Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
Boeing confirms ransomware attack by Lockbit gang, researchers spot WhatsApp mods with dangerous spyware and Apple’s "Find My" network vulnerability. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Boeing confirms ransomware attack after Lockbit Gang’s revelations
Boeing has confirmed it was hit with a cyberattack after the LockBit ransomware gang claimed responsibility. Jim Proulx, the company's spokesperson, stated the attack targeted Boeing distribution operations but assured it does not compromise flight safety. The confirmation follows LockBit's threat to release Boeing's data if a ransom was not paid. Boeing has not disclosed whether it has entered into ransom negotiations or if it complied with the demand.
2. Researchers spot multiple WhatsApp mods with CanesSpy Spyware
Kaspersky researchers have uncovered several WhatsApp mods containing the CanesSpy spyware. This malicious module stealthily harvests device information and transmits it to a command-and-control server. It activates with common phone events, like charging, putting personal data at constant risk. Users in multiple countries have been affected, prompting a strong recommendation to use only official apps for communication.
3. Apple’s ‘Find My’ network vulnerability makes it prone to keylogger abuse
Apple's "Find My" network has a vulnerability that keyloggers in keyboards can exploit to access sensitive data. Designed to locate Apple devices, the network can be hijacked to transmit arbitrary data via Bluetooth. Researchers showcased this by integrating a keylogger with a Bluetooth transmitter, revealing a stealthy data theft method using Apple's extensive location-sharing system. This technique eludes Apple's anti-tracking features, posing a significant security risk to the "Find My" service.
4. New ‘KandyKorn’ macOS malware targets blockchain community and engineers
Elastic Security recently uncovered macOS malware linked to North Korea's Lazarus group. Dubbed KandyKorn, it targets cryptocurrency exchange engineers via Discord. Victims are tricked into downloading a malicious 'Cross-platform Bridges.zip' file. Inside, a Python script triggers a chain ending in the KandyKorn payload, which stealthily operates to steal data. This discovery highlights Lazarus' focus on financial theft and its sophisticated approach to targeting macOS systems.
5. Researchers uncover massive URL shortening service run by cybercriminals
Infoblox revealed last week that a threat actor known as Prolific Puma has been running a link-shortening service for cybercriminals. Over the past four years, this service has secretly registered thousands of US domains to enable phishing and malware attacks. The source also found that Prolific Puma has facilitated a range of cybercrimes while cleverly avoiding detection via tactics like aging domains and Bitcoin payments.
See Infosec IQ in action