Iran-Linked Threat Actors Are Targeting Office 365 Tenants of U.S., Israeli Defense Technology Companies in Password Spraying Attacks
Microsoft Azure mitigated the largest DDoS attack to date, Apple issues emergency fix for iOS and iPad OS zero-day exploited in the wild, Ukraine arrests suspect for running a giant botnet, much more
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) say that Iran-linked threat actors are targeting the Office 365 tenants of U.S. and Israeli defense technology companies in extensive password spraying attacks.
The ongoing malicious activity, which Microsoft temporarily dubbed DEV-0343, aligns with Iranian national interests based on techniques and targets of another Iran-linked threat actor. It is also linked to Iran based on pattern-of-life analysis and an extensive crossover in sectoral and geographic targeting with other Iranian hacking groups.
"Targeting in this DEV-0343 activity has been observed across defense companies that support United States, European Union, and Israeli government partners producing military-grade radars, drone technology, satellite systems, and emergency response communication systems,” Microsoft says. Companies exposed to this activity are encouraged to look for DEV-0343 behaviors and tactics in logs and network activity. (Sergiu Gatlan / Bleeping Computer)
Related: Ynet News, The Record by Recorded Future, TechDator, Cyberscoop, Haaretz.com, Jerusalem Post, Reddit - cybersecurity, Security Week, PCMag.com, Arutz Sheva News, The Hill: Cybersecurity, TechTarget, CNN.com - Politics, Security Affairs, Microsoft Security, Cyberscoop, The Record by Recorded Future, TechTarget, The Times of Israel, Security Week, TechDator, The Hacker News, Iran International | Home Page, SecureReading, CyberNews, CNN.com - Politics
Microsoft said that at the end of August, its Azure cloud service mitigated the largest DDoS attack recorded to date, 2.4 terabytes per second (Tbps) DDoS attack.
The attack, which was aimed at “an Azure customer in Europe,” was carried out using a botnet of approximately 70,000 bots primarily located across the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as the United States. (Catalin Cimpanu / The Record)
Apple released iOS 15.0.2 and iPadOS 15.0.2 as an emergency fix for a zero-day vulnerability tracked as CVE-2021-30883 that is actively exploited in the wild in attacks targeting Phones and iPads.
The zero-day is a critical memory corruption bug in the IOMobileFrameBuffer, allowing an application to execute commands on vulnerable devices with kernel privileges. (Lawrence Abrams / Bleeping Computer)
The Security Service of Ukraine (SSU) arrested a suspect in the Ivano-Frankivsk region in the Kolomyia district on accusations of running a giant malware botnet of more than 100,000 infected systems.
SSU said the suspect had advertised their services via Telegram and closed-access forums and took payment via the Russian money transfer platform WebMoney. (Catalin Cimpanu / The Record)
One of America's largest Korean-American community banking service providers, Pacific Bank, informed its clients of a ransomware attack it identified on August 30, 2021. Ransomware threat group AvosLocker is claiming the attack and has published an entry on their data leak site.
The ransomware attackers obtained a wealth of customer information, including loan application forms, tax return documents, W-2 information, names, address, and much more. The bank is offering one year of free credit monitoring and identity theft protection services through Equifax. (Bill Toulas / Bleeping Computer)
A Pearson Institute and Associated Press-NORC Center for Public Affairs Research poll shows that about 9 in 10 Americans are at least somewhat concerned about hacking that involves their personal information, financial institutions, government agencies, or certain utilities. Nearly two-thirds say they are very or extremely concerned.
About three-fourths of the respondents say the Chinese and Russian governments are major threats to the cybersecurity of the U.S. government, and at least half also see the Iranian government and non-government bodies as threatening. (Alan Suderman / Associated Press)
Related: The Hill: Cybersecurity
Chinese telecom tech giant ZTE has expanded its bug bounty scheme to focus on fixing security problems brought about by the launch of commercial 5G networks and services.
The vendor is working with bug bounty platform YesWeHack to test a range of products, including smartphones and cloud computing and database management systems. More than 30,000 researchers in YesWeHack's global network have been invited to participate in the expanded program, which offers up to $2,000 for each bug uncovered, depending on the severity level. (Eileen Yu / ZDNet)
Related: Reddit - cybersecurity
During a speech at Chatham House's cyber conference, Lindy Cameron, the head of Britain's National Cyber Security Centre, said that"Ransomware presents the most immediate danger to U.K. businesses and most other organisations.”
She also became the first U.K. government official to address the threat of spyware company NSO directly given that its Pegasus spyware was recently discovered on a high-profile UK resident’s phone. "This demonstrated something we have raised a red flag about before – the commercial market for sophisticated cyber exploitation products,” Cameron said. (Alex Martin / Sky News)
Quest Diagnostics said in an SEC filing that ReproSource, a fertility clinic owned by the company, was hit with a ransomware attack in August.
The company informed its clients that personal information leaked during the ransomware attack included names, addresses, phone numbers, email addresses, dates of birth, and billing information. Some patients’ driver's license numbers, passport numbers, Social Security numbers, financial account numbers, and credit card numbers were also leaked in the attack. Finally, the malicious actor stole a wealth of health information during the attack, including CPT codes, diagnosis codes, test requisitions, results, test reports, medical history information, health insurance or group plan identification names and numbers, and other information provided by individuals or by treating physicians. (Jonathan Greig / ZDNet)
In a two-stage phased rollout, Microsoft will add support for Bronze Bit attacks detection to Microsoft Defender for Identity to make it easier for Security Operations teams to detect attempts to abuse a Windows Kerberos security bypass bug tracked as CVE-2020-17049.
Microsoft Defender for Identity (previously Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages on-premises Active Directory signals. The flaw can bypass Kerberos delegation protection, allowing attackers to escalate privileges, impersonate targeted users, and move laterally within compromised environments. (Sergiu Gatlan / Bleeping Computer)
The Office of Management and Budget issued a memo on Friday that gives federal agencies a 90-day deadline to work with the Cybersecurity and Infrastructure Security Agency on their efforts to protect endpoints, such as computer workstations and servers.
The effort is part of President Joe Biden’s sweeping cybersecurity executive order issued in May. (Tim Starks / Cyberscoop)
Israeli cloud cybersecurity startup Wiz said it had raised $250 million in a private funding round that values the company at $6 billion.
Sequoia Capital, Index Ventures, Insight Partners, Greenoaks, Salesforce, CyberStarts, billionaire Bernard Arnault and Starbucks founder Howard Schultz participated in the round. (Steven Scheer / Reuters)
Enterprise cryptocurrency asset risk management platform company Elliptic raised $60 million in a Series C venture funding round.
Evolution Equity Partners led the round with participation from SoftBank Vision Fund 2 and existing investors AlbionVC, Digital Currency Group, Wells Fargo Strategic Capital, SBI Group, Octopus Ventures, SignalFire, and Paladin Capital Group. (Kyt Dotson / Silicon Angle)