L’hebdo cybersécurité | 19 mars 2023

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Police shut down dark web crypto laundering service linked to FTX hack

The FBI and other International, law enforcement agencies took down a crypto laundering service linked to the FTX hack and ransomware gangs.

Google says hackers could silently own your phone until Samsung fixes its modems

Project Zero, Google’s team dedicated to security research, has found some big problems in the Samsung modems that power devices like the Pixel 6, Pixel 7, and some models of the Galaxy S22 and A53.

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases.

LockBit Ransomware Claims Data Breach at SpaceX Contractor

The infamous LockBit ransomware group has given a deadline of March 20th, 2023 for their demands, which as expected, is a ransom.

US Marshals Service Data Sold on Russian Hacker Forum

The hacker is selling 350 GB of data stolen from the US Marshals Service for $150,000, supervised by the forum’s guarantor.

Hackers steal $197 million in crypto in Euler Finance attack

Lending protocol Euler Finance was hit by a cryptocurrency flash loan attack on Sunday, with the threat actor stealing $197 million in multiple digital assets. The cryptocurrency theft involved multiple tokens, including $8.75 million worth of DAI, $18.5 million in WBTC, $33.85 million in USDC, and $135.8 million in stETH.

RAT developer arrested for infecting 10,000 PCs with malware

Ukraine’s cyberpolice has arrested the developer of a remote access trojan (RAT) malware that infected over 10,000 computers while posing as game applications. « The 25-year-old offender was exposed by employees of the Khmelnychchyna Cybercrime Department together with the regional police investigative department and the SBU regional department, » reads the cyberpolice’s announcement.

Hitachi Energy confirms data breach after Clop GoAnywhere attacks

Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a GoAnyway zero-day vulnerability. Hitachi Energy is a department of Japanese engineering and technology giant Hitachi focused on energy solutions and power systems. It has an annual revenue of $10 billion.

Emotet malware now distributed in Microsoft OneNote files to evade defenses

The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. Emotet is a notorious malware botnet historically distributed through Microsoft Word and Excel attachments that contain malicious macros.

https://thehackernews.com/2023/03/multiple-hacker-groups-exploit-3-year.html

Microsoft Zero-Day Bugs Allow Security Feature Bypass

IT teams should prioritize the patching of two zero-day vulnerabilities, one in Microsoft Outlook’s authentication mechanism and another that’s a Mark of the Web bypass, security experts said today. The two are part of a cache of 74 security bugs that Microsoft disclosed in its March Patch Tuesday security update.

‘Vile’ Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit

Two gang members are being charged for allegedly threatening to release personal information and impersonating law enforcement in an effort to dox victims. Source: wsf AL via Alamy Stock Photo Two individuals, belonging to a crime group known as « Vile, » are being charged with wire fraud and conspiracy to commit computer intrusions after allegedly breaching a law enforcement database and using stolen data to blackmail their victims. Members of the group threatened to release their personal information on public websites.

https://www.itsecurityguru.org/2023/03/17/tiktok-to-be-banned-from-uk-government-phones/?utm_source=rss&utm_medium=rss&utm_campaign=tiktok-to-be-banned-from-uk-government-phones

Russian hacktivist group targets India’s health ministry

A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens. « On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website, » cybersecurity firm CloudSek said in a post.

Exclusif : Incendie OVH Strasbourg, 2e condamnation à près de 145 000€ (MAJ) – Le Monde Informatique

Après une première condamnation, OVH est à nouveau condamné suite à l’incendie du datacenter de Strasbourg. En l’espèce, il s’agit d’un éditeur de logiciel SaaS de pilotage de projet dans les métiers de la construction, Bluepad à Metz, qui obtient une réparation de ses préjudices à plus de 150 000 euros.

Selon le FBI, moins de plaintes mais plus de pertes pour les cyberattaques en 2022 – Le Monde Informatique

Dans son dernier rapport Internet Crime Report 2022, le FBI dresse un état des lieux des cybermenaces ayant marqué l’année écoulée. La fraude à l’investissement en crypto-monnaie est passé de 907 M$ en 2021 à près de 2,6 Md$ en 2022. Les fournisseurs, clubs en sécurité de l’information (Cesin, Clusif…)

Les cybercriminels ciblent les clients de la Silicon Valley Bank – Le Monde Informatique

Des chercheurs en sécurité ont découvert que des cybercriminels ont déjà enregistré des domaines et des pages suspectes liés à la Silicon Valley Bank pour mener à bien leurs attaques. La déroute de la Silicon Valley Bank (SVB) qui s’est déroulée le week-end dernier est clairement une opportunité pour les cybercriminels en ciblant les clients de la banque des start-ups.

Kaspersky livre un déchiffreur pour un ransomware basé sur Conti – Le Monde Informatique

Les victimes du groupe de ransomware MeowCorp ont peut-être un espoir de retrouver leurs fichiers. Kaspersky a publié un outil de déchiffrement qui marche pour ce malware, une déclinaison de Conti. Les ransomwares ne sont pas une fatalité, il arrive que des chercheurs trouvent des moyens de déchiffrer les données verrouillées par les cybercriminels.

Hack crypto : 197 millions de dollars volés grâce à une faille… et une tactique bien connue

Un nouveau piratage secoue le monde des cryptomonnaies. En exploitant une faille de sécurité passée inaperçue pendant huit mois, des hackers ont pu voler 197 millions de dollars en monnaies numériques. Ce lundi 13 mars 2023, Euler Finance, un service de la finance décentralisée, a été victime d’une attaque informatique.