The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Patch me if you can. Microsoft addresses critical Elevation of Privilege vulnerability.
- Big-game hunting. SpaceX supplier and Amazon subsidiary named on ransomware leak sites.
- Stress-ercise. European Central Bank to conduct stress tests on banks.
- Innovative hacking techniques. Hackers leverage LinkedIn and fake ChatGPT Chrome extensions.
- Compromised data. AT&T data breach impacts 9 million customers.
- Splat the NetWire RAT. Law enforcement operation seizes the NetWire RAT infrastructure.
1. PATCH TUESDAY INCLUDES CRITICAL ELEVATION OF PRIVILEGE VULNERABILITY
A high-risk vulnerability (CVE-2023-2397) in Microsoft Outlook has been exploited by threat actors to escalate privileges since April 2022. With no user interaction required, a specially crafted email can give attackers access to hashed credentials, which can then be used to authenticate to other services. Microsoft has released a patch, but the vulnerability is expected to be increasingly leveraged by threat actors going forward.
Microsoft also patched another zero-day vulnerability that bypassed certain security features and numerous other flaws. Other major vendors including Apple, Cisco, Google and Fortinet also released security updates for March 2023.
2. SPACEX SUPPLIER AND AMAZON SUBSIDIARY BOTH NAMED ON RANSOMWARE LEAK SITES
LockBit is threatening to leak thousands of SpaceX blueprints after claiming an attack on third-party supplier Maximum Industries. In a separate incident, BlackCat claimed an attack on Amazon subsidiary Ring, the doorbell and security supplier, after naming them on their dark web leak site.
Incident Response Plans (IRPs) should account for public relations strategies in the event that a breach becomes public.
3. ECB TO STRESS TEST BANKS ON CYBER RESILIENCE
The European Central Bank (ECB) is planning to evaluate the cyber resilience and response capabilities of banks under its supervision from 2024 by conducting stress tests that simulate various cyber attack scenarios. The initiative aims to enhance the financial sector's resilience to cyber threats
4. HACKERS LEVERAGE LINKEDIN AND FAKE CHATGPT CHROME EXTENSIONS
North Korea-backed hackers have been targeting security researchers in a campaign aimed at gaining access to their employers. The hackers are using fake LinkedIn accounts and spear-phishing emails with job recruitment themes to trick targets into installing malware.
A fake ChatGPT Chrome extension has been discovered to hijack Facebook accounts and create rogue admin accounts to advertise malware. Since 3 March 2023, the extension has attracted 2,000 installations per day, and even received promotion through Facebook-sponsored posts. Google has since pulled the extension from the Chrome Web Store.
Exercise caution when receiving unsolicited messages and double-check the authenticity of any links or attachments sent via email or SMS. Additionally, downloading browser extension on corporate devices should be avoided without approval from your organisation’s IT department.
5. AT&T SUFFERS DATA BREACH
AT&T, a major US telecommunications firm, suffered a data breach that affected 9 million customers due to a supply chain cyber attack. The attack on AT&T’s marketing vendor exposed Customer Proprietary Network Information, including names, wireless account numbers, phone numbers, and email addresses of customers.
Organisations should conduct thorough and regular due diligence on their third party vendors/providers, evaluating that appropriate security controls are in place.
6. COORDINATED LAW ENFORCEMENT OPERATION DISRUPTS THE NETWIRE SERVICE
Last week, global law enforcement arrested the administrator and seized the web domain and hosting server of the NetWire remote access trojan (RAT).
The NetWire RAT is popular among cybercriminals in phishing attacks, granting them remote access to compromised computers, the power to execute commands, and the ability to download malicious programs onto victims’ devices.
This case is another example of the growing efforts made by international law enforcement agencies to disrupt the criminal cyber ecosystem.