Threat Intelligence Report - July 14, 2023.
The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.
NetFire Threat Intelligence Team
US Government Emails Breached Via Microsoft Cloud Exploit
A China-based hacking group, identified as "Storm-0558" by Microsoft, breached an unknown number of email accounts associated with around 25 organizations, including government agencies in Western Europe and the US, by exploiting Microsoft's cloud service. The group utilized forged authentication tokens to gain access to email accounts via Outlook Web Access in Exchange Online and Outlook.com from May 15th, undetected for a month until Microsoft initiated an investigation on June 16th.
Cloud Assets Are Biggest Targets for Cyberattacks
The 2023 Thales Cloud Security Study reveals that 39% of businesses experienced a data breach in their cloud environment last year, up 4% from the previous year, with human error being the primary cause in over half of these breaches. Despite a dramatic increase in sensitive data being stored in the cloud, only 45% of this data is encrypted on average, and there's a lack of control over encryption keys, highlighting critical vulnerabilities in the current state of cloud security.
WordPress Security Plugin Caught Logging Plaintext Passwords
The All-In-One Security (AIOS) WordPress plugin, used on over a million sites, was discovered to be logging plaintext passwords from login attempts to the database, granting any privileged user access to other administrators' credentials. Despite releasing updates to address the issue and remove logged passwords, users complained about site disruptions and passwords not being removed, highlighting the ongoing security risk and suggesting that potentially hundreds of thousands of websites are still vulnerable.
Google Play To Require D-U-N-S Number to Combat Malware Submissions
In the interest of bolstering security and combating the proliferation of malware on Google Play, Google is introducing a new measure requiring all new developer accounts registering as an organization to provide a valid D-U-N-S number, a unique identifier assigned by Dun & Bradstreet, before submitting apps. Additionally, Google is enhancing transparency in the "Contact details" section of app entries on the Play Store by providing more information about the developer, with regular verification of the provided information, and penalizing inconsistencies with app publishing suspension and eventual removal of existing apps.
BMW Ads Latest Tool for Russian Hackers
The state-sponsored Russian hacking group 'APT29' has begun using personal lures, such as car listings, in phishing attempts to trick diplomats in Ukraine into clicking malicious links that install malware. The campaign involves sending an email with a phony car advertisement, which redirects recipients to an HTML page delivering malicious ISO file payloads through HTML smuggling when they click for more photos, thereby evading security software and triggering an infection chain.
Stay safe and stay in touch for more insights.
#NetFireThreatIntelligence #ThreatIntelligence #NetFireCloud #SecureCloud #WordPress #BMW #DNB #Thales #NetOnFire