Discord has become hacker heaven for nation-state bad actors

Oct 19 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s your umbrella against the #StormBabet of cybercrime โ˜‚๏ธ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ“ฑ Discord has become hacker heaven for nation-state bad actors

  • ๐Ÿ’ฐ Ransomware attacks double and 2024 looks even worse, says report ๐Ÿ“

  • ๐ŸŽญ ClearFake: New malware creeps in via fake browser updates ๐Ÿ–ฅ๏ธ

Hackers are sowing discord in the Discord ๐Ÿ’€

๐Ÿ”’ Cybersecurity Alert: Nation-State Hackers Targeting Discord! ๐Ÿ˜ฑ

In a startling development, nation-state hacking groups have set their sights on Discord, the popular social platform, for malicious purposes. Discord has been used for distributing malware and stealing sensitive data via its content delivery network (CDN) and webhooks. ๐Ÿ˜ฐ

Experts from Trellix uncovered an artefact targeting Ukrainian critical infrastructure, a new and worrying trend. While there’s no known connection to a specific threat group, this could change the cybersecurity landscape dramatically. ๐Ÿ˜จ

The attackers use a Microsoft OneNote file sent via email, pretending to be a non-profit organisation, dobro.ua. This file tricks recipients into clicking a deceptive button, unleashing a series of PowerShell scripts, which culminate in the extraction of system metadata using a Discord webhook. ๐Ÿ“ค

Notably, Discord has become a hotspot for malware families like SmokeLoader, RedLine, and Vidar. ๐Ÿ˜ท And it’s not just limited to these! Mercurial Grabber, Stealerium, Typhon Stealer, and Venom RAT have also been observed using Discord webhooks.

This shocking abuse of Discord’s infrastructure underscores the adaptability of cybercriminals and the need for heightened cybersecurity. By infiltrating widely-used platforms like Discord, APTs can establish a foothold in networks, putting critical infrastructure and sensitive data at grave risk. ๐Ÿ˜ฅ Stay vigilant, folks! ๐Ÿ’ช๐Ÿ›ก๏ธ

 

Clean your Mac or PC

 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

Itโ€™s a ransomwarehouse ๐Ÿ˜ณ

๐Ÿ”’ Ransomware Evolution: What You Need to Know! ๐Ÿš€

The threat of ransomware is on the rise, and the attackers are getting smarter by the day. From new evasion techniques to shifting their focus to high-income targets, ransomware groups are evolving rapidly. Let’s break down the key findings from Cyble’s Q3 Ransomware Report and what it means for you. ๐Ÿคฏ

๐Ÿ›ก๏ธ Vulnerability Weaponization:

  • Vulnerabilities are increasingly used to deliver ransomware, focusing on networking devices.

  • Expect more exploitation of vulnerabilities and zero-days for ransomware attacks.

๐Ÿฅ Healthcare Sector Under Attack:

  • Ransomware attacks are now targeting the healthcare sector.

  • Healthcare is a prime target due to its vast attack surface and valuable data. Protecting it is crucial.

๐Ÿ’ฐ High-Income Organizations in the Crosshairs:

  • ย Ransomware groups prefer high-income organisations.

  • These targets are more likely to pay hefty ransoms and can’t afford a damaged reputation.

๐ŸŒ United States Tops the List:

  • The U.S. remains the most targeted nation.

  • Its digital presence and geopolitical factors make it a prime target for ransomware operators.

๐Ÿšซ LOCKBIT Still a Threat:

LOCKBIT is still a potent player, with newer groups like Cactus and Metaencryptor also making waves.

๐Ÿ’ป Rust and GoLang Adoption:

Ransomware groups are turning to programming languages like Rust and GoLang for stealthier attacks.

How Organisations Are Responding:

  • Employee training and awareness.

  • Incident response planning.

  • Enhanced recovery and backups.

  • Implementation of zero-trust architecture and multi-factor authentication.

  • Intelligence sharing and collaboration with law enforcement.

  • Use of threat intelligence platforms.

  • Focus on vulnerability management.

  • Securing supply chains and vendor risk management.

Stay informed and stay secure! ๐Ÿ’ช๐Ÿ’ป

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Itโ€™s Clearly a Fake ๐Ÿ‘€

 

giphy.com

 

๐Ÿšจ ClearFake Malware Alert: Fake Updates on WordPress Sites! ๐Ÿฆ 

A new threat, ClearFake, has emerged, exploiting compromised WordPress sites to distribute malicious fake browser updates. Researchers at Sekoia suspect that this may be the work of the same group responsible for SocGholish’s “malware delivery via fake browser updates.”

๐Ÿ” ClearFake in a Nutshell:

ClearFake gets its name from its lack of JavaScript obfuscation. It infiltrates WordPress websites, injecting JavaScript that fetches additional payloads from the attacker’s domain or, more recently, via Binance Smart Chain. These payloads create a hidden iframe displaying fake update prompts for Chrome, Edge, and Firefox, tricking users into thinking they need to update their browsers to access content.

๐ŸŒ Multilingual Trickery:

The fake update pages appear in various languages, depending on users’ browser settings (English, French, German, Spanish, Portuguese). Users who fall for the ruse and initiate the download receive a legitimate browser installer but also malware like HijackLoader or IDAT loader.

๐Ÿ’ป A Familiar Pattern:

ClearFake’s tactics closely resemble those of SocGholish (TA569), using watering holes, fake updates, Keitaro traffic distribution, Dropbox hosting, and filename disguises to efficiently distribute malware.

๐Ÿค” What’s at Risk:

While the operators behind ClearFake remain unknown, other threat actors, like those behind RogueRaticate/FakeSG and ZPHP/SmartApeSG campaigns, are also adopting similar “fake update” tactics. This method is gaining popularity among cybercriminals, posing significant dangers.

๐Ÿ”’ Protecting Your Organisation:

To shield your organisation from ClearFake and similar threats, focus on user education, endpoint protection, and network detection.

Stay alert, stay secure! ๐Ÿ›ก๏ธ๐Ÿ’ก

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ’Šย HealthHack:ย Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.

  • โ‚ฟ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • ๐Ÿง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles