The US Federal Bureau of Investigation’s (FBI’s) security platform InfraGard, a platform created to provide cyberthreat information-sharing collaborations with the private sector, has been hacked. The InfraGard programme holds details of high-profile personalities in the private sector, most of whom manage critical national security and welfare infrastructure such as, but not limited to, power and drinking water plants, financial services, transportation, manufacturing, healthcare, nuclear energy, and communication firms. A database containing contact details of over 87,000 members of InfraGard appears to have been posted on BreachedForums, a cybercrime and hacking forum.
Cybercrime
ChatGPT to be used by cybercriminals, cybersecurity experts warn
ChatGPT, recently created by OpenAI, has alarmed cybersecurity experts. Essentially, this chatbot is an optimising language model which assists users in generating human-like text. Cybersecurity experts have warned that there is a high chance that cybercriminals could use this model to teach them how to craft cyberattacks. Suleyman Ozarslan, the co-founder of cyber resilience organisation Picus Security, tested the chatbot by describing its tactics and techniques of ransomware without using the word ransomware as such. ChatGTP generated a text which provided the ‘pieces’ for ransomware. Namely, Ozarslan stated that the chatbot wrote effective virtualisation/sandbox evasion code that hackers could use, eventually enhancing cybercrime.
New threat actor enhancing Linux cryptocurrency mining attacks identified
Trend Micro security researchers have identified an advanced remote access trojan (RAT) named CHAOS that enhances Linux cryptocurrency mining attacks. It is based on an open-source project in which the main downloader script and further payloads are hosted in different locations to ensure the campaign remains active and constantly spreading. Investigation shows that the main server appears to be in Russia, which is also used for cloud bulletproof hosting. Trend Micro researchers stated that the infection routine of cryptocurrency mining malware seems minor, but organisations and individuals should stay cautious.
North Korean hackers deploy new tactic to seek information from foreign experts
Cybersecurity researchers found that North Korean hackers pretend to work for a think tank to obtain opinions and reports from foreign experts to better understand Western policy on North Korea. According to Reuters, some of the issues raised in the emails concerned China’s reaction to North Korea’s nuclear tests, while researchers dubbed Thallium to be among these hacking groups, which have been targeting government employees, think tanks, academics, and human rights organisations. Microsoft Threat Intelligence Center (MSTIC) told Reuters that the impersonation tactic appears to be quicker than hacking someone’s account, but makes it harder for defenders to stop the emails as it is up to the recipient to identify them most of the time.
Increased Truebot Malware infection identified by threat intelligence research group CISCO
CISCO identified an increased infection of Truebot malware, with a high possibility of its association with the Evil Corp threat actor. CISCO also found that attackers shifted their malicious delivery methods among various techniques. In October 2022, many infections used Raspberry Robin, a recent malware spread through USB drives, as a delivery vector. One of these attacks had a fully featured custom data exfiltration tool named Teleport, which was used to steal information. So far, two Truebot botnets have been identified. The first is distributed online, focusing on Mexico, Pakistan, and Brazil. In contrast, the second mainly focuses on the USA and is almost exclusively composed of Windows servers.
Hospital in France forced to go offline and cancel all operations
A hospital in the Parisian suburb of Versailles, France, has been the victim of a cyberattack which led to the cancellation of all operations and transfer of patients to other hospitals. It appears that the attack was led by ransomware actors, but it is yet unclear whether data was stolen.
Amnesty International Canada target of sophisticated cyberattack
In October 2022, Amnesty International Canada detected and investigated a sophisticated digital security breach. The organisation announced that, according to forensic experts at the cybersecurity firm Secureworks, the attack was likely orchestrated by ‘a threat group sponsored or tasked by the Chinese state’. The conclusion was based ‘on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups’. China’s embassy in Ottawa denied the allegations.
Ransomware attack forces French hospital to transfer patients
A ransomware attack affecting phone and computer systems of the André-Mignot teaching hospital in the suburbs of Paris forced the institution to shut down. While a ransom of an unspecified amount has been demanded, a spokesperson for the hospital had stated that they have no intention of paying it. The attack has caused the hospital to cancel operations and transfer six patients from its neonatal and intensive care units to other health facilities. The attack is currently being investigated by the French National Authority for Security and Defense of Information Systems (ANSSI).
Cybercrime-as-a-service, ransomware still on the rise
Cybercrime-as-a-service is expanding, given its lucrative business model that requires basic technical skills. This is among the key findings highlighted in the 2023 Threat Report issued by cybersecurity company Sophos.
The report also notes that, in addition to the usual malware, scamming and phishing kits, cybercriminals are now selling tools and capabilities that were once reserved for the most skilled and sophisticated attackers. Ransomware-as-a-service has gotten particularly popular among threat actors, leading to a lower entry barrier for would-be criminals. As a mitigation tool, IT managers are looking at Managed Detection and Response (MDR) services to spearhead early detection and interception of attacks.
New guidance note by Council of Europe’s Cybercrime Convention Committee (T-CY) on ransomware
The Council of Europe’s Cybercrime Convention Committee (T-CY) has adopted a guidance note (GN) on ransomware, which outlines how the Budapest Convention and its Second Additional Protocol could be used to criminalise, investigate, and prosecute ransomware-related offences. The GN follows statements from the Convention’s Parties and Observers regarding the surge of major ransomware attacks in recent months.