Probably not the most accurate translation, but super interesting read @TakahiroS san.
Andy
English translation:
Weekly Cybersecurity Threat Report (July 22, 2024) "Data breaches in mobile location-based apps - Check Point Research's Q2 2024 cyberattack trend report, etc."
This is an excerpt from the weekly cybersecurity threat report for July 22, 2024 by the Check Point Research team.
Click below for the original English version.
https://research.checkpoint.com/2024/22nd-july-threat-intelligence-report/
This week's TOP cyberattacks and security breaches
American Bassett Furniture Industries was the victim of a ransomware attack that encrypted data files and shut down its manufacturing facilities. The company's operations have been significantly disrupted, affecting its ability to process orders, despite its retail stores and e-commerce platform remaining open. No ransomware group has yet claimed responsibility.
Overseas location-based security app Life360 and project management tool Trello have been victims of data leaks due to flaws in their respective APIs. The Life360 breach exposed personal information of 442,519 customers, including email addresses, names, and phone numbers, while the Trello breach exposed 21.1GB of data, including full names, email addresses, and board members for millions of users. Both breaches were perpetrated by a threat actor known as "emo," who published the stolen data on dark web forums.
Humanitarian organizations CARE International, the Norwegian Refugee Council, and the King Salman Humanitarian Aid and Relief Center in Saudi Arabia fell victim to a cyberattack that deployed Android spyware designed to collect sensitive information. The attack was attributed to a pro-Houthi threat group known as OilAlpha, where malicious apps masquerading as legitimate organizations stole victims' data and credentials.
Check Point's Harmony Endpoint has protection against this threat [RAT.Wins.OilAlpha].
American boat retailer MarineMax suffered a ransomware attack and a data breach affecting more than 123,000 people. The Rhysida ransomware group claimed responsibility and stole files containing financial documents and personal information.
Check Point's Harmony Endpoint and Threat Emulation have defenses against this threat [Ransomware.Win.RansomHub; Ransomware.Wins.RansomHub.ta.*].
Indian cryptocurrency company WazirX confirmed that a data breach caused the loss of $230 million, nearly half of the company's reserves. The breach compromised multi-sig wallets and led to the theft of over 200 cryptocurrencies, including SHIB, Ethereum, Matic, Pepe, USDT and Gala tokens. The attackers are reportedly affiliated with North Korea.
A Ukrainian defense-related company was attacked by the UAC-0180 threat group. The attack involves emails with ZIP file attachments containing malicious PDF links. At the end of the infection chain, the bootloader facilitates the download and execution of the ATERA remote control program.
Australian healthcare company MediSecure was hit by a ransomware attack, resulting in the theft of 6.5TB of data from approximately 12.9 million Australians. The data includes names, contact details, and medical details. No ransomware group has yet claimed responsibility.
About vulnerabilities and patches
The recently disclosed critical remote code execution vulnerability CVE-2024-27348 affects Apache HugeGraph-Server and is actively being exploited in the wild. The flaw exists in the Gremlin graph traversal language API and affects all versions prior to 1.3.0, allowing attackers to bypass sandbox restrictions and take full control of the server.
Check Point IPS has protection against this threat [Apache HugeGraph Server Remote Code Execution (CVE-2024-27348)].
SolarWinds has released a security update for its Access Rights Manager (ARM) software to address 13 vulnerabilities. Eight critical flaws, including CVE-2024-23472, CVE-2024-28074, and CVE-2024-23469, could allow attackers to read or delete files or execute code with elevated privileges.
Cisco's SSM On-Prem and SSM Satellite products contain a critical vulnerability, CVE-2024-20419, that could allow attackers to change any user or administrator password. The vulnerability is rated CVSS 10 and does not require user interaction or privileges. To exploit the vulnerability, an attacker must send a crafted HTTP request to access the Web UI or API with compromised user privileges.
Cyber Threat Intelligence Report
Check Point Research reports on recent activity from the Iranian APT group MuddyWater. Since October 7, the group has significantly increased its activity against Israel, while simultaneously targeting victims in Saudi Arabia, Turkey, Azerbaijan, India and Portugal. The group uses a new custom backdoor named BugSleep.
Check Point's Harmony Endpoint and Threat Emulation have defenses against this threat [APT.Wins.MuddyWater.ta*; APT.Win.MuddyWater].
Check Point Research has released its Cyber Attack Trends Report for Q2 2024. According to the report, global cyber attacks in Q2 2024 increased 30% year-on-year, reaching an average of 1,636 attacks per organization per week. The largest increase was in the education/research sector, which increased 53% to 3,341 attacks. Africa had the highest weekly average of 2,960 attacks, while Latin America saw a 53% increase in attacks compared to the previous year.
Researchers have analyzed the rise in cyber threats targeting the 2024 Paris Olympics, revealing a significant increase in darknet activity linked to French organizations, with threats increasing by 80% to 90% since the second half of 2023. Key concerns include phishing scams, ticket fraud, and the use of infostealers like Racoon, which account for 59% of detections in France.
Check Point's Harmony Endpoint and Threat Emulation have defenses against this threat [InfoStealer.Win.Raccoon; InfoStealer.Wins.Raccoon].
Researchers have discovered a large-scale ad fraud operation called "Konfety" on the Google Play Store that combines more than 250 decoy and malicious "evil twin" apps. The scheme spoofs app IDs to commit ad fraud and sideload malware, generating up to 10 billion ad requests daily.
