits Colosseum Dental Benelux
A cyberattack recently targeted Colosseum Dental Benelux, which shut down the practices of over 100 of its branches. Colosseum Dental Benelux has over 130 branches across Belgium and the Netherlands. The cyberattack brought down the Colosseum Dental Benelux website and affected dental practices at over 100 such shops. As part of its measures for protection from phishing, the Dutch Data Protection Authority was informed, but the dental clinic chain has not revealed the name of the malware used so far.
Dental practices are expected to restart within a week, but currently, employees cannot access patient information. Cybersecurity experts opine that this could be a ransomware attack. As we await further details, Colosseum Dental Benelux is taking all measures to restore systems and has even invited external security experts to investigate the incident.
Cyberattack Hits 7-Eleven
The US convenience store chain 7-Eleven recently underwent a cyberattack that shut out its outlets across Denmark. Reportedly, the adversaries knocked out their cash tills, disrupting the use of cash registers and payment processing.
To ensure phishing attack prevention, 7-Eleven closed its services until all investigations were completed and more details about the nature of the attack were discovered.