Security News

MuddyWater targets Middle Eastern and Asian countries in phishing attacks. Iranian APT Supergroup MuddyWater has been identified as the hackers linked to attempted phishing attacks against Turkey and other Asian countries according to findings published by Cisco Talos.

The cyber activities related to the ongoing war in Ukraine have run the gamut from wiper malware hitting organizations and the border control in Ukraine, DDoS attacks aimed at government and media websites, and cyber disruption of satellite-based internet service, to preparations for watering hole attacks, next-level disinformation campaigns, and phishing campaigns. Many analysts expected more disruption and retaliatory attacks orchestrated by Russian-backed hackers, both aimed at Ukranian targets and targets in countries sympathetic to and supporting Ukraine.

Miscreants have launched massive, amplified distributed denial-of-service attacks by exploiting a vulnerability in Mitel collaboration systems. "This particular attack vector differs from most UDP reflection/amplification attack methodologies in that the exposed system test facility can be abused to launch a sustained DDoS attack of up to 14 hours in duration by means of a single spoofed attack initiation packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1," the task force added.

Russia says some of its federal agencies' websites were compromised in a supply chain attack on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies. The list of sites impacted in the attack includes the websites of the Energy Ministry, the Federal State Statistics Service, the Federal Penitentiary Service, the Federal Bailiff Service, the Federal Antimonopoly Service, the Culture Ministry, and other Russian state agencies.

Gathering insights from 200 UK-based IT and security leaders, covering ten different industries in both the public and private sectors, the research explored the biggest attacks of 2021, the challenges facing the mid-market and their plans for investment in 2022. "The financial and reputational cost of cybercrime is rising, putting more pressure on overwhelmed professionals, who are tackling hundreds of alerts a day from siloed point products. Organizations must work smarter, not harder. Only when security systems work seamlessly together, faster than humanly possible, will we see the needle begin to move in the right direction."

The attack vector - dubbed TP240PhoneHome - has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies, gaming firms, and other organizations. "Attackers were actively leveraging these systems to launch reflection/amplification DDoS attacks of more than 53 million packets per second."

A new reflection/amplification DDoS method is being used in attacks that provides a record-breaking amplification ratio of almost 4.3 billion to 1. As detailed in a report that Akamai shared with Bleeping Computer before publication, a new attack vector relies on the abuse of insecure devices that serve as DDoS reflectors/amplifiers.

Ukraine's Computer Emergency Response Team warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information. "In this way, they gain access to the email inboxes of Ukrainian citizens."

Researchers from the University of London and the University of Catania have discovered how to weaponize Amazon Echo devices to hack themselves. Smart speakers lay dormant during the day, waiting for a user to vocalize a particular activation phrase: i.e., "Hey, Google," "Hey, Cortana" or, for the Amazon Echo, "Alexa," or simply, "Echo." Usually, of course, it's the device's owner who issues such commands.

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations parameter processing and the WebGPU inter-process communication Framework.