Security Stop Press : ConnectWise LockBit Alert

Just days after it was announced that the UK’s National Crime Agency (NCA), the FBI, and Europol had taken down the Russian LockBit ransomware gang’s website, it’s been reported that LockBit ransomware is still being deployed via flaws in a popular remote access tool.

Researchers at cybersecurity companies Huntress and Sophos have highlighted how two bugs in the ConnectWise ScreenConnect remote access IT support tool, usually used by IT technicians, are being exploited to launch LockBit attacks.

ConnectWise has issued an alert urging IT administrators to take quick action to patch the two critical vulnerabilities. Details are available here.

Security Stop Press : Google Launches AI Cyber Defence Initiative

In a bid to “tilt the cybersecurity balance from attackers to cyber defenders,” Google has announced the launch of its AI Cyber Defence Initiative. The initiative involves the introduction of:

– Secure AI Framework (SAIF) – a conceptual framework for secure AI systems, to help collaboratively secure AI technology.

– $2 million in research grants and strategic partnerships to help strengthen cybersecurity research initiatives using AI.

– An open sourced, in-house machine-learning-powered file identifier called Magika, which can help network identifiers to quickly identify (and at scale) the true content of files.

Google says it’s “excited about AI’s potential to solve generational security challenges while bringing us close to the safe, secure and trusted digital world we deserve.”

Security Stop Press : Scam Ad Linked To Phishing Site Tops Google

UK Consumer champion Which? has reported that a scam mobile advert linked to a site mimicking the legitimate Lyca Mobile site was able to bypass the Google Ads verification check to reach the top of Google’s search listing.

Which? reported that scammers got around Google’s ad verification check by claiming to be “Vodafone Finance Management”, a subsidiary of Vodafone on Companies.

The scam ads, which appeared at the top of Google for three days in late January linked to a copycat website designed to steal card details (a phishing website).

A spokesperson for Vodafone told Which? they had “reported the issue to Google for immediate resolution and to stop it happening again.” Also, a spokesperson for Lyca Mobile told Which? that they “welcome moves by Google and others to crack down on this type of activity to protect both consumers and brands from malicious actors.” 

Security Stop Press : AnyDesk Hacked

AnyDesk, the remote desktop application company has reported that it recently suffered a cyberattack where hackers gained access to its production servers.

It has been reported that source code and private code signing keys were stolen.

AnyDesk said in a statement that on discovering the breach it activated a (successful) remediation and response plan involving cyber security experts CrowdStrike. AnyDesk says: “To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control, and it is safe to use AnyDesk.”

Security Stop Press : Follow-On Extortion of Ransomware Victims

Security researchers, Arctic Wolf Labs, have reported that victims of Royal and Akira ransomware are being targeted in follow-on extortion attacks.

In these follow-on attacks (starting in October 2023), two of which were documented by Arctic Wolf Labs, the threat actors falsely claimed they were trying to help victim organisations. They even claimed they would hack into the server infrastructure of the original ransomware groups involved to delete the stolen data.

Security Stop Press : The Threat Of Sleeper Agents In LLMs

AI company Anthropic has published a research paper highlighting how large language models (LLMs) can be subverted so that at a certain point, they start emitting maliciously crafted source code.

For example, this could involve training a model to write secure code when the prompt states that the year is 2024 but insert exploitable code when the stated year is 2025.

The paper likened the backdoored behaviour to having a kind of “sleeper agent” waiting inside an LLM. With these kinds of backdoors not yet fully understood, the researchers have identified them as a real threat and have highlighted how detecting and removing them is likely to be very challenging.

Security Stop Press : Verifying Your LinkedIn Profile

Even though the feature was launched in early 2023 with a target of getting 100 million verified members by 2025, many people may not yet have heard that LinkedIn provides an identity verification feature on its platform.
LinkedIn’s Persona verification process confirms an individual’s identity by checking a user-submitted scan of their passport’s photo page and NFC chip, and a live-selfie against their profile information.
The value of the feature is that it enhances trust and credibility on the platform, as it assures users that the people they are interacting with are who they claim to be. This helps reduce fake profiles and scams, making professional networking and job searching more secure and reliable. Find out more here.

Security Stop Press : List Of Malicious Android Apps To Delete Now

Online protection company McAfee’s Mobile Research Team has identified a list of malicious apps that Android owners should immediately delete. This is because they use Xamalicious malware to build a stealth backdoor, infect, and take over devices.

The apps, which have now been removed from the Google Play store, are reported to have been downloaded hundreds of thousands of times.

Detailed information about how each of the apps infects devices, and a list of the 13 malicious apps that were present in the Google Play Store can be found on McAfee’s website here.

The advice is to avoid using apps that require accessibility services unless there is a genuine need for their use, install security software on your device, always keep the security software up to date.

Security Stop Press : 2023’s Most Notable Cyber Attacks

Cyber Security News has compiled a top 10 most notable cyber-attacks of 2023 list, serving as a reminder to businesses that advancements in technology, increased connectivity, and the more sophisticated tactics used by threat actors mean that cyber-attacks are evolving at a rapid pace.

Top of its list is the MOVEit Mass Attack launched by a Russian hacking group which used the MOVEit file transfer software to extort an estimated $75-100 million from 2,667 organisations. The others in the list include Cisco IOS XE attacks, the US government hacked via Microsoft 365, the Citrix Bleed attack, Okta’s customer support data breach, the Western Digital cyber-attack, and the MGM Resorts breach. The list also includes the Royal Ransomware attack over the city of Dallas, the GoAnywhere attacks, and the 3CX software supply chain attack.

Businesses should, therefore, make sure that they are well protected for 2024 from a wide range of common cyber-attack methods, including malware, phishing, distributed denial of Service (DDoS), man-in-the-Middle (MitM), and many more.

Security Stop Press : Microsoft Disrupts Major Cybercrime Gateway Service

Microsoft’s Digital Crimes Unit has reported disrupting the activities of major cybercrime-as-a-service provider Storm-1152. Microsoft says Storm-1152 has created for sale approximately 750 million fraudulent Microsoft accounts, earning the group millions of dollars in illicit revenue, and costing Microsoft and other companies even more to combat their criminal activity.

Fraudulent online accounts of the type of Storm-1152 act as the gateway to many types of cybercrime, including mass phishing, identity theft and fraud, and distributed denial of service (DDoS) attacks.

Microsoft says that its disruption strategy involves obtaining a court order to take websites used by Storm-1152 offline, thereby removing fraudulent Microsoft accounts and the websites used to sell services that can bypass security measures on other well-known technology platforms