Staples cyberattack, Agent Racoon backdoor and other news
Staples confirms cyberattack behind online order disruption, hacker uses new Agent Racoon malware to backdoor U.S. and other entities, and the BLUFFS Bluetooth attack. Catch all and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Staple discloses cyberattack caused system outages and order disruptions
American retailer Staples recently encountered a cyberattack that caused it to shut down key systems in order to protect customer data. Reports on Reddit surfaced about internal operation issues affecting email access, VPNs, phone lines and more. In response, the company acknowledged a cybersecurity risk that disrupted business functions and online orders. This latest security incident follows a 2020 data breach and a major outage at Staples-owned Essendant earlier this year.
2. Threat actor uses new Agent Racoon backdoor to infiltrate U.S. and African entities
An unknown threat actor is targeting organizations across the U.S., Africa and Middle East with a new backdoor malware named Agent Racoon. Palo Alto Networks' Chema Garcia reports that this malware leverages the .NET framework and DNS protocol to sneak in and provide backdoor access. The victims range from education to nonprofit to government sectors and more. While the cybersecurity firm hasn’t profiled the attacker, it thinks a nation-state might be behind this infiltration due to the attack patterns and sophisticated evasion techniques.
3. New BLUFFS attack enables cybercriminals to hijack Bluetooth sessions
Eurecom researchers have discovered a series of attacks that enable hackers to compromise Bluetooth security. Dubbed BLUFFS, these attacks affect Bluetooth versions 4.2 to 5.4 and can lead to device impersonation and man-in-the-middle attacks. The firm suggests users reject connections with weak security and use ‘Security Mode 4 Level 4' to ensure better encryption.
4. New FjordPhantom Android malware uses virtualization to remain undetected
Security experts have found a new Android malware called FjordPhantom that uses virtualization to evade detection. FjordPhantom is designed to run apps in virtual containers, which enables it to access files and other memory across different apps without the usual need for root access. Hackers are spreading it via fake apps and social engineering, with one infiltration in Thailand resulting in a loss of about $280,000. To avoid this threat, researchers advise users to be careful about downloading apps from non-official sources.
5. Cactus ransomware targets Qlik Sense vulnerabilities to exploit networks
Arctic Wolf Labs reports that hackers recently hit large organizations with Cactus ransomware by exploiting Qlik Sense vulnerabilities. They gained system control using PowerShell and BITS, downloading tools like AnyDesk and a modified Plink binary. The attackers also removed Sophos' security, changed passwords and set up RDP tunnels for data theft and disk space analysis. Eventually, they deployed Cactus ransomware. Arctic Wolf Labs links these attacks to a single group, while security expert Kevin Beaumont urges prompt patching due to the rising threat.
See Infosec IQ in action