La veille cyber-sécurité (sem 12 juin 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

MyEasyDocs Exposed 30GB of Israeli and Indian Students PII Data

MyEasyDocs is a Chennai, India based online documents verification platform whose Microsoft Azure server exposed data of over 57,000 students.

Cyberattaques / fraudes

Lockbit gang claims to have hacked cybersecurity giant Mandiant

Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. Mandiant is investigating the claims of the ransomware gang, the cybercrime group declared to have stolen 356841 files from the company and plans to leak them online.

This hacking group quietly spied on their targets for 10 years

Researchers have discovered a stealthy espionage campaign by a most likely China-backed hacking group that has targeted government, education and telecommunication organizations since 2013. The attackers used a range of techniques to infect targets with malware, such as via malicious Word documents, fake removable devices leading users to malicious folders, and fake antivirus vendor icons that led to executable files.

This new Linux malware is ‘almost impossible’ to detect

A joint research effort has led to the discovery of Symbiote, a new form of Linux malware that is « almost impossible » to detect. On Thursday, researchers from BlackBerry Threat Research & Intelligence team, together with Intezer security researcher Joakim Kennedy, published a blog post on the malware – dubbed Symbiote because of its « parasitic nature. »

Ukrainian Officials’ Phones Targeted by Russian Hackers

On Monday, a senior cybersecurity official said that the phones of Ukrainian officials had been targeted by hackers as Russia pursues its invasion of Ukraine. The deputy head of Ukraine’s State Special Communications Service, Victor Zhora, said that phones used by Ukraine’s public servants were the subject of sustained targeting.

Dark web sites selling alleged Western weapons sent to Ukraine

Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders.

Russian Ministry Website Hacked to Display « Glory To Ukraine » Message

A group called « DumpForums » hacked the website of Russian Ministry of Construction, Housing and Utilities to display « Glory to Ukraine » message.

Italian Municipality of Palermo Suffers Cyberattack

On Friday the municipality of Palermo, Italy, suffered a cyberattack. The attack appears to have had an impact on multiple services and operations to both citizens and tourists. Local IT experts have been trying to restore the systems since the attack, however all services, online portals, and public websites remain offline.

Iranian hackers target energy sector with new DNS backdoor

The Iranian Lycaeum APT hacking group uses a new .NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors. Lyceum is a state-supported APT, also known as Hexane or Spilrin, that has previously targeted communication service providers in the Middle East using DNS-tunneling backdoors.

Failles / vulnérabilités

Dark web sites selling alleged Western weapons sent to Ukraine

Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders.

Emotet malware gang shifts to stealing credit cards

The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser.

Justice / police / réglementation

Takedown of SMS-based FluBot spyware infecting Android phones | Europol

This technical achievement follows a complex investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3). The investigation is ongoing to identify the individuals behind this global malware campaign.

FBI Seizes ‘SSNDOB’ ID Theft Service for Selling Personal Info of 24 Million People

FBI seizes SSNDOB online marketplace known for selling personal information such as credit card numbers, and Social Security numbers.

Spanish court calls CEO of Israel’s NSO to testify in spying case

MADRID, June 7 (Reuters) – Spain’s High Court on Tuesday called the chief executive officer of Israel’s software firm NSO Group to testify as a witness in a case opened over the use of its Pegasus software to spy on Spanish politicians.

FBI warning: This gang steals data for ransom, then makes harassing phone calls to pile on the pressure

A cyber-criminal gang is stealing sensitive data from businesses and demanding a ransom payment in exchange for deleting the stolen information – and they’re harassing victim’s employees, business partners and clients in an effort to make extortion attempts as effective as possible.

Twitter pays $150M fine for using two-factor login details to target ads

Twitter has agreed to pay a $150 million penalty for targeting ads at users with phone numbers and email addresses collected from those users when they enabled two-factor authentication. Twitter agreed to the fine and « robust compliance measures to protect users’ data privacy » to settle a lawsuit filed on Wednesday by the US government.

Mandiant: « No evidence » we were hacked by LockBit ransomware

American cybersecurity firm Mandiant is investigating LockBit ransomware gang’s claims that they hacked the company’s network and stole data. The ransomware group published a new page on its data leak website earlier today, saying that the 356,841 files they allegedly stole from Mandiant will be leaked online. « All available data will be published! »

Suisse

Lancement de l’Institut national de test pour la cybersécurité

L’Institut national de test pour la cybersécurité (NTC) annonce son lancement officiel, avec le soutien du canton de Zoug. Cette structure sans but lucratif a pour objectif de vérifier la fiabilité et la sécurité des produits connectés et des applications numériques.

Divers

Russia: Cyber-Attacks Could Escalate Military Conflict

The Russian government has reportedly warned the US and its allies that they risk a « direct military clash » if cyber-attacks on its infrastructure continue. The threats follow reports earlier this week that Russia’s Ministry of Construction, Housing and Utilities website had been hacked and defaced with the message « Glory to Ukraine » posted on its homepage.

Darknet : le célèbre supermarché illégal AlphaBay ressurgit au premier plan

Démantelée en 2017, la plus grosse place de marché illégale de tous les temps refait surface et retrouve la première place du podium. Mais à une moindre échelle. Les temps changent, mais pas vraiment.

Veilleur et spécialiste en cybersécurité