Cyber Security News of the week —28 .02.2022|04.03.2022
Microsoft Accounts Targeted by Russian-Themed Credential Harvesting
Malicious emails warning Microsoft users of “unusual sign-on activity from Russia are looking to capitalizing on the Ukrainian crisis.
While legitimate concerns abound about the Russian-Ukrainian conflict sparking a far-reaching cyberwarfare conflagration around the globe, small-time crooks are also ramping up their efforts amid the crisis. Phishing emails to Microsoft users warning of Moscow-led account hacking have started to make the rounds, looking to lift credentials and other personal details.
That’s according to Malwarebytes, which uncovered a spate of spam email that name-checks Russian hacking efforts.
Various risks may open up due to the usage of the email in order to respond. As ever, the spam offers up red flags in the form of grammatical errors, including misspellings, such as “account”. In other words, it’s not a particularly sophisticated effort, but it’s a savvy one. As is the case with any major world event, cresting interest is catnip for social engineers.
However, the firm pointed out that, “depending on personal circumstance and/or what’s happening in the world at any given moment, one person’s ‘big deal’ is another one’s ‘oh no, my stuff.’ That’s all it may take for some folks to lose their login, and this mail is perhaps more salient than most for the time being”.
Toyota Motors halted production due to a cyber attack on a supplier
Japanese carmaker Toyota Motors was forced to halt its production due to a cyber attack that suffered by one of its suppliers, Kojima Industries.
“It is true that we have been hit by some kind of cyberattack. We are still confirming the damage and we are hurrying to respond, with the top priority of resuming Toyota’s production system as soon as possible.” an official close to Kojima Industries told Nikkei.
“Due to a system failure at a domestic supplier (KOJIMA INDUSTRIES CORPORATION), we have decided to suspend the operation of 28 lines at 14 plants in Japan on Tuesday, March 1st (both 1st and 2nd shifts). We apologize to our relevant suppliers and customers for any inconvenience this may cause” was mentioned in the announcement which was published by the Toyota motors. “We will also continue to work with our suppliers in strengthening the supply chain and make every effort to deliver vehicles to our customers as soon as possible.”
According to NikkeiAsia, the shutdown will affect the production of around 13,000 vehicles or 4% to 5% of Toyota’s monthly output in Japan.
The shutdown will also impact Toyota’s subsidiaries Daihatsu Motors and Hino Motors, but at this time it is not clear the impact on the productions of both carmakers.
The hypothesis of the attack was also reported by local media, according to Tokyo NP website, Kojima was hit by a cyberattack.
Ukraine Says Belarusian Hackers Are Targeting Their Military Forces
Amidst the ongoing war between Russia and Ukraine, the Computer Emergency Response Team of Ukraine on Friday warned that Belarusian state-sponsored hackers are targeting the private email accounts of Ukrainian military personnel and related individuals.
In an announcement posted on Facebook, the CERT-UA said that the spearphishing campaigns are targeting private ‘i.ua’ and ‘meta.ua’ email accounts of Ukrainian defense forces. Later, the attackers use contact details from the victim’s address book to send the phishing emails.
CERT-UA blamed the ongoing phishing campaign on Minsk-based group ‘UNC1151’, identifying its members as officers of the Ministry of Defence of the Republic of Belarus.
In November 2021, U.S. cybersecurity firm Mandiant had formally linked the UNC1151 group to the Belarusian government. «These actions by UNC1151, which we believe is linked to the Belarusian military, are concerning because personal data of Ukrainian citizens and military can be exploited in an occupation scenario and UNC1151 has used its intrusions to facilitate the Ghostwriter information operations campaign. Leaking misleading, or fabricated documents taken from Ukrainian entities could be leveraged to promote Russia and Belarus friendly narratives,» Read told in a statement to TechCrunch.
Hackers Find a New Way to Deliver Devastating DDoS Attacks
Last August, Academic researchers discovered a potent new method for knocking sites offline: a fleet of misconfigured servers more than 100,000 strong that can amplify floods of junk data to once-unthinkable sizes. These attacks, in many cases, could result in an infinite routing loop that causes a self-perpetuating flood of traffic. Now, content-delivery network Akamai says attackers are exploiting the servers to target sites in the banking, travel, gaming, media, and web-hosting industries.
This handshake helps keep TCP-based apps from being abused as amplifiers because the ACK confirmation must come from the gaming company or other target rather than an attacker spoofing the target’s IP address. But given the need to handle asymmetric routing, in which the middlebox can monitor packets delivered from the client but not the final destination that’s being censored or blocked, many such servers drop the requirement by design.
To maximize the damage and conserve resources, DDoS actors often increase the firepower of their attacks though amplification vectors. Amplification works by spoofing the target’s IP address and bouncing a relatively small amount of data at a misconfigured server used for resolving domain names, syncing computer clocks, or speeding up database caching. Because the response the servers automatically send is dozens, hundreds, or thousands of times bigger than the request, it overwhelms the spoofed target.
Stay Focused. Stay Vigilant.
Cyber Security News Team — Cyber Security Community of SLIIT