The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Killnet strikes. Russian group claims DDoS attacks on major US airports.
- BidenCash bonanza. Huge repository of credit card data leaked for free on new dark web market.
- The rise of drone-based Wi-Fi attacks. Modified drone used in network snooping attack.
- Toyota own goal. Access key to database left unprotected on GitHub for five years.
- Biden’s cyber security labels. White House proposes new voluntary cyber security labels for IoT manufacturers.
- Time to patch! Microsoft releases patches for 84 flaws, including two zero-day vulnerabilities.
1. KILLNET STRIKES
Pro-Russia hacktivist group Killnet has claimed responsibility for several large-scale DDoS attacks on more than a dozen major US airports. Airport websites across the country, including Los Angeles International and Atlanta Hartsfield-Jackson, were taken offline, restricting access to flight updates and booking of airport services. The attacks did not impact flight operations, with all airports remaining functional.
In a separate incident, Killnet claimed responsibility for an attack on JPMorgan Chase. The bank has refuted these claims.
2. BIDENCASH BONANZA
BidenCash, a dark web marketplace launched in June 2022, has published over 1.2 million credit card details as a promotional exercise, allowing anyone to download them for free. The leak includes card numbers, expiration dates, and CVV numbers, as well as more sensitive information such as social security numbers and home addresses.
3. THE RISE OF DRONE-BASED WI-FI ATTACKS
A security researcher has raised an incident in which an adversary used a modified drone to infiltrate the wireless network of a US-based financial institution. The drone was discovered on the roof of the building, outfitted with network penetration tools.
The drone intercepted an employee’s credentials that were later used in an attempt to access further credentials stored on the internal network. Quick action by incident responders shielded the network from further exposure.
Organisations should monitor for unrecognised devices connecting to their networks. Having a well-documented inventory of devices can help, but, it could also be worthwhile to periodically scan the roof for drones!
4. TOYOTA CUSTOMER DATA EXPOSED FOR FIVE YEARS
Toyota has disclosed that it suffered a data breach after a third-party contractor left a sensitive access key exposed on the public code repository GitHub. The key was accessible for five years until access to the repository was made private last month, potentially allowing threat actors to access personal data of almost 300,000 customers.
5. CYBER SECURITY LABELS FOR INTERNET OF THINGS DEVICES
The Biden Administration has announced plans for a cyber security labelling programme, which it hopes will improve digital safeguards on internet of things (IoT) devices. The standards under consideration include ratings on how often a manufacturer deploys patches, as well as whether devices are connecting to the internet without a password. The European Union announced similar legislation last month, aimed at reducing common vulnerabilities and attack vectors.
Given the proliferation of IoT devices, it is imperative that organisations understand the vulnerabilities most commonly associated with them to ensure they do not become unexpected attack surfaces.
6. PATCH TUESDAY
For October’s Patch Tuesday, Microsoft has released fixes for 84 flaws. This includes an actively exploited zero-day vulnerability (CVE-2022-41033), which allows threat actors to obtain elevated privileges to vulnerable devices. However, the two Microsoft Exchange zero-day vulnerabilities, dubbed ProxyNotShell, which we discussed in last week’s edition, remain unpatched.
Separately, a recently fixed authentication bypass security bug, affecting a number of Fortinet products, is now seen to be actively exploited in the wild.
Organisations should review whether any affected software is employed in their estate and, if so, implement available patches as soon as possible.