Cybersecurity is one of the most drastically changing and improving fields today. This blog post is focused on bringing the latest happenings in cybersecurity in front of you to keep you aware of the latest hacks and advancements. February has seen new malware variants, capturing of the infrastructure of ransomware groups, latest attacks, and vulnerabilities that people should patch immediately. Without any further ado, let’s dive in to know more.
Latest Happenings in Cybersecurity – February 2024 Edition
Mother of All Breaches (MOAB)
Twenty-six billion records of users from different breaches and leaks, sold privately and publicly, were collectively posted as “Mother of All Breaches.” The research discovered that some of the data records were present from reputed companies that were targeted in the past, such as LinkedIn, Tencent, and Dropbox.
The attackers allegedly targeted a data leak lookup company’s after which this massive compilation was found on the dark web. Most of the data being old, MOAB garnered so much attention because of the volume of data released at once.
Operation Cronos
This operation was conducted against the most notorious ransomware group, LockBit, which was running on its third version, thus known as Lockbit3.0. In this procedure, the UK’s National Crime Agency and the US FBI made two arrests. Law enforcement agencies seized this group’s PR site, which led to prolonged disruption of their services.
Before the domain capture, the group targeted 2496 victims since the beginning of their operations. Many services, accounts, and cryptocurrency wallets were captured and frozen in the process.
The group has now managed to make a comeback and recovered from the setback. As of March 2024, the group has started targeting victims and publishing their data on their TOR website.
GoldPickaxe Malware
GoldPickaxe is the latest malware to spread in the wild since the end of 2023. However, recently, it was uncovered targeting users of iOS and Android, and researchers are able to identify the mode of spread. This malware is running with a group of other malware strains developed by Chinese threat actors to target users from Southeast Asian regions.
This malware is known to spread through fake applications embedded with trojans and is present on Google Play. Its capabilities include stealing facial recognition data, SMS data, and photos from a gallery.
To install more malicious packages, the fake application asks users to download additional packages disguised as normal notifications.
New Ransomware Groups
New ransomware groups keep forming and fading in the world of cybercriminal forums and marketplaces. One such new emergence was the Kasseika, MyData, and Mogilevich ransomware groups. Since appearing on the dark web, the groups have already started adding new victims to their websites.
From their group of victims, Mogilevich took responsibility for targeting Epic Games and stealing data worth 200 GB. MyData group has claimed to attack the BM Catalysts group.
Windows Defender SmartScreen
This was a zero-day vulnerability discovered in February 2023. A zero-day vulnerability occurs when no active patch or mitigation technique exists to completely evade the exploit. With most computers having Windows as their operating system, this vulnerability can bypass the warning trigger of potential danger.
This vulnerability is tagged as CVE-2024-21412. When a custom-made phishing URL without MotW tags is passed through the system, it is mishandled by Windows Defender, thereby leading to the execution of malicious files in the system without any alert.
ConnectWise ScreenConnect
An urgent security patch has been released to mitigate the two vulnerabilities associated with ConnectWise ScreenConnect, now tagged as CVE-2024-1709 and CVE-2024-1708. Hackers can exploit the systems by passing arbitrary code, which will give them admin-level privileges.
The other vulnerability will try to traverse through path directories and read or insert malicious files. The combination of these two vulnerabilities can give admin access and manipulate files present in these directories.
Ransomware Attacks
Various ransomware groups targeted reputed organizations in February, and major leading entities had their services disrupted due to encrypted files and ransom extortion attempts.
Schneider Electric data was targeted by the Cactus ransomware group, which leaked over 1.5 TB of data. The group also provided 25 MB of data as proof of attack.
The Blackcat/Alpha ransomware group targeted UnitedHealth Group. The data was exposed through one of its subsidiaries, Optum. This ransomware group is known to exploit the recently discovered vulnerabilities to exploit it on a mass scale.
Towards the Conclusion
I hope you liked the article in the February edition, which highlighted all the latest happenings in cybersecurity. These were just some of the major highlights, and users need to take some steps to protect themselves from being victims or to identify that they might have been targeted.
In case of a malware infection, regularly run the anti-virus scan and avoid downloading apps from third-party websites. Always check the legitimacy of the app and the type of permissions asked by it. Additionally, if you suspect your device is infected, quarantine and delete all files from the device to avoid further information theft.
In case of a data breach:
- Verify whether your data is exposed in the data breach.
- If yes, change the account access immediately if passwords are exposed as well.
- Enable multi-factor authentication and check for any noticeable account misuse.
In case of a vulnerability outbreak: If the mitigation is not present, then use the patch immediately. If not, then the official website of the vulnerable device or system has a workaround present. Always check the latest news to see what are the trending vulnerabilities released and exploited.
I hope you stay safe and surf the internet without any worries of being targeted. Stay tuned for next month’s update on the latest happenings in cybersecurity.
Author Bio: This article has been written by Rishika Desai, B.Tech Computer Engineering graduate with 9.57 CGPA from Vishwakarma Institute of Information Technology (VIIT), Pune. Currently works as Cyber Threat Researcher at CloudSEK. She is a good dancer, poet and a writer. Animal love engulfs her heart and content writing comprises her present. You can follow Rishika on Twitter at @ich_rish99.