SIM swappingโ€™ behind X account hack, says SEC

Jan 24 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that sees thereโ€™s another UK storm Jocelyn (๐Ÿ˜) with war, Trump, and of course the omnipresent threat of cybercrime for the nationโ€™s eyeballs ๐Ÿ‘€ and attention ๐Ÿ“ข

First things first, we love feedback. Our fellow readers like to tell us when the content is great, good or meh, what we donโ€™t get is much in the way of comments so we can make it better for you, so if you decide to give us a rating at the bottom, please leave a few words and let us know what you think, it will help us make this newsletter awesome.

Now on to todayโ€™s hottest cybersecurity news stories:

  • ๐ŸŽซ โ€˜SIM swappingโ€™ behind X account hack, says SEC ๐Ÿ›๏ธ

  • ๐Ÿ‘พ New Chae$ 4.1 malware hides in driver downloads ๐Ÿ‘ป

  • ๐Ÿ˜ˆ REvilโ€™s Aleksandr Gennadievich behind Medibank leak ๐Ÿฅ

Hang on a SEC, it was all down to a SIMple swap ๐Ÿ™ƒ๐Ÿ™ˆ๐Ÿ’€


๐Ÿšจ Security Breach Alert: SEC’s Twitter Account Hijacked in SIM Swap Attack! ๐Ÿ“ฑ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Hey Cyber Squad! ๐ŸŒ๐Ÿ” Breaking news on a recent cybersecurity incident! The U.S. Securities and Exchange Commission (SEC) faced a significant breach as an “unauthorised party” seized control of its Twitter account, @SECGov, after hijacking the associated cell phone number in a SIM swap attack. ๐Ÿ˜ฑ๐Ÿ’ผ

๐Ÿ” Attack Details

The unauthorised party, using a SIM swap attack, transferred the SEC’s cell phone number to another device, gaining control of the Twitter account. This cybercrime tactic involves scammers taking over a person’s phone number by transferring it to a device under their control.

๐Ÿ“ž Telecom Carrier Infiltration

The access to the phone number occurred via the telecom carrier, not through SEC systems. The agency clarified that there’s no evidence of the unauthorised party accessing SEC systems, data, devices, or other social media accounts.

๐Ÿ“… Timeline of Events

  • January 9: Account takeover discovered.

  • Two days later: SEC contacts its telecom carrier.

  • Discovery: Unauthorised party obtained control via a SIM swap attack.

๐Ÿ” Security Measures

While multifactor authentication was enabled on the compromised account (X account), it had been disabled in July 2023 due to access issues. The SEC reinstated multi factor authentication on January 9 after reclaiming control.

๐Ÿ‘ฅ Law Enforcement Collaboration

The SEC is actively working with law enforcement agencies, including the FBI, Justice Department, and the Cybersecurity and Infrastructure Security Agency, to investigate the incident.

๐Ÿ“ข Public Outcry

Lawmakers have expressed outrage over the incident, demanding answers from SEC Chairman Gary Gensler.

๐Ÿ’ก Lesson Learned

This incident underscores the persistent threat of SIM swap attacks. Organisations must remain vigilant, reinforce security measures, and collaborate with law enforcement to counter cyber threats effectively.

๐Ÿ›ก๏ธ Stay Secure, Stay Informed!

Dive into the details and stay updated on the evolving cybersecurity landscape! Vigilance is key! ๐Ÿ’ป๐ŸŒ


Signup for Free


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Hackers: Should I give up or should I just keep Chae$ingย payments? ๐ŸŽถ๐Ÿ‘€๐Ÿ’€

๐ŸŒ Chae$ 4.1 Malware Alert! ๐Ÿšจ

Morphisec researchers unveil the latest threat with surprising tactics and an embedded message within the source code.

๐Ÿ‘‰ Background

Identified in Sep ’23, Chae$ malware evolves into the formidable Chae$ 4.1, leveraging advanced code polymorphism for stealthy manoeuvres.

๐Ÿ” Morphisec’s Investigation

Morphisec Threat Labs delves into Chae$ 4.1, highlighting its mechanics, implications, and safety measures. The malware targets login credentials and financial data, particularly impacting e-commerce users in Brazil.

๐Ÿš€ Chae$ 4.1 Updates

Unveiling a superior Chronod module and a unique twist โ€“ a direct message to the Morphisec team within the source code. A significant leap from previous versions.

โ›“๏ธ Infection Chain

Initiated by a Portuguese-language email, victims navigate deceptive websites, ultimately leading to the download of a ZIP file or an MSI installer. The malware exploits a fake security scan and prompts users to install a seemingly updated driver.

๐Ÿ”’ Security Concerns

Chae$ 4.1 deploys advanced code polymorphism, eluding antivirus detection and detecting sandbox environments, intensifying user risks.

๐Ÿ›ก๏ธ Stay Informed, Stay Secure!

Regularly update systems, employ advanced malware detection, exercise caution with links and attachments, and back up critical data. Vigilance and robust security practices are paramount against evolving cyber threats. Combating cyber threats requires awareness and proactive security measures. ๐ŸŒ๐Ÿ”’

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

The REvilโ€™s in the REtail ๐Ÿ˜๐Ÿ˜๐Ÿ˜

๐Ÿšจ Australia Takes Cyber Action: First-Ever Sanctions Imposed ๐ŸŒ

In a precedent-setting move, Australia leverages its 2021 “significant cyber incidents” sanctions against Russian national Aleksandr Gennadievich Ermakov for the 2022 cyberattack on health insurer Medibank Private. ๐Ÿฆ˜

๐Ÿ’ป The Attack

Medibank fell victim to ransomware, exposing data on 10 million customers. Medical treatments, personal details, and contact information were compromised, linking the REvil gang to the breach. Australia accused Russia of sheltering the group.

๐Ÿšซ Sanctions Imposed

Ermakov faces travel bans, financial sanctions, and potential imprisonment. The scheme aims to penalise individuals involved in cyber incidents harming Australia or other nations.

๐Ÿ•ต๏ธ Ongoing Pursuit

Australian authorities, including the Federal Police and the Australian Signals Directorate, are actively pursuing leads. The move reflects Australia’s commitment to combating cyber threats.

๐Ÿ” Ramifications

Dealing with Ermakov or providing assets, even through cryptocurrency, could lead to severe penalties. Google’s undersea cable plans and Australia’s cyber resilience efforts continue amidst these developments.

๐Ÿค” Identity Complexities

Multiple individuals share the name Aleksandr Ermakov, adding complexities to the identification process.

๐ŸŒ Cyber Resilience

Despite facing cyber challenges, Australia takes decisive actions, offering solace to citizens amid high-profile incidents. I guess you could say theyโ€™ve been driven hopping mad by cybercrime ๐Ÿฆ˜๐Ÿ˜๐Ÿ˜ฌ Iโ€™ll grab my coatโ€ฆ But seriously, we salute the Aussies in taking action against the scammers. Cheers, mates! ๐Ÿป

Stay informed, stay secure! ๐Ÿš€๐Ÿ”’

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles