Tuesday Morning Threat Report: Jan 23, 2024
Where the news is always bad, but the analysis is always good.
Good morning all and happy Tuesday!
Microsoft is hacked by Midnight Blizzard, calendar invites hacking emails, and PixieFAIL jeopardizes millions of devices. Let’s dive in!
Top Stories:
This week’s biggest headlines. Analysis section below.
Midnight Blizzard Hacks Microsoft: Microsoft warns that Midnight Blizzard, a Russian cyberespionage group, has hacked some of their corporate email accounts — including accounts belonging to senior leadership and the cybersecurity teams.
Custom GPTs Leak Training Data: OpenAI has rolled out the GPT store, which allows people to train their own GPTs with private data. Researchers at Northeastern University found the private training data can be extracted from these models.
71M Passwords Dumped: Researchers have found a release of 71 million passwords, which have been circulating on the dark web for months. The passwords are for sites including Facebook, eBay, and Yahoo mail.
Chrome Zero-Day: A high-severity “zero-day” vulnerability has been discovered in Google Chrome. This vulnerability is actively being attacked, and Google has released an emergency patch for it.
Feds Warn About Androxgh0st: The U.S. FBI and Cybersecurity Infrastructure and Security Administration (CISA) have issued a warning about cybercriminals using the Androxgh0st botnet malware to steal credentials for AWS, Microsoft O365, and Twilio.
Iranian-Linked Hacking Group Targets Researchers: Mint Sandstorm, an Iranian-linked hacking group, has been observed by Microsoft’s Threat Intelligence team to be targeting key Middle Eastern affairs researchers with a custom backdoor attack.
Calendar Invites Leaking Your Password?: Cybersecurity firm Varonis is issuing a warning about a 1-click vulnerability regarding Microsoft Outlook Calendar invites. By clicking “accept” to a meeting, the user’s hashed password can be stolen.
Breaking Crypto’s Anonymity: When Bitcoin first came into existence, it was thought to be an anonymous payment method, which quickly made it popular with drug dealers and cybercriminals. This story details the 27 year-old grad student who broke the anonymity.
My Takeaways
Analysis based on this week’s news and my experience in the industry. More headlines below in the Lower Echelon.
Breaking Bitcoin: On the heels of the financial crisis, Halloween day, 2008, an anonymous person using the pseudonym Satoshi Nakamoto published a research paper laying the foundation for Bitcoin. The premise of Bitcoin was that it would be a decentralized payment system, safe from any government’s control, and could allow financial transactions to be anonymous. After a slow start and criticism in the research community, Bitcoin began to catch on in various ways — from privacy advocates to cybercriminals. In 2011, an internet black market known as the “Silk Road” launched, with all sales occurring in Bitcoin. At its peak, Silk Road had 10,000+ products (the majority of which were illegal drugs and fake IDs) and processed over $180 million in sales.
In 2013, a grad student at the University of California San Diego, Sarah Meiklejohn, shattered the aura of privacy that Bitcoin obtained up to that point. Bitcoin exchanges rely on a “public ledger,” meaning all transactions from one crypto wallet to another are recorded and available for anyone to view. Micklejohn conducted hundreds of Bitcoin transactions from various crypto wallets she controlled. Next, she queried a database of all 16 million Bitcoin transactions that had occurred up until that point in 2013, looking for transactions that included the unique identifier of her wallets. The queries would take hours to run, but in the end she was able to prove that Bitcoin transactions were traceable and not anonymous.
Once Bitcoin was no longer anonymous, law enforcement began to use it to crackdown on various criminal enterprises. Hundreds of pedophiles went to jail. The largest dark web marketplace was taken down. The mystery of $500 million in stolen Bitcoin was cracked. There is an important lesson to be learned in the unraveling of Bitcoin’s reputation of privacy. It is true that there were millions of complicated transactions and a lot of nuance to Bitcoin. However, all of those transactions were publicly available to be understood to someone with enough time, energy, and computing resources. Sarah Meiklejohn helped illustrate something important — complexity is not the same thing as security.
The Lower Echelon:
Interesting cybersecurity news that didn’t quite make the cut to be a top story.
GitHub Used For Attacks: Security researchers at Recorded Future have warned that GitHub Services is increasingly used for cyberattacks. As over 100 million developers use GitHub, traffic from it is often not blocked by companies, which allows malicious code an opening to organizations.
Scanning For Weakness: A bot has been discovered that scans the open internet looking for weakly secured SQL databases, hacks them, and deletes all data. Next, it posts a note demanding a ransom for a data restore, but upon paying, victims learn their data has been permanently deleted.
VF Corporation Data Breach Impacts 35M: VF Corporation, the parent company to brands such as North Face and Vans, suffered a data breach that resulted in personal information on 35.5 million customers being stolen and some corporate systems being encrypted.
PixieFAIL Vulnerability Jeopardizes Millions Of Devices: UEFI is a standard that specifies how a computer’s hardware and OS interact. Researchers at Quarkslab have identified 9 vulnerabilities in the UEFI, dubbed PixieFAIL, which impacts millions of devices.
U.S. Warns About Chinese Drones: The U.S. FBI and CISA have issued a warning about drones manufactured in China. Due to the Chinese government’s ability to access Chinese companies’ data, it poses a risk to U.S. critical infrastructure.
GPU Chips Vulnerability: A security flaw in GPU’s designed by AMD, Apple, and Qualcomm can allow users on shared system to view other users’ data. This has significant impacts for AI systems, that frequently rely on shared GPUs.
Environmental Services DDoS Attacks Increase: According to Cloudflare, 2023 saw a 61,839% year-over-year increase for distributed denial-of-service (DDoS) attacks on environmental services companies.
Citrix Encourages NetScaler Patching: Citrix is encouraging customers to patch its NetScaler ADC and Gateway products. Security flaws within these products allow attackers to remotely execute code or cause a denial of service.
New Docker Attack: Cado Security found a campaign targeting vulnerable Docker servers, deploying an XMRig miner and 9hits viewer app, a first for malware. Attackers use Dockerhub images and visit sites for credits.
On the right side of this page, you can follow and subscribe to receive this newsletter to your inbox weekly (no Medium account needed, just sign in with Google)!
Thanks for reading! See everyone next week!
About the author: Mark is a cybersecurity architect and consultant for leading cybersecurity consultancy Aujas.
