You may hardly find an industry today that is not impacted by phishing attacks. Threat actors don’t spare anyone, be it a typical internet user or an organization with thousands of employees. This is why it is crucial to keep yourself updated about how these attacks happen to ensure you or your organization does not end up being a victim of such cyber threats. Here are threat week headlines that cover how threat actors exploit vulnerabilities and target your information assets.
Malicious Actors Exploit Aiphone Intercom System Vulnerability to Open Doors
Aiphone is the world’s largest intercom systems manufacturer and also makes video and audio entry systems for corporate and residential buildings. Last week, researchers at Promon, a Norwegian application security firm, published a report that suggests an Aiphone intercom products vulnerability that potentially allows hackers to breach the system using an NFC tag and access the buildings. They tracked the security bug as CVE-2022-40903, describing it as an information disclosure vulnerability.
Promon suggests that the bug allows threat actors to “use a mobile with NFC capability to execute a brute-force attack on the entry system to find the admin password. The system allows attackers with network access to try all possible four-digit code combinations and discover the admin passcode,” Promon said. Attackers need a modification app to execute the attack (a custom NFC host-based emulation app mimicking the official administrative tool’s behavior.)
After knowing the administrator passcode, the threat actors use it to update the system with a new NFC tag (by injecting the mobile’s serial number) to gain access into the building. Thus the attackers get the code in plain text that they punch into the keypad and an NFC tag that they can use to enter the building without touching any buttons.
Australia Considers Banning Ransom Payments to Cyber Criminals
Clare O’Neil, Australia’s Home Affairs Minister, said the government is considering making paying ransoms to cyber attackers illegal following recent cyber-attacks that affected millions of Australians. Medibank Private Ltd (MPL.AX), Australia’s biggest health insurer, suffered a massive cyber-attack last month as Australia grappled with a rise in hacks. Earlier in September, along with at least eight other organizations, Australia’s second-largest telco Optus was breached.
The comments come after O’Neil recently formalized the latest cyber-policing model between the Australian Signals Directorate and the Australian Federal Police (AFP) to accomplish “new tough policing” on cybercrime. The partnership between the two federal agencies will have around 100 officers and act as a joint standing operation against threat actors.
The task force will “day in and day out, hunt down the adversaries responsible for the malicious crimes,” she said. Prime Minister Anthony Albanese had previously mentioned the government was doing everything to limit the impact of the Medibank cyber-attack and had set up a dedicated phone service for the affected customers seeking help from the government and Medibank.
New Phishing Campaign Spoofing Spain’s Tax Agency
A brand new phishing campaign came to light in Spain, in which scammers posed as Agencia Tributaria, the Spanish Tax Agency. The phishing attempt begins when the victim receives a fraudulent SMS notifying them about a supposed reimbursement for which they are eligible.
According to the SMS, they must fill out a form on the agency’s website to receive the refund. When the user opens the link, it redirects them to a webpage that looks like the Tax Agency’s official website, asking them for their credit card details, including the PIN and CVV codes.
Aware users can note that while the malicious website mimics the agency’s actual website, it lacks functionality. For example, users can not change the website’s language, although there is an option. When the user enters the credit card info, it appears that the site processes it.
Finally, the site asks victims to enter an OTP that they’re supposed to receive through SMS (the victim never gets it) or open their mobile banking app to receive a reimbursement notification. Of course, there are no notifications or SMS codes, and these are both parts of the phishing attack at work.
The US Health Dept Issues Warning About Venus Ransomware Targeting Healthcare Organizations
The US Department of Health and Human Services (HHS) says that Venus ransomware attacks target the country’s healthcare organizations. Health Sector Cybersecurity Coordination Center (HC3) recently issued an analyst note mentioning that it discovered at least one incident of Venus ransomware targeting the US healthcare organization’s network. However, the report mentions no confirmed data leak website where attackers deploying Venus ransomware publish stolen data online.
“HC3 discovered at least one healthcare entity in the US falling victim to Venus ransomware recently,” says the report. ” The Venus ransomware operators do not operate as a ransomware-as-a-service (RaaS) model, and we are unaware of the existence of any associated data leak site (DLS).” The Venus ransomware attack operators hack into the victims’ publicly-exposed Remote Desktop services and encrypt Windows devices.
Famous UK Motor Racing Circuit Suffers a Ransomware Attack
A famous motor racing circuit in the UK is investigating a ransomware attack after a threat group added it to the victim’s list this week. “We are aware of the development and investigating the matter,” Silverstone Circuit’s spokesperson said. Silverstone Circuit is among the most popular racing circuits in the UK ( hosting the British Grand Prix since 1950).
The Royal ransomware gang took credit for the alleged cyber incident. The British Racing Drivers’ Club (BRDC) operates the circuit, which hosts numerous motorcycle events and Formula One races.
Brett Callow, a threat analyst at Emsisoft, said that the Royal ransomware group is a new gang that follows the encrypt-and-exfiltrate model. “The ransomware is secure, meaning we cannot break its encryption,” Callow said. Another security researcher added that while the group is new, it likely consists of experienced hackers who worked as ransomware groups’ affiliates previously.
Spymax RAT Malware Targets Indian Defense Personnel
Cyfirma, an External threat landscape management firm, reported that a malicious Android package targeted Indian defense personnel for a while. The cybercriminals used a Spymax RAT malware variant and controlled the victims’ devices. Cyfirma says the campaign has been active since at least July 2021. The attackers share an APK file with the victim, masquerading as a promotion letter and promising them the ‘Subs Naik’ rank.
After installing, the app shows a lookalike Adobe Reader icon and asks for multiple permissions like storage, microphone, camera, and internet. The source code of the Spymax RAT variant that the threat actors used is available in underground forums. They circulated a WhatsApp message containing a Google Drive link with a PDF file listing Indian defense personnel recently promoted to higher ranks.
As the campaign has been active for some time and is targeting security personnel, researchers suspect it is the act of a nation-state actor attempting to steal confidential information. However, based on the gathered data, they cannot attribute the campaign to a specific nation-state threat actor.
A DDoS Attack Brings Down Mississippi Election Websites
Several Mississippi state websites got knocked offline during the recent midterm election, making it the day’s most significant digital disruption. A federal official warned that we could expect more as we count ballots.
The Mississippi secretary of state’s office said, “An abnormally large traffic volume increase because of DDoS [distributed denial-of-service] activity led to the periodic inaccessibility of the public-facing side of our websites.”
“We want to remain clear and reassure Mississippians that the election system was not compromised.” A senior CISA (Cybersecurity and Infrastructure Security Agency) official confirmed the attack before the statement.
“We are chatting with them for several hours now and working with the vendors to put the mitigations in place,” the official told reporters. In a Telegram post, a pro-Russian threat group took credit for the cyberattack, which did not interfere with the voting or counting processes.
A Deloitte Employee Masterminds Hacking Attacks on British Businesses
A report mentioned that one of Deloitte India’s office employees was the mastermind behind a computer hacking gang that targeted British businesses, journalists, and government officials. The Deloitte employee, Arvind Jain, has been running a computer hackers’ network for the past seven years. British private detectives hired them to steal the email inboxes of the targets using “phishing“ techniques.
“India deals with the issue with a light touch. There is a need to strengthen the legal framework. After the Covid pandemic, cyber crime’s golden age has begun,” says Pawan Duggal, Founder, and Chairman of the International Commission on Cyber Security Law.