As we’ve reached almost the end of the year, our November newsletter focuses on the cyber landscape with the latest threats and attacks; and financial and cyber justice updates from across the globe.
Cyber experts have been warning about ‘Citrix Bleed’ – a zero-day vulnerability that has been on the rise in recent months.
As well, discover more about:
- China’s biggest bank is hit by a ransomware attack;
- The sanctions on Binance;
- IPStorm malware botnet take down.
AMATAS’s November 2023 newsletter also looks at the future ahead with key events that are set to take place in December 2023 where cyber professionals get the opportunity to learn about the latest technological innovations and insights.
The future of cyber resilience is all about balance, as Boris Goncharov, Chief Strategy Officer at AMATAS, notes. Engaging with AI and technology should be to enhance the human experience, not the other way around.
Cybercrime Breaking News
The Cybersecurity and Infrastructure Security Agency (CISA) added two zero-day bugs to its list of exploited vulnerabilities. The vulnerabilities are said to have affected Apache ActiveMQ and Citrix via NetScaler ADC and NetScaler Gateway. The second vulnerability has become more popular as ‘Citrix Bleed’ and is said to be exploited by both nation-state hackers and cybercriminal gangs, like LockBit.
- On this note, it is believed that ‘Citrix Bleed’ was precisely the vulnerability used to target aeroplane manufacturer Boeing’s parts and distribution systems, at the beginning of November. The LockBit ransomware gang claims to have infiltrated the attack and has leaked 50GB of supposed stolen information.
- The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and cybersecurity officials in Australia published an advisory on how LockBit has been infiltrating systems with ‘Citrix Bleed’.
Microsoft officials warn that the Clop Ransomware gang (also known as Lance Tempest) is exploiting a new vulnerability in SysAid IT support software. Microsoft noted: “Organizations using SysAid should apply the patch and look for any signs of exploitation before patching, as Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware.”
Atlassian confirms that a vulnerability affecting their Confluence Data Center and Confluence Server products is being exploited by hackers, who have been using Cerber ransomware.
The FBI and CISA published an advisory about how the hacking group Scattered Spider has been infiltrating attacks. Just a reminder that Scattered Spider is the group believed to have been behind the recent attacks on MGM Resorts and Caesars Entertainment.
The FBI and CISA believe that the Royal ransomware gang may rebrand or have a spinoff as ‘BlackSuit’. In an updated advisory, it is noted that the BlackSuit and Royal ransomware share several similar coding characteristics.
New York Attorney General announces that US Radiology, the country’s largest private radiology company, will pay a fine of $450,000. US Radiology failed to patch a vulnerability that led to the exposure of sensitive data of 200,000 patients, during a 2021 ransomware attack.
FinTech Updates
The Industrial and Commercial Bank of China (ICBC), China’s biggest bank, with $214.7 billion in revenue in 2022, was hit by a ransomware attack. The LockBit ransomware gang are said to be behind the attack.
Canada’s largest payment processor and a joint venture between Royal Bank of Canada and Bank of Montreal, Moneris stops a cyberattack right in its tracks. Moneris spokesperson noted, “We employ a dedicated team to manage and respond to cyber risks and their swift actions ensured Moneris and its customers were not impacted.” The Medusa ransomware gang are believed to be behind the attack.
Binance, the world’s largest cryptocurrency exchange platform, will pay over $4 billion in settlements after investigations uncovered that many cyber criminals have been using the platform to launder funds. Also, Binance’s CEO pleaded guilty to several federal charges and said he will be stepping down as CEO.
MeridianLink, a financial software organization, was targeted by a ransomware attack. AlphV/Black Cat, who is believed to have perpetrated the attack, went so far as to file a notice with the Securities and Exchange Commission (SEC) as they claim MeridianLink didn’t inform the regulators about the incident. This brings attention to the latest legislation, which will become effective as of this month, that states organizations must file a report to the SEC, within four days, after detecting a “material” cyber event.
Fidelity National Financial — a Fortune 500 provider of title insurance for property sales – is targeted by a cyberattack, accredited to the AlphV/Black Cat ransomware gang.
Cybersecurity researchers disclose how a North Korean government-supported group, ‘BlueNoroff’ APT, has been targeting cryptocurrency exchanges, venture capital companies, and banks. The hackers, which are considered to be linked with Lazarus, are exploiting malware that targets macOS and their motive is said to be financial.
The U.S. Treasury Department sanctioned Sinbad.io, a cryptocurrency mixer, which is said to have been used by North Korean-government-associated hackers to launder stolen funds.
- Over $100 million was stolen from cryptocurrency trading platform Poloniex.
- $54.7 million was stolen from the cryptocurrency platform, KyrberSwap, as a result of a cyberattack.
- Cyberattack steals $26 million from cryptocurrency trading and investment platform Kronos Research.
Cybersecurity Justice
The FBI dismantled the IPStorm malware botnet proxy network and its infrastructure, which is said to have infected thousands of devices across Asia, Europe, North America and South America. Earlier in September, the person, who is believed to have developed and deployed the malware between June 2019 and December 2022, pleaded guilty in front of the U.S. Justice Department.
Europol, Eurojust, and authorities from seven countries join forces to apprehend key figures (including the ringleader) behind “a series of high-profile ransomware attacks against organizations in 71 countries”.
Ransomed.vs, the gang behind attacks on Sony and supplier to Colonial Pipelines, announced that it is closing down after six of its affiliates were arrested.
- Department of Justice sentences a private investigator to seven years in federal prison for his participation in an international hack-for-hire scheme.
- The Treasury Department sanctions a woman, who is said to have helped launder virtual currencies to support Russia’s elites and cybercriminals. It’s believed that in 2021 she laundered over $2.3 million of “suspected victim payments” for a Ryuk ransomware affiliate.
- The Department of Justice sentences an administrator to eight years in prison for maintaining a marketplace that sold the personal data of millions of Americans.
- A police intelligence analyst is sentenced to three years and nine months in prison for providing criminals with information about law enforcement’s access to EncroChat, the encrypted platform used by crime groups in Europe.
Cybersecurity News Across The Globe
- An official report states that in May 2023, Denmark experienced the largest cybersecurity attack in its history, when 22 of its energy companies were breached, in the span of just a few days.
- Some of Toyota Financial Services Europe & Africa’s systems were forced to be shut down (and, subsequently, be brought back online) due to a cyberattack.
- Data of over 665,000 Marina Bay Sands customers, the Singapore-based occasion and hotel, was stolen during a cyberattack. In an official statement, Marina Bay Sands representatives noted, “Based on our investigation, we do not have evidence to date that the unauthorized third party has misused the data to cause harm to customers.”
- Japan Aviation Electronics, an electronics and aerospace manufacturer, shut down its website at the beginning of November due to a cyberattack.
- A government representative confirmed that Japan’s aerospace exploration agency (JAXA) was targeted by a cyberattack. The perpetrators weren’t able to get access to sensitive data.
- Australia’s largest port operator – a branch of the logistics company DP World – was hit by a cyberattack and had to suspend its operations at container terminals.
- Over 70 municipalities in Western Germany were affected by a ransomware attack that encrypted the systems’ servers.
AMATAS News
RED ALERT: Cybersecurity and Data Protection Forum 2023
Boris Goncharov, Chief Strategy Officer at AMATAS, posed a crucial query during the CyberSecurity Forum 2023: How should we handle technology that is entirely unfamiliar to us? This question was raised during the Capital event on November 16 at Sofia Tech Park, with AMATAS as a strategic partner and Boris Goncharov delivering a keynote and facilitating discussions among industry experts on the future of cybersecurity. The event predominantly centered on the ever-evolving relationship between AI and cybersecurity.
CyberChristmas 2023
This December 5th, AMATAS is sponsoring and participating in the CyberCLUB, ISACA – Sofia Chapter, Cyber Security Talks Bulgaria (CSTB) и ХАКЕР.BG organized Cyber Christmas ’23. The +300 attendee event is dedicated to current and future cybersecurity experts, who want to gain new insights into technology and innovations. Boris Goncharov, Chief Strategy Officer at AMATAS, will participate in the panel discussions, while members of the AMATAS team will be on site. We’re happy to be sharing know-how and meeting with you on the day.
DORA event: The new requirements for the operational sustainability of digital technologies with a focus on the insurance and reinsurance sector
Together with EY (Ernst and Young), AMATAS has organized two events for financial and insurance professionals. The events will also be addressing the DORA (Digital Operational Resilience Act) regulation, which intends to improve the information and communication technology (ICT) security of financial enterprises in the European Union (EU). Should you have any DORA related questions or doubts, feel free to contact the AMATAS team.
AMATAS will continue to monitor this space and deliver salient information regularly.
Stay tuned for our next report, and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website, www.amatas.com or by e-mailing office@amatas.com.
As always – be vigilant, stay alert, and think twice.