Mar 14 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s like your ☂️ to protect you from the cyber ⛈️
Today’s hottest cybersecurity news stories:
👨🏻💻 ‘Meson’ crypto coin hit by hackers w/ cloud attack ahead of launch ⛈️
🎣 The stats are in image-based phishing tactics, and it’s not good news
💻 Turns out the Acer employee record was leaked on a hacking forum 🌐
🔍 The Sysdig Threat Research Team (TRT) has uncovered a malicious campaign targeting the blockchain-based Meson service, aiming for unlawful gains ahead of the scheduled crypto token unlock on March 15.
🚨 This sophisticated campaign involved the rapid creation of 6000 Meson Network nodes using a compromised cloud account. The attacker exploited CVE-2021-3129 in a Laravel application and WordPress misconfigurations to gain initial access, triggering alarms across multiple AWS users associated with exposed services within Sysdig’s infrastructure.
💻 Subsequently, the attacker utilised automated reconnaissance techniques to exploit compromised user privileges, spawning numerous EC2 instances across multiple regions. The culmination of this activity was the execution of the meson_cdn binary, incurring significant costs for the account owner.
💰 The estimated cost of this attack exceeded $2,000 per day, considering only micro-sized instances, not including potential costs for public IP addresses, which could amount to $22,000 monthly for 6,000 nodes.
🔄 Unlike traditional crypto-jacking incidents characterised by high CPU and memory usage, the Meson application exhibited relatively low resource consumption due to its focus on establishing an efficient bandwidth marketplace on Web3.
🔒 Attackers prioritise resource-intensive operations over CPU-centric cryptomining, aiming for storage space and high bandwidth to earn Meson tokens based on network contributions.
📈 The rise of the Meson network in the blockchain domain post-initial coin offerings (ICO) signals a new frontier for attackers exploiting storage space and high bandwidth for financial gains.
✅ To safeguard against such attacks and prevent costly resource consumption, it's crucial to keep software updated and monitor environments for suspicious activity diligently.
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
📊 IRONSCALES and Osterman Research reveal alarming statistics regarding the effectiveness of current security stacks against image-based and QR code phishing attacks, despite high awareness among IT professionals.
🔍 Awareness and Compromise
93% of IT and security professionals are aware of image-based phishing attacks, while 79% recognize the threat posed by QR code attacks. Surprisingly, despite the perceived effectiveness of security stacks (70%), 76% of organisations fell victim to these attacks in the last year.
📉 Detection and Prevention
Less than 6% of organisations were consistently able to detect and prevent image-based and QR code phishing attacks from reaching user inboxes. Despite a 90% acknowledgment of the threat, a staggering 94% of organisations witnessed these attacks bypassing their email security measures.
🚨 Call to Action
The rising volume and complexity of image-based phishing attacks demand urgent action, with 60% of professionals anticipating worsening trends. A critical need exists for improved organisational defences against evolving digital threats, necessitating advanced detection technologies and comprehensive user training.
🤝 Challenges in Training
Despite media attention on QR code attacks, organisations face significant hurdles in training users, with 76% admitting the inadequacy of existing programs.
Image-based phishing presents a broader and more complex challenge, exploiting human perception and cybersecurity frameworks.
💡 CEO's Perspective
Eyal Benishti, CEO of IRONSCALES, emphasises the sophistication of these attacks and the shortcomings of traditional email security measures in combating them.
🔍 Key Insights
The research underscores the evolving nature of cybersecurity threats, urging organisations to reassess their email security stacks and adopt integrated approaches incorporating advanced detection technologies, comprehensive user training, and revised security strategies.
🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)
🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)
🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)
Acer Philippines confirmed a data breach affecting employee data managed by a third-party vendor responsible for attendance records.
The breach was disclosed after a threat actor, 'ph1ns,' leaked the stolen employee database on a hacking forum, with no ransomware or encryption involved.
🖥️ Acer's Response
Acer clarified that while the data belonged to them, it wasn't obtained directly from their systems. They emphasised that no customer data was compromised, and there's no evidence of a breach in Acer's systems. The company initiated collaboration with cybersecurity experts, law enforcement, and notified the National Privacy Commission and the Cybercrime Investigation and Coordinating Center in the Philippines.
🔍 Investigation and Assurance
Acer reassured the public of its commitment to resolving the incident swiftly and maintaining the security of customer data. An investigation is underway to determine the scope and impact of the breach.
🔒 Past Security Incidents
Acer has faced previous security incidents, including a breach of technical manuals and customer data theft in 2023, compromised after-sales service records in India in 2021, and a high-profile REvil ransomware attack in 2021, demanding a $50 million ransom.
📢 Public Statement
Acer Philippines issued a public statement on the matter, emphasising the security of customer data and the uncompromised status of their systems.
🛡️ Lessons Learned
The incident highlights the importance of robust cybersecurity measures and vendor risk management in safeguarding sensitive data. Acer's proactive response demonstrates a commitment to transparency and cooperation with relevant authorities to mitigate the impact of the breach.
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅
💵 Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓
📈 Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾
Let us know what you think!
So long and thanks for reading all the phish!