Cybercriminals for hire, Hive ransomware is busted and the JD Sports breach impacts millions of sportswear buyers. Here are the latest threats and advisories for the week of February 3, 2023.
Threat Advisories and Alerts
U.S. Security Agencies Warn of Malicious Use of RMM Software
A joint cybersecurity advisory issued by the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) warns that legitimate remote monitoring and management (RMM) software is being used for malicious purposes. After cybercriminals gain access to target networks, they use the software as a “backdoor for persistence and/or command and control (C2),” warned the agencies. Network defenders are encouraged to view the full advisory for information on indicators of compromise and mitigations.
Source: https://www.cisa.gov/uscert/ncas/alerts/aa23-025a
Microsoft Issues Urgent Plea to Update Exchange Servers
Microsoft is urging enterprises to patch their Exchange servers, as the mail server platform remains a valuable target for cybercriminals. "Attackers looking to exploit unpatched Exchange servers are not going to go away," wrote the Exchange Team in a blog post last Thursday. While protecting the exchange environment is a never-ending chore for many users, the Exchange Team noted, "Exchange Server CUs and SUs are cumulative, so you only need to install the latest available one.”
Source: https://www.theregister.com/2023/01/28/microsoft_patch_exchange_servers/
Emerging Threats and Research
Bad Actors Wanted: Cybercriminals Offer Competitive Packages to Lure New Hires
As employers around the world seek to fill open roles, cybercriminals are getting in on the action. Between January 2020 and June 2022, cybercrime groups posted over 200,000 job ads on the dark web. While 61% of the ads sought to fill developer roles, threat actors also looked to hire admins, designers, network testers and more. Some positions offered compensation packages that oddly mirrored those of legitimate companies, with benefits that included holiday pay, paid sick leave and salaries as high as seven figures. As to why job seekers would be attracted to such roles, researchers wrote, “Many are drawn by expectations of easy money and large financial gain.”
Hive Ransomware Group’s Servers Seized in Global Cyber-Stakeout
Law enforcement's war on ransomware experienced a major win this week as a global operation seized the websites and servers of the notorious Hive Ransomware group. After gaining access to the gang’s computer networks, the U.S. Federal Bureau of Investigation (FBI) was able to capture Hive’s decryption keys and distribute them to over 300 victims—saving them a reported $130 million in ransom payments to unlock infected systems. The takedown was a global effort that began in July 2022 and consisted of law enforcement agencies from thirteen countries, including Canada, the U.K., Germany, Spain, France and Sweden.
Source: https://www.infosecurity-magazine.com/news/global-dismantles-hive-ransomware/
JD Sports Breach Affects 10 million Customers
The personal details of around 10 million customers were stolen following a breach at U.K. sportswear retailer JD Sports. The attack exposed customer billing details, phone numbers, delivery addresses and other personal information from orders placed between November 2018 to October 2020. The stolen information could be used in social engineering or phishing attacks. JD Sports is notifying affected customers.
Signing Certificates Stolen in GitHub Cyberattack
This past Monday, GitHub confirmed that a cyberattack in December resulted in the theft of three digital signing certificates used for its Atom and Desktop applications. The company, however, found no risk to their services or unauthorized changes to projects. GitHub’s vice president of security operations, Alexis Wales, addressed the issue, writing, “As a preventative measure, we will revoke the exposed certificates used for the GitHub Desktop and Atom applications. Revoking these certificates will invalidate some versions of GitHub Desktop for Mac and Atom.” To continue using the software, GitHub recommends updating the desktop version or downgrading Atom.
Source: https://www.infosecurity-magazine.com/news/github-revokes-certificates-stolen/
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.