Friday Five 2/3
Elaborate phishing campaigns have taken center stage this past week, but LockBit and Sandworm are back in the news and TikTok is pushing to stay in the United States. Catch up on the latest in this week’s Friday Five!
1. CONVINCING, MALICIOUS GOOGLE ADS LOOK TO LIFT PASSWORD MANAGER LOGINS BY JAI VIJAYAN
Users of Bitwarden and 1Password have recently reported seeing targeted Google Ads that lead to credential-stealing phishing sites. Since the reports, both Bitwarden and 1Password have taken to social media to address the malicious sites, recommending that users pay attention to whether or not links send them to their official websites. Read more about password vault phishing, how bad actors are using Google Ads to their benefit, and how 'malvertising' is becoming a growing problem.
2. UKRAINE: SANDWORM HACKERS HIT NEWS AGENCY WITH 5 DATA WIPERS BY SERGIU GATLAN
The Ukrainian Computer Emergency Response Team (CERT-UA) found five different data-wiping malware strains deployed on the network of the country's national news agency, Ukrinform, this past January. According to CERT-UA, the threat actors gained remote access to Ukrinform's network around December 7th and waited more than a month to unleash the malware cocktail, which included CaddyWiper (Windows), ZeroWipe (Windows), SDelete (Windows), AwfulShred (Linux), and BidSwipe (FreeBSD). The attack, which was linked to the Russian threat group known as Sandworm, unsuccessfully attempted to wipe out all the data on the news agency's systems.
3. PHISHERS TRICK MICROSOFT INTO GRANTING THEM 'VERIFIED' CLOUD PARTNER STATUS BY NATE NELSON
Late in 2022, a group of threat actors managed to gain "verified publisher" status through the Microsoft Cloud Partner Program (MCPP), allowing them to don a verified blue badge and appear as legitimate. The campaign, which "used unprecedented sophistication to bypass Microsoft’s security mechanisms," successfully tricked both Microsoft and end-users and, according to a report on the matter, allowed the threat actors to infiltrate UK- and Ireland-based organizations' cloud environments. Read more about how the bad actors successfully pulled off the operation in the full story from Dark Reading.
4. INSIDE TIKTOK’S PROPOSAL TO ADDRESS US NATIONAL SECURITY CONCERNS BY ELIAS GROLL
Because of concerns over whether or not social media platform TikTok poses a national security threat to the U.S., the company's future now lies in the hands of a secretive federal panel. Recently, the company presented that panel with a detailed proposal that relies extensively on the American tech giant Oracle to mitigate the app's perceived security risks. The terms of the proposal would reportedly require TikTok to divulge core segments of its technology to Oracle along with a set of third-party auditors who would verify that the app is not promoting content in line with Beijing’s wishes or sharing U.S. user data with China. Read about the full details of the proposal in the full story from CyberScoop.
5. LOCKBIT RANSOMWARE GOES 'GREEN,' USES NEW CONTI-BASED ENCRYPTOR BY LAWRENCE ABRAMS
The LockBit ransomware gang has switched to a new encryptor named 'LockBit Green,' which was found to be based on the leaked source code of the now-disbanded Conti gang. It's been reported that at least five victims that have been attacked using the new LockBit Green variant. This comes shortly after Conti ransomware's downfall after a series of data breaches and the leaking of their encryptor’s source code. Read more about why LockBit may have decided to make the switch to their new encryptor in the full story from BleepingComputer.