What’s in the paper for last week’s top cybersecurity news? From source code hacks and CNI threats to everyone’s favourite ransomware attacks, last week had it all. While Google’s embarrassing Bard AI failure took all the headlines, several critical threat incidents went under the mainstream media’s spotlight.
Here are some of the most notable cybersecurity news and incidents from the second week of February:
Reddit suffers a sophisticated phishing attack
Reddit, the world’s leading social news aggregation platform, suffered a phishing attack on February 5th. The attack led to threat actors gaining unauthorised access to the company’s internal documents and source code. Reports have also suggested that some of the internal business systems of the organisation were also compromised.
Reddit was hacked pic.twitter.com/0PvrUTzTP8
— Markets & Mayhem (@Mayhem4Markets) February 10, 2023
According to the Reddit spokesperson, the phishing attack redirected Reddit employees to a fake malicious site disguised to look exactly like the company’s internal portal. From there, the attackers stole employee credentials and two-factor authentication (2FA) tokens.
“Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information,” Reddit said in a public statement.
Israel Institute of Technology breached by ransomware
Israel’s main technical research institution and a key hub for cyber security education was hit by a ransomware attack on Sunday, February 12th. DarkBit, a new anti-Israel threat actor, has claimed responsibility for the ransomware assault that compromised the Institute’s internal systems.
The DarkBit organisation is asking for 80 Bitcoin for decryption. However, analysts say the hacking squad looks to be politically motivated, and even if demands are paid, it’s doubtful they’ll hand up a decryption key.
Online scams have cost Singapore $501 million in 2022
New reports published by the Singapore Police Force earlier this week shows the frighteningly growing number of scams and phishing attacks in the small island nation.
Last year, the nation recorded a 25.2% increase in fraud and cybercrime, with 33,669 registered incidents, up from 26,886 in 2021. According to the latest Singapore Police Force numbers, scams accounted for $501 million in losses for its citizens, which was $470 million in 2021.
Phishing and investment scams were among the top five most popular scamming strategies last year. These methods accounted for 82.5% of the top ten types of scams. Phishing instances topped the list in 2022, with 7,097 reported occurrences, an increase of 41.3% from 2021.
In such cases, fraudsters generally utilised email, text messages, or phone calls to trick their victims. They generally impersonated officials or trusted institutions in order to convince victims to give personal information, such as credit card or bank account information. Scammers would then use the information to conduct unauthorised transactions.
WhatsApp was utilised in 56% of fraud instances when scammers employed messaging services, while Telegram was used in 36.1% of cases.
GoAnywhere MFT software linked to ransomware attacks
Last week, security automation company Fortra notified GoAnywhere MFT users of a new zero-day remote code injection attack. The vendor promptly offered indications of compromise (IoCs) and mitigations, but only a week later did a patch became available.
Users, especially those who operate an admin portal that is accessible through the internet, have been encouraged to apply the fix as soon as possible.
There seem to be over 1,000 internet-exposed GoAnywhere instances. However, the vendor claims that exploitation needs access to the application’s admin panel, and at least some of the exposed instances are linked to the product’s web client interface, which is unaffected.