Cybersecurity Weekly: Geico breach, Morse code phishing attack, CMMC's role in cybersecurity
A Geico breach exposed customers' driver's license numbers. Hackers are using Morse code in phishing attacks to evade detection. How CMMC can help counter current cyberattacks. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Geico breach exposed customers' driver's license numbers
In a data breach notification filed with the California Attorney General's office, Geico states that, for over a month, threat actors abused an online sales portal to gain access to policy holder's driver's license numbers. The threat actors utilized customer information obtained elsewhere to pull up the info on policyholders.
2. Hackers using Morse code in phishing attacks to evade detection
Microsoft disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average. In an attempt to cover their tracks and surreptitiously harvest user credentials, the group periodically relied on the use of Morse code in their attacks.
3. How CMMC can help counter current cyberattacks
The publicly available Cybersecurity Maturity Model Certification (CMMC) is getting a lot of attention these days, both within and outside the public sector. Developed in response to escalating cyberattacks aimed at the defense industrial base and DoD supply chain, CMMC has broader appeal for any organization determining the maturity of its IT security controls.
4. Evasive Office 365 phishing campaign active since July 2020
Microsoft says that a year-long and highly evasive spear-phishing campaign targeted Office 365 customers in multiple waves of attacks starting with July 2020. The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims.
5. Seven ways technical debt increases security risk
Two in three CISOs believe that technical debt, the difference between what's needed in a project and what's finally deployed, to be a significant cause of security vulnerability. Here are seven ways technical debt can become a problem for a CISO.
6. Hackers actively searching for unpatched Microsoft Exchange servers
Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year.
7. Experts shed light on new malware-as-a-service written in Rust
An information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
8. Vice Society ransomware joins ongoing PrintNightmare attacks
The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims' networks. Attackers can abuse this set of security flaws for local privilege escalation or distributing malware as Windows domain admins via remote code execution with SYSTEM privileges.
9. WordPress sites abused in Aggah spearphishing campaign
Threat actors are using compromised WordPress websites to target manufacturers across Asia with a new spear-phishing campaign that delivers the Warzone RAT.The threat group Aggah is delivering the RAT in a campaign aimed at spreading malware to manufacturing companies in Taiwan and South Korea.
10. Accenture hit by apparent ransomware attack
Accenture appears to have been hit by the LockBit ransomware gang, who are offering to sell data stolen from the global consultancy firm to interested parties. On their dark web website, the LockBit ransomware gang confirmed the breach, and has threatened to release data exfiltrated from Accenture’s systems if a ransom is not paid.