DarkCasino Evolves into Advanced Persistent Threat (APT) ๐Ÿšจ

Nov 17 2023

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that sees the #Glastonbury ticket rush as like a DDoS cyber attack on the official site but with real people instead of bots ๐Ÿ™ƒ๐Ÿค–๐Ÿ˜‚ย ย 

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!ย 

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.ย 

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉนย 

Check out these freshly hatched patches ๐Ÿฃ๐Ÿฃ๐Ÿฃ

Microsoft closes Windows for hackers ๐Ÿ˜ย 

Microsoft has rolled out crucial fixes for 63 security vulnerabilities in November 2023, with three actively exploited flaws. ๐Ÿ›ก๏ธย ย 

Of these, three are Critical, 56 are Important, and four are Moderate. Notably, five zero-days include issues like Windows SmartScreen Bypass (CVE-2023-36025) and DWM Core Library Elevation of Privilege (CVE-2023-36033). ๐Ÿšจย ย 

Users are urged to update promptly to safeguard against potential threats. ๐ŸŒย 

Itโ€™s no Randstorm in a teacup ๐Ÿ˜ฌย 

Millions of cryptocurrency wallets are at risk due to the Randstorm vulnerability in BitcoinJS 0.13, potentially enabling attackers to steal over $1 billion in cryptocurrency. ๐ŸŒ๐Ÿ’ฐย ย 

The flaw, affecting wallets created between 2011 and 2015, allows for brute-force attacks on wallet GUID numbers. ๐Ÿ›ก๏ธ๐Ÿ”ย ย 

Users are advised to transfer assets to newly generated wallets, and vendors should conduct audits for security assurance.ย 

Now, on to todayโ€™s hottest cybersecurity stories:ย ย 

  • ๐ŸŽฒ Donโ€™t roll the dice with cybersecurity. Introducing โ€˜DarkCasinoโ€™ ๐ŸŽฐย 

  • ๐Ÿˆ Infamous BlackCat ransomware returns w/ Google malvertising ๐Ÿ‘จโ€๐Ÿ’ปย 

  • ๐Ÿ“ฑ UK Samsung customers beware: data breach crosses the pond ๐ŸŒŠย 

Hackers double down with DarkCasino ๐ŸŽฐ

๐ŸŽฒ DarkCasino Evolves into Advanced Persistent Threat (APT) ๐Ÿšจย 

Cybersecurity company NSFOCUS has identified DarkCasino, initially discovered in 2021, as a newly categorised APT, marking a significant evolution from a WinRAR flaw exploiter. ๐ŸŒ๐Ÿ”’ย 

๐Ÿƒ Blackhack ๐Ÿƒย 

Described as "economically motivated," DarkCasino exhibits strong technical abilities, integrating various APT attack technologies. The group's attacks are frequent, showcasing a robust desire to pilfer online property. ๐Ÿ’ป๐Ÿ› ๏ธย 

๐Ÿ“… Zero-Day ๐Ÿ“…ย 

DarkCasino is linked to the exploitation of CVE-2023-38831 (CVSS score: 7.8), a WinRAR flaw used for launching malicious payloads. APT28, APT40, Ghostwriter, and others have also exploited this vulnerability in recent months. โš ๏ธ๐Ÿ”“ย 

๐Ÿด DarkMe Trojan ๐Ÿดย 

DarkMe, a Visual Basic trojan attributed to DarkCasino, has been deployed in real-world attacks since at least April 2023. Capable of collecting host information, taking screenshots, and executing arbitrary commands, it poses a significant threat to compromised systems. ๐Ÿฆ ๐Ÿ’ปย 

๐ŸŒ Prestige Worldwide ๐ŸŒย 

Initially focused on countries around the Mediterranean and other Asian regions, DarkCasino has expanded its attacks globally. Its phishing methods now target cryptocurrency users worldwide, reaching even non-English-speaking Asian countries like South Korea and Vietnam. ๐ŸŒ๐Ÿ’ฐย 

Multiple threat actors, including APT28, APT40, Ghostwriter, and more, have exploited CVE-2023-38831, leading to an increased threat landscape in the second half of 2023. ๐ŸŒ๐Ÿ“ˆย 

๐Ÿ˜ NSFOCUS says focus onโ€ฆ ๐Ÿ˜ย 

NSFOCUS urges ongoing monitoring, emphasising the critical need for patching vulnerabilities to safeguard against evolving APT threats. Users, particularly in the cryptocurrency space, are advised to stay vigilant. ๐Ÿš€๐Ÿ›ก๏ธย 

Stay secure! ๐Ÿ”ย ๐Ÿ‘พ๐Ÿ› ๏ธย 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

The Notorious C.A.T. ๐Ÿพ๐Ÿ‘€๐Ÿ’€ย 

๐ŸŒ ALPHV/BlackCat Ransomware Gang Targets Americas and Europe ๐Ÿšจย 

eSentire's cybersecurity team warns of Russian-speaking affiliates of the ALPHV/BlackCat ransomware gang targeting corporations and public entities across the Americas and Europe. Recent attempts to breach a law firm, a manufacturer, and a warehouse provider were thwarted by the firmโ€™s Threat Response Unit (TRU). โš ๏ธ๐Ÿ’ปย 

๐Ÿ‘€ How they do it ๐Ÿ‘€ย 

ALPHV/BlackCat actors gain initial access through valid credentials, exploitation of remote management services, and browser-based attacks. A notable shift this year includes an affiliate using malvertising, enticing users with Google ads promoting popular software. Unknowingly, users download Nitrogen malware, providing hackers a foothold for further attacks. ๐ŸŒ๐Ÿ› ๏ธย 

๐Ÿพ BlackCat's paw prints ๐Ÿพย 

Known for ruthless tactics, ALPHV/BlackCat has targeted prominent entities like MGM Resorts and McClaren Health Care, causing operational chaos and compromising sensitive data. The group, connected to former BlackMatter ransomware, has affiliations with the notorious FIN7 cybercrime group. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ฐย 

โ˜ฃ๏ธ Malvertising & Nitrogen Malware ๐Ÿงชย 

The use of malvertising to distribute Nitrogen malware highlights a growing attack surface. Popular software ads, such as Advanced IP Scanner and Cisco AnyConnect, lure professionals to attacker-controlled sites. Nitrogen's unique use of obfuscated Python libraries adds complexity for security analysts. ๐Ÿšจ๐Ÿ”ย 

๐Ÿ›ก๏ธ Top Tips:

  • Include browser-based attacks in user awareness training.ย 

  • Implement attack surface reduction rules for script files.ย 

  • Employ comprehensive endpoint monitoring and logging.ย 

  • Engage with a Managed Detection and Response (MDR) provider for proactive security.ย ย 

Stay safe! ๐Ÿค๐Ÿš€ย ย ย ย 

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Samsung like a canary ๐Ÿค๐Ÿ™ˆ๐Ÿ’€ย 

โš ๏ธ Samsung UK Data Breach Alert: Customer Information Exposed! ๐Ÿšจย 

Samsung Electronics has reported a recent data breach affecting customers who made purchases on the Samsung UK online store between July 1, 2019, and June 30, 2020. ๐Ÿ˜ฑ๐Ÿ“…ย ย 

โ˜๏ธ Silver Lining, anyone? โ˜๏ธย 

The breach, discovered on November 13, resulted from a hacker exploiting a third-party app vulnerability. While specifics on the security issue remain undisclosed, exposed data may include names, phone numbers, postal, and email addresses. Fortunately, financial information and credentials remain unaffected. ๐ŸŒ๐Ÿ”ย 

Samsung assures customers that the incident is limited to the UK and does not impact U.S. customers, employees, or retailers. The company has taken immediate measures to address the security flaw and has reported the incident to the UKโ€™s Information Commissionerโ€™s Office.ย ย 

๐Ÿ˜‘ Third Timeโ€™s a Charm ๐Ÿ˜‘ย 

This marks Samsung's third data breach in two years, emphasising the escalating challenges in safeguarding customer information.ย ย 

Stay vigilant and trust that Samsung is actively addressing the situation to enhance security measures. ๐Ÿ›ก๏ธ๐Ÿ“ฒย ๐Ÿ‘พย 

Have a great weekend folks and remember to think before you clink. Sorry, that doesnโ€™t quite work, does it? Okay, howโ€™s this? Donโ€™t be thick when you click. ๐Ÿ™ˆ๐Ÿ˜‚๐Ÿป Till next time!ย 

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles