Okta support system breach and Google Ads fake KeePass campaign
Okta discloses support system hack caused by stolen credentials, researchers identify fake KeePass site using Google Ads to spread malware and the North Korean IT scam crackdown. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Okta says hackers used stolen credentials to breach its support system
Software vendor Okta revealed a breach in its support management system last week. Attackers accessed customer files containing cookies and session tokens using stolen credentials. David Bradbury, Okta's Chief Security Officer, confirmed the primary Okta service remains secure. The system in question stored HTTP Archive (HAR) files potentially laden with sensitive data, posing a risk of impersonation by malicious actors. In response, Okta advised customers to clean HAR files before sharing, revoked compromised session tokens and notified affected customers.
2. Researchers identify fake KeePass site using Google Ads and Punycode to distribute malware
Malwarebytes recently discovered a Google Ads campaign promoting a fake KeePass download site. The campaign used Punycode to imitate the official KeePass domain, misleading even cautious users. Those duped downloaded malware-laden KeePass installers. Researchers found similar deceptive ads and noted other software, such as WinSCP and PyCharm Professional, were also targeted.
3. U.S. DoJ cracks down on North Korean IT workers using deceptive schemes
The U.S. Department of Justice has seized 17 domains linked to North Korean IT workers accused of defrauding businesses, evading sanctions and funding North Korea's missile program. Confiscating $1.5 million from the operations, these workers, predominantly in China and Russia, posed as legitimate IT professionals to channel funds to North Korea. The domains mimicked authentic U.S. IT companies, prompting the FBI to advise firms to thoroughly vet IT recruits.
4. TetrisPhantom threat actors steal data from encrypted USBs on government computers
Security experts have identified 'TetrisPhantom' as a sophisticated threat utilizing compromised secure USB drives to infiltrate Asia-Pacific government systems. These USBs contain encrypted files, with hackers using decryption software like UTetris.exe. to gain access. Recent findings highlight trojanized UTetris versions on these drives, targeting APAC governments for years. With espionage as its main objective, TetrisPhantom appears to have a specific focus on certain government entities.
5. Casio reveals data breach impacting users across 149 nations
Casio has reported a security breach affecting its ClassPad.net education platform. Intruders accessed a database, compromising details of over 90,000 Japanese customers, including 1,108 educational entities, and data from 35,049 international customers across 149 countries. The information exposed includes names, emails, residence countries, service usage and purchase specifics. Casio cited disabled network security settings due to operational errors as the cause.
See Infosec IQ in action