• About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consulting Services
    • Cyber Executives
  • News & Resources
    • In the News
    • Blog
    • Resources
  • Contact
Can We Help?
  • About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consultancy Service
    • Cyber Executives
  • News & Resources
    • In the News
    • Blogs
    • Resources
  • Contact
  • Can We Help?

September Security Roundup

Currently, the world faces not one pandemic but two: Coronavirus and the rise of ransomware attacks.

While both have negatively impacted the economy, in the case of cybercrime, lax security measures allow hackers to have an easy way to make a fortune in ransom claims. Malicious software makes it simple for hackers to access data, encrypt it and hold it hostage until the victim organisations pay the hefty ransom. Cybercrime is rapidly growing, so it's key that organisations need to stay vigilant of the ongoing threats around them.

Here are just some of the attacks that have recently taken place:

Thailand visitors have data exposed

More than 106 million international travellers to Thailand were the unfortunate victims of a cyber attack that resulted in the exposure of their personal details such as full names, passport numbers, arrival dates and more. The database was published online without a password meaning it was accessible by anyone who wanted to go looking for it, putting the victims in a vulnerable position. The exposed data was secured three days after its discovery on the Censys search engine, but there is no way of telling if or what PII was exfiltrated to be exploited at a later date. (source)

The return of the REvil Ransomware group

Following a short hiatus after its attack on Kasey earlier this year, the infamous REvil Ransomware group got most of its infrastructure back online. Currently, there have been no new samples posted on the Happy Blog, meaning that the group hasn’t launched any known attacks personally, with its last attack on the 8th of July 2021. However, ransomware experts are suggesting that the group will return under a different name and with a new ransomware variant. (source)

The largest documented DDoS attack in history

In early September, Yandex reported one of the biggest Distributed Denial of Service (DDoS) attacks in history, which intended to overwhelm its systems to the point they would have to shut down. While the flood of junk traffic peaked on September 5th, Yandex managed to stave off the record attack of nearly 22 million requests per second and effectively defend against the large-scale barrage. (source)

Microsoft uncovers something phishy

In late September, Microsoft uncovered a large Phishing-as-a-Service operator providing a start to finish phishing attack service for the maximum price of $800 (around £600). Known under the trio of names BulletProofLink, BulletProftLink or Anthrax, the service is advertised via cybercrime forums where it offers phishing templates used to deceive victims into believing authenticity (for between $80 to $100 per template) and carries out social engineering phishing attacks. (source)

Hackers can steal your money when your iPhone is locked

A vulnerability within iOS has been discovered that would allow a malicious actor to use a stolen, locked iPhone to pay for thousands of pounds worth of goods. Malicious actors could use a man-in-the-middle (MITM) attack method to grant them authorisation of Powered-On iOS devices with Apple Pay enabled using commercially available tech. The android application modifies the communication using Apple’s Express Transit (implemented in iOS 12.3) vulnerability though neither Apple nor Visa have any plans to patch the error any time soon. (source1) (source2)

RaidForums makes its staff area public

The underground security forum RaidForums recently had hidden the staff area of its website exposed to the clearnet. The data breach marketplace is where threat actors often sell or leak illicitly obtained data dumps. The section of the forum intended to be concealed for staff use only, was up until recently, found accidentally indexed on google.com sharing private data and tips like how to create personas, user banning records, site hosting preferences and more. (source)

Hackers impersonate bank clerks and steal from the elderly

A group of nine individuals have been arrested and face criminal charges after defrauding multiple people by manipulating their caller IDs to appear as though calls were coming from verified banks. They called victims to claim their bank accounts had been hacked and that the only way to secure their money was to transfer it across into a secure vault. Of course, the vault was simply an account the hackers had access to. Unfortunately, the Dutch police receive 200 reports like this every single day. It is a real problem that they are trying to get under control. (source)

Scammers romance victims into downloading bogus apps

A scam dubbed CryptoRom has been spotted targeting users on dating apps such as Tinder, Bumble and Grindr to form friendships with the victims before tricking them into installing completely bogus trading apps on their iPhones. Victims are convinced to invest in the app, only for their funds to be later stolen by the scammers. According to a study of a bitcoin wallet maintained by them, they have made about $1.4 million from the scam by using Apple's Enterprise Developer Program. These findings show how fraudsters are using Apple's distribution mechanism, known as Super Signature services, to target iOS users. Furthermore, the researchers discovered malicious programmes tied to these scams that use configuration profiles that take advantage of Apple's Enterprise Signature distribution method. (source)

A VPN provider’s misconfiguration exposes PII of one million users

Free VPN service, Quickfox, used by Chinese residents to access sites from outside of mainland China had inadequately configured its Elastic Stack security leaving a server exposed and accessible. Unfortunately, with no password protection or encryption, at least one million users had their PII exposed. A 100GB trove containing 500 million records, including customer emails, IP addresses, phone numbers, and other PII, as well as system data on 300,000 clients, was discovered by researchers. The server has yet to be secured. (source)

A REvil/Sodinokibi ransomware universal decryption key us out

Back in July, a universal decoder for the ransomware distributed by REvil ransomware group was found. Originally, it was hidden to be used by victims of the Kaseya breach only. How they came about this key was unknown, but recently Bitdefender discovered a universal decryption key and freely distributed it to anyone in need of it and released a guide to the decryption of the seized files. (source1) (source2)

Apple Patches Zero-Click

In September, the NSO group was discovered using a zero-click, zero-day weakness within Apple's iMessage service by exploiting pdfs and its vulnerabilities to put spyware on people. Fortunately, Apple has recently patched the issue, and you can find out more about it in our recent blog here.

Babuk ransomware’s full source code leaked on hacker forum

In early September we discovered a threat actor had released the source code for the Bubuk or Babuk Locker ransomware allowing security specialists to analyse the source code and its operations. Allegedly, the threat actor decided to do so out of guilt and claimed in their post that they were terminally ill, stating they still "have time to live like a human.” If you want to know more about Babuk Locker, you can read our Threat Report by Zachary Goggins here. (source)

Related articles

Posted on December 29, 2021

What is SquirrelWaffle?

SquirrelWaffle is known as a dropper malware, where it would be used to download additional and potentially more destructive malware onto…

Posted on December 16, 2021

CSA Awards of the Year 2021

As we near the end of year, an incredibly busy year for our teams in terms of growth and innovation, we wanted to take a moment to…

Posted on December 14, 2021

Cyber Essentials Changes: Here's Everything You Need To Know

Rapid digital transformation, mass adoption of cloud-based services and migration to home-working were necessary changes for businesses…

Posted on December 8, 2021

CSA 12 Days of Cyber Christmas

As the end of the year fast approaches, we wanted to share a little refresher on ways to ensure your technology and data remains…

Posted on December 1, 2021

Planning To Shop Online This Holiday Season? Here Are The Cybercrimes You Need To Be Aware Of

Black Friday and Christmas are considered a blessing and a curse within the retail industry. It’s a time where retailers…

Posted on October 20, 2021

This Apple “AirTag” Vulnerability could be harvesting your credentials

During late September, the headlines were hit with the news of a vulnerability within Apple’s AirTag…

Posted on October 10, 2021

Is Data More Valuable Than Jewels? The A-List Cyber Heist That’s Putting Ransomware Attacks On The Map

Cybercriminals don’t discriminate. It doesn’t matter how famous you are, if your information is vulnerable…

Posted on October 6, 2021

CSA adds Lookout Mobile Endpoint Security to growing solutions portfolio

Following the global pandemic, the mass migration to remote working was a necessary move…

Posted on September 15, 2021

​​The Rising Popularity of NFTs and The Rising Security Threat

The art world is known for being ahead of the curve, adopting new and interesting technologies to…

Posted on September 7, 2021

TG1021 (Praying Mantis): The new threat actor group that could be targeting your IIS servers!

Recently, an infamous threat actor group going by the name of TG1021 or Praying Mantis…

Posted on August 19, 2021

Is Cyber Training and Education working?

The report from the ICO on the ‘surprising’ decline in personal data breaches…

Posted on August 13, 2021

How did an unknown hacker steal over $600M in cryptocurrencies in the biggest ever crypto based cyber-attack?

On 10th August 2021, Poly Network announced in a tweet that it had been attacked…

Posted on May 12, 2021

How to Prevent a Ransomware Attack

According to a 2020 survey by Sophos, 51% of organisations were hit by Ransomware in the last year…

Posted on March 23, 2021

Is your Microsoft M365 service secure from attackers? Are you sure?

The mass migration to remote working as a result of the coronavirus pandemic has…

Posted on January 10, 2021

Covid-19: How to prepare your staff
for remote working

Since the initial Covid-19 outbreak, the nation’s workforce had to learn to quickly…

Posted on December 13, 2020

Covid-19: Cyber Criminals Launch
Their Own ‘Virus’

Whilst the world is currently preoccupied with public health, cyber attackers have taken…

Posted on November 20, 2020

The rise of Covid-19 phishing scams

Whilst the rollout of the Covid-19 vaccine across the UK brings with it the good news…

About

  • About Us
  • Our Expertise
  • Meet The Team
  • Careers

Managed Services

  • Overview
  • Monitoring & Detection
  • Protection
  • Response
  • Training

Consultancy

  • Consulting Services
  • Cyber Executives

News & Resources

  • In the News
  • Blog
  • Resources

Cyber Assessments

Can We Help?

Partner Portal

Contact

Head Office Unit 11, Wheatstone Court, Waterwells Business Park, GL2 2AQ
©2022 Cyber Security Associates. All Rights Reserved.
Terms of Use Privacy Policy
Powered by P1C
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.
Cookie settingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT

Can We Help?