Dec 26 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that hopes you had a lovely Christmas, kept the cyber scum at bay, and didn’t have too many ???????????? Happy ????ing day! ????????????
Today’s hottest cybersecurity news stories:
???????? Locked up: Teen hackers ‘LAPSUS$’ sentenced to juve ⚖️
⚠️ Dodgy WordPress plugin exposes sites to credit card fraud ????
☠️ Nim-based malware delivered via decoy Microsoft Word docs ????
In a recent development, two British teens affiliated with the notorious LAPSUS$ cybercrime gang have faced legal consequences for orchestrating high-profile attacks on major companies. ????
???????? Arion Kurtaj (18) from Oxford, diagnosed with autism, received an indefinite hospital order for his intent to return to cybercrime. A 17-year-old member, unnamed due to age, got an 18-month Youth Rehabilitation Order for multiple offences, including fraud and blackmail.
???? Arrest and Re-Arrest Drama
Initially arrested in January 2022 and later re-arrested in March, the duo's crime spree spanned from August 2020 to September 2022, targeting big names like Microsoft, Uber, and Vodafone.
???? LAPSUS$ Modus Operandi
The group, with members in the UK and Brazil, employed SIM-swapping attacks, infiltrating networks and using Telegram to publicise and extort victims. The US DHS's Cyber Safety Review Board highlighted their tactics in a recent report.
????️♂️ Comm and Scattered Spider
LAPSUS$ is part of a larger entity called the Comm, engaging in various cybercrimes. The group's notoriety spawned another entity, Scattered Spider.
???? Warning from Authorities
Amanda Horsburgh, detective chief superintendent, emphasises the case as a cautionary tale about the dangers young people face online, urging responsible exploration of technology. ????????
Stay informed, stay safe! ????
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
???? Threat hunters uncover a dangerous Magecart campaign targeting e-commerce sites using a rogue WordPress plugin. ???? This sneaky plugin creates fake admin users and injects malicious JavaScript code to swipe credit card details, warns security firm Sucuri.
???? Deceptive Tactics
The plugin disguises itself as 'WordPress Cache Addons,' fooling users with a veneer of legitimacy. Once in, it replicates to the must-use plugins directory, auto-enabling while hiding from the admin panel.
???? Persistent Access
The malware prevents removal by unregistering callback functions, ensuring it lingers. It also lets attackers create hidden admin accounts, maintaining prolonged access without raising suspicion.
???? Ultimate Goal
The campaign aims to insert credit card-stealing malware into checkout pages, sending data to an actor-controlled domain. Sucuri highlights the threat actors' use of a "RESERVED" status linked to a CVE identifier.
???? Widespread Impact
This revelation follows Europol's warning about the evolution of digital skimming, impacting 443 online merchants. Group-IB identifies 23 JS-sniffer families involved in cybercrime across 17 countries.
???? Stay Informed, Stay Secure
As cyber threats evolve, it's crucial to remain vigilant. Update plugins, use reliable security measures, and be wary of unexpected alerts or plugins. Your online safety matters! ????????️
???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)
???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)
???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)
????️♂️ Researchers at Netskope have uncovered a dangerous phishing campaign deploying a backdoor written in the Nim programming language, catching the security community off guard. Nim-based malware is gaining traction, posing challenges for investigators due to its uncommon use.
???? Unique Threat Landscape
NimzaLoader, Nimbda, IceXLoader, Dark Power, and Kanti are examples of Nim-based threats on the rise. The attackers exploit the language's features for cross-platform attacks, complicating defence efforts.
???? Deceptive Tactics
The attack starts with a phishing email impersonating a Nepali government official, carrying a Word document. Once opened, victims are prompted to enable macros, leading to the deployment of Nim malware.
???? Malicious Actions
The backdoor scans for analysis tools and terminates itself if detected. It establishes connections with remote servers, masquerading as Nepali government domains, awaiting further instructions.
???? Nim's Capabilities
Nim, a statically typed compiled language, allows attackers to write one malware variant cross-compiled for different platforms, enhancing its threat level.
???? Evolving Threat Landscape
As new malware like Editbot Stealer emerges, phishing campaigns continue distributing known threats such as DarkGate and NetSupport RAT. Threat actors employ diverse social engineering tactics, including fake updates and email lures.
????️ Stay Vigilant, Stay Secure
With cybercriminals adopting innovative tactics, it's crucial to update security measures, be cautious with emails, and remain informed about evolving threats. Your online safety matters! ????????
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!