Jan 24 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that sees there’s another UK storm Jocelyn (😏) with war, Trump, and of course the omnipresent threat of cybercrime for the nation’s eyeballs 👀 and attention 📢
First things first, we love feedback. Our fellow readers like to tell us when the content is great, good or meh, what we don’t get is much in the way of comments so we can make it better for you, so if you decide to give us a rating at the bottom, please leave a few words and let us know what you think, it will help us make this newsletter awesome.
Now on to today’s hottest cybersecurity news stories:
🎫 ‘SIM swapping’ behind X account hack, says SEC 🏛️
👾 New Chae$ 4.1 malware hides in driver downloads 👻
😈 REvil’s Aleksandr Gennadievich behind Medibank leak 🏥
Hey Cyber Squad! 🌐🔐 Breaking news on a recent cybersecurity incident! The U.S. Securities and Exchange Commission (SEC) faced a significant breach as an “unauthorised party” seized control of its Twitter account, @SECGov, after hijacking the associated cell phone number in a SIM swap attack. 😱💼
🔍 Attack Details
The unauthorised party, using a SIM swap attack, transferred the SEC’s cell phone number to another device, gaining control of the Twitter account. This cybercrime tactic involves scammers taking over a person’s phone number by transferring it to a device under their control.
📞 Telecom Carrier Infiltration
The access to the phone number occurred via the telecom carrier, not through SEC systems. The agency clarified that there’s no evidence of the unauthorised party accessing SEC systems, data, devices, or other social media accounts.
📅 Timeline of Events
January 9: Account takeover discovered.
Two days later: SEC contacts its telecom carrier.
Discovery: Unauthorised party obtained control via a SIM swap attack.
🔐 Security Measures
While multifactor authentication was enabled on the compromised account (X account), it had been disabled in July 2023 due to access issues. The SEC reinstated multi factor authentication on January 9 after reclaiming control.
👥 Law Enforcement Collaboration
The SEC is actively working with law enforcement agencies, including the FBI, Justice Department, and the Cybersecurity and Infrastructure Security Agency, to investigate the incident.
📢 Public Outcry
Lawmakers have expressed outrage over the incident, demanding answers from SEC Chairman Gary Gensler.
💡 Lesson Learned
This incident underscores the persistent threat of SIM swap attacks. Organisations must remain vigilant, reinforce security measures, and collaborate with law enforcement to counter cyber threats effectively.
🛡️ Stay Secure, Stay Informed!
Dive into the details and stay updated on the evolving cybersecurity landscape! Vigilance is key! 💻🌐
Signup for Free
Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
Morphisec researchers unveil the latest threat with surprising tactics and an embedded message within the source code.
Identified in Sep ’23, Chae$ malware evolves into the formidable Chae$ 4.1, leveraging advanced code polymorphism for stealthy manoeuvres.
🔍 Morphisec’s Investigation
Morphisec Threat Labs delves into Chae$ 4.1, highlighting its mechanics, implications, and safety measures. The malware targets login credentials and financial data, particularly impacting e-commerce users in Brazil.
🚀 Chae$ 4.1 Updates
Unveiling a superior Chronod module and a unique twist – a direct message to the Morphisec team within the source code. A significant leap from previous versions.
⛓️ Infection Chain
Initiated by a Portuguese-language email, victims navigate deceptive websites, ultimately leading to the download of a ZIP file or an MSI installer. The malware exploits a fake security scan and prompts users to install a seemingly updated driver.
🔒 Security Concerns
Chae$ 4.1 deploys advanced code polymorphism, eluding antivirus detection and detecting sandbox environments, intensifying user risks.
🛡️ Stay Informed, Stay Secure!
Regularly update systems, employ advanced malware detection, exercise caution with links and attachments, and back up critical data. Vigilance and robust security practices are paramount against evolving cyber threats. Combating cyber threats requires awareness and proactive security measures. 🌐🔒
🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)
🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)
🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)
In a precedent-setting move, Australia leverages its 2021 “significant cyber incidents” sanctions against Russian national Aleksandr Gennadievich Ermakov for the 2022 cyberattack on health insurer Medibank Private. 🦘
💻 The Attack
Medibank fell victim to ransomware, exposing data on 10 million customers. Medical treatments, personal details, and contact information were compromised, linking the REvil gang to the breach. Australia accused Russia of sheltering the group.
🚫 Sanctions Imposed
Ermakov faces travel bans, financial sanctions, and potential imprisonment. The scheme aims to penalise individuals involved in cyber incidents harming Australia or other nations.
🕵️ Ongoing Pursuit
Australian authorities, including the Federal Police and the Australian Signals Directorate, are actively pursuing leads. The move reflects Australia’s commitment to combating cyber threats.
Dealing with Ermakov or providing assets, even through cryptocurrency, could lead to severe penalties. Google’s undersea cable plans and Australia’s cyber resilience efforts continue amidst these developments.
🤔 Identity Complexities
Multiple individuals share the name Aleksandr Ermakov, adding complexities to the identification process.
🌏 Cyber Resilience
Despite facing cyber challenges, Australia takes decisive actions, offering solace to citizens amid high-profile incidents. I guess you could say they’ve been driven hopping mad by cybercrime 🦘😏😬 I’ll grab my coat… But seriously, we salute the Aussies in taking action against the scammers. Cheers, mates! 🍻
Stay informed, stay secure! 🚀🔒
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree 🐒🌴 with his stick and banana approach 🍌😏
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!