Weekly Cybersecurity Recap March 18
Table of Contents
- By Steven
- Published: Mar 18, 2022
- Last Updated: May 18, 2022
Cyber-attacks might not seem as threatening as a conventional in-person attack at your business or other building, yet a digital infiltration has the potential to cause even more damage than a traditional break-in. Take a look at the cyber security daily newswire, and you'll find there is no shortage of online attacks. Businesses of all types and sizes are targeted daily.
If your business has not yet been hit by a cyber-attack, it is only a matter of time until you are targeted. You can do your part to prepare for online attacks by adding the proper digital security protections. Without further ado, let's delve into the latest digital attacks from the third week of March.
Ubisoft Hack
Ubisoft, famous for its top-selling video games, has been hacked. The hack took down the game makers' online services, compromised internal systems, and halted game production. The attack even spurred Ubisoft employees to reset their passwords.
The LAPSUS$ hacking collective is responsible for the Ubisoft attack. Though Ubisoft representatives insist customer information was not stolen, the company is still gauging the extent of the hack to determine what, exactly, was improperly accessed and stolen.
Software Package Manager Flaws
Digital security experts recently found popular software package managers can be compromised to operate code that provides access to sensitive information. Digital criminals employ arbitrary code to tap into source code as well as access tokens within vulnerable computers. If a targeted developer falls for a hacker's bait and loads the malicious files, the door for implementing harmful packages opens wide.
Digital security professionals are concerned the command injection flaw within Composer has the potential to be abused to execute arbitrary code with a URL containing a harmful package that allows for next-stage payloads. The specific software manager packers that are most vulnerable include Bundler, Poetry, Yarn, Pip, and Pipenv.
APT Hacking Tools Reused by Russians
Russian digital miscreants appear to be reimplementing hacking tools originally developed by APT groups. The hackers are targeting gaming and gambling companies in Europe and Central America. The attack focuses on the abuse of user credentials stolen to gain access to a company's network to implement Cobalt Strike payloads.The Russian hacking collective uses post-exploitation tools, including the likes of ADFind, LaZagne, NetScan, and Softperfect, to carry out the attack. The cybercriminals bypass digital protections with an AccountRestore executable to obtain access to targets' administrator credentials. The attack also includes Ligolo, a forked reverse tool that permits digital tunneling.
Racoon Stealer Compromises Telegram
The popular chat app Telegram has been breached by a Raccoon Stealer that steals login credentials. This digital theft sets the stage for generating new pathways for digital miscreants to implement malware. The threat zeroes in on C2 addresses in Telegram infrastructure. C2 is geek-speak for command-and-control.
Though digital forensics specialists are uncertain which cybercriminals are behind the attack, it appears as though the attacks are levied by Russian hackers. The hackers are stealing user login credentials to conduct illegal activity within target systems, such as capturing browser form data, cookies, and email information. The attack also extends to capturing information from plugins, extensions, arbitrary files, crypto wallets, and more.
