November 25th – Threat Intelligence Overview

Published:

Weekly Cyber Research Update: November 25, 2024

As the digital landscape continues to evolve, so too does the threat of cyberattacks. This week’s discoveries in cyber research highlight significant breaches, vulnerabilities, and emerging threats that organizations must be aware of. For a comprehensive overview, please download our Threat Intelligence Bulletin.

Top Attacks and Breaches

The week has seen a series of high-profile cyber incidents that underscore the ongoing risks faced by both public and private sectors.

  1. Library of Congress Hacked
    The Library of Congress, a cornerstone of the US Capitol complex, fell victim to a sophisticated cyber espionage attack. This breach exposed sensitive email communications between library staff and congressional offices from January to September 2024. While the attack aimed to gather information on legislative inquiries, it did not compromise the networks of the House or Senate or the US Copyright Office, highlighting the targeted nature of this espionage.

  2. International Game Technology (IGT) Cyberattack
    IGT, a major player in the gambling and lottery industry, confirmed a cyberattack that disrupted its internal IT systems. The attack forced several systems offline, impacting the company’s ability to serve customers globally. As of now, no threat actor has claimed responsibility for the incident, leaving many questions unanswered regarding the motivations behind the attack.

  3. Ransomware Attack on Gob.mx
    The Mexican government’s platform, Gob.mx, was targeted by the ransomware group RansomHub, resulting in the theft of 313GB of sensitive data, including government contracts and financial information. The attackers have threatened to release this data on the dark web unless a ransom is paid within ten days, illustrating the growing threat of ransomware in governmental operations.

  4. Maxar Space Systems Data Breach
    Maxar Space Systems experienced a data breach that compromised sensitive employee information, including Social Security numbers and home addresses. The breach, traced back to a Hong Kong-based IP address, went undetected for approximately a week, raising concerns about the security measures in place to protect sensitive data.

  5. Finastra Data Theft
    The financial services company Finastra reported a cyberattack that resulted in the theft of 400GB of data from its secure file transfer platform. The stolen data, which is now being offered for sale on criminal forums, contains sensitive information related to the company’s financial services clients, posing a significant risk to client confidentiality.

  6. iLearningEngines Cyberattack
    AI training software firm iLearningEngines suffered a cyberattack that led to a loss of $250,000 due to a misdirected wire payment and unauthorized network access. The attacker deleted email messages and accessed files, although the specific contents of these files remain unidentified.

  7. French Hospital Data Exposure
    A cyberattack on a French hospital, claimed by a threat actor known as ‘nears,’ exposed sensitive health records of approximately 750,000 patients. The breach was facilitated through compromised credentials, leading to the leakage of personal health information, including names, addresses, and prescription details.

Vulnerabilities and Patches

In addition to breaches, several critical vulnerabilities have been identified this week, emphasizing the need for organizations to stay vigilant and proactive in their cybersecurity measures.

  1. Palo Alto Networks Firewalls Compromised
    Over 2000 Palo Alto Networks firewalls have been compromised due to two recently patched vulnerabilities: an authentication bypass (CVE-2024-0012) and a privilege escalation flaw (CVE-2024-9474). These vulnerabilities allow attackers to gain administrator privileges, potentially leading to malware deployment on affected devices.

  2. Apple’s Zero-Day Vulnerabilities
    Apple has released patches for two zero-day vulnerabilities in macOS, affecting the JavaScriptCore and WebKit components. These vulnerabilities could allow arbitrary code execution and cross-site scripting attacks, particularly on Intel-based Mac systems, underscoring the importance of timely updates.

  3. Critical Vulnerabilities in Ubuntu Server
    Five local privilege escalation vulnerabilities have been discovered in the needrestart component of Ubuntu Server. These vulnerabilities are actively being exploited, allowing unprivileged users to gain root access without user interaction, posing a significant risk to system integrity.

Threat Intelligence Reports

Recent research has unveiled new tactics and trends in cybercrime, particularly as the holiday shopping season approaches.

  1. Exploitation of Black Friday
    Check Point Research has reported a surge in malicious websites and phishing emails targeting consumers during the Black Friday shopping season. Approximately 3% of new Black Friday-related websites are deemed malicious, often impersonating reputable brands to deceive unsuspecting shoppers.

  2. Ghost Tap Cash-Out Tactic
    Researchers have identified a new cash-out tactic known as Ghost Tap, which exploits NFC relay techniques to steal funds from stolen credit cards linked to mobile payment systems. This method allows cybercriminals to conduct anonymous transactions at point-of-sale terminals, raising alarms about the security of mobile payment systems.

  3. Linux Backdoors Linked to Gelsemium APT Group
    Multiple Linux backdoors, including WolfsBane and FireWood, have been attributed to the China-aligned Gelsemium APT group. These malware variants are designed for cyberespionage, enabling the theft of sensitive data and maintaining persistent access to compromised systems.

  4. Supply Chain Attack Targeting npm and PyPI
    An ongoing supply chain attack, identified as MUT-8694, targets npm and PyPI repositories through typosquatting. This campaign distributes infostealer malware, primarily affecting Windows users, and highlights the need for vigilance when using third-party libraries.

Conclusion

The cyber landscape is fraught with challenges as organizations face an increasing number of sophisticated attacks and vulnerabilities. Staying informed about the latest threats and implementing robust security measures is essential for safeguarding sensitive information and maintaining operational integrity. For more detailed insights, please refer to our Threat Intelligence Bulletin.

Related articles

Recent articles