Jul 15 2024
Welcome to Gone Phishing, your weekly cybersecurity newsletter that will never die. Just like Donald Trump ๐ซ๐ฅ๐๐ฉธ๐ฒ Good to be back, folks! ๐
FYI, this is a Monday edition of Gone Phishing, but from now on your favourite cybersecurity newsletter will be going out every Friday to give you a roundup of the weekโs top cybersecurity news stories along with helpful advice for staying safe online.
Because in this ever changing world in which we live in, you got to secure your WiFiโฆ Say live and WiFi! ๐ถ๐๐
Okay, on with last weekโs hottest cybersecurity news stories:
โ ๏ธ โNearly allโ AT&T wireless customers affected by data breach ๐๏ธ
๐ฐ DarkGate malware exploited Samba file shares. Now itโs MaaS ๐
๐จ๐ปโโ๏ธ Australian Defense Private, & husband charged for Russian espionage ๐ต๏ธโโ๏ธ
Hackers accessed data from almost all AT&T wireless customers and MVNOs between April 14-25, 2024. The stolen info includes customer call and text records from May 2022 to January 2023. ๐
๐ What's at Risk?
The breach exposed telephone numbers, interaction counts, call durations, and cell site IDs. This data can reveal who talked to whom and when. ๐
๐ How Did It Happen?
Hackers exploited a third-party cloud platform, linked to Snowflake, affecting other major companies too. AT&T discovered the breach on April 19 and is working with law enforcement. ๐ฎโโ๏ธ
๐ก๏ธ What's Being Done?
AT&T will notify affected customers and urges vigilance against phishing and fraud. Theyโve paid $370,000 in cryptocurrency to hackers for data deletion proof. Meanwhile, Snowflake is enforcing mandatory multi-factor authentication. ๐ก๏ธ
๐ต๏ธโโ๏ธ Whoโs Responsible?
24-year-old John Binns, already indicted for a 2021 T-Mobile hack, is connected to this incident. The hacker group ShinyHunters claimed responsibility. ๐ต๏ธโโ๏ธ
Stay alert, and only trust messages from known senders! ๐ฒ
Top Tips ๐ก๏ธ
Be cautious of phishing and smishing attempts.
Request details of your compromised call and text records.
Enable multi-factor authentication on all accounts. ๐
Stay vigilant, folks!
Cybersecurity experts have uncovered a short-lived but significant DarkGate malware campaign targeting North America, Europe, and Asia in March and April 2024. The malware spread through public-facing Samba file shares. ๐
๐ How It Worked
Hackers used servers hosting Visual Basic Script (VBS) and JavaScript files. The attack started with Microsoft Excel files prompting users to click an embedded button, leading to the execution of malicious scripts. ๐ฑ๏ธ
๐ก๏ธ Key Features of DarkGate
Remote Control: Hackers can take over compromised systems.
Code Execution: Executes arbitrary code on infected hosts.
Crypto Mining: Mines cryptocurrency using victims' resources.
Reverse Shells: Opens backdoors for remote access.
Payload Delivery: Drops additional malware payloads. ๐
๐จ Recent Surge
DarkGate attacks have increased following the QakBot takedown in August 2023, demonstrating the ongoing adaptability and threat of this malware. ๐ฅ
๐ฌ Technical Details
Detection Evasion: Scans for anti-malware software and virtualization tools.
Obfuscated Data: Uses Base64-encoded text over HTTP for command and control (C2) traffic.
๐ง How It Worked
Excel Files: Users were tricked into clicking embedded buttons in Excel files.
Malicious Scripts: These actions triggered VBS or JavaScript files hosted on Samba shares.
PowerShell Execution: The scripts downloaded and ran further malicious code. ๐
DarkGateโs evolution into a malware-as-a-service (MaaS) highlights the need for continuous vigilance and advanced cybersecurity defences. ๐
Stay vigilant and ensure robust cybersecurity measures are in place. Update your anti-malware tools and avoid opening suspicious files.
Stay safe, and keep your defences strong! ๐ช
Stay ahead of the curve with Presspool.ai! ๐ Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." ๐ค๐ก Thatโs us, alright! ๐คต How about you? Visionary AI executive, much? ๐
And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business ๐ค๐ฉโ๐ป๐
Rest assured, the process is very straightforward.
You simply:
๐ Sign Up & Create Campaign
๐ Define your audience, budget, and message to captivate your audience.
๐ Launch your campaign, as Presspoolโs AI matches it with ideal newsletter audiences for optimal reach and conversions. ๐ฏ
๐ต๏ธ Finally, you leverage real-time analytics to track performance and refine future strategies. ๐ Elevate your marketing game and stay informed with Presspool.ai! ๐ Simples! ๐ฆฆ
Presspool.aiย ๐ฐ๐๐ค may just have what you need to succeed. And if the product isnโt for you, the newsletter alone is a gamechanger. And we know newsletters ๐
Two Russian-born Australian citizens, Kira Korolev (40) and her husband Igor Korolev (62), have been arrested for spying on behalf of Russia. Kira is an Australian Defence Force (ADF) Army Private, and Igor is a self-employed labourer. ๐ต๏ธโโ๏ธ๐ต๏ธโโ๏ธ
๐ What Happened?
On July 11, 2024, the Australian Federal Police (AFP) arrested the couple at their home in Brisbane. They face charges of preparing for an espionage offence, which could lead to 15 years in prison. ๐
๐ The Operation
Codenamed BURGAZADA, this complex law enforcement operation revealed that Kira used her ADF account to access sensitive information and directed Igor to send this data to her private email while she was in Russia. The accessed documents relate to Australian national security. ๐
๐ข Official Statements
AFP Commissioner Reece Kershaw emphasised the severity of espionage, noting its potential impact on Australia's sovereignty and safety. This is the first espionage charge since new laws were introduced in 2018. ๐ฃ๏ธ
๐ Espionage in Australia
April 2023: A NSW man was charged for providing defence-related information to foreign intelligence.
February 2024: A Melbourne man was sentenced for attempting to influence a Federal Parliamentarian on behalf of a foreign government.
Mike Burgess from ASIO warned of the real and ongoing threat of espionage from multiple countries aiming to steal Australia's secrets. ๐ก๏ธ
Stay informed and vigilant! ๐ง
๐๏ธ Extra, Extra! Read all about it! ๐๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
๐ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐
๐ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐
๐ย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐พ
Let us know what you think.
So long and thanks for reading all the phish!