Transcript
David Shipley (0:03)
Cybercriminals target HR professionals with Venom Spider malware Faked AI video generators drop new Noodle file Infostealer malware Rumors of a massive cyber attack fly alongside missiles in the India Pakistan conflict, and CISA warns of a cyber attacks targeting the U.S. oil and gas infrastructure. This is Cybersecurity Today and I'm your host David Shipley. Threat actors are targeting organizations by disguising their malware payloads as resume submissions to human resources departments. Sean Nichols from SC Media reported this weekend that a privately run malware operation known as Venom Spider has been targeting HR professionals by way of phony resume submissions and fake personal websites pretending to be job seekers. The threat actors are believed to be financially motivated, using the malware to harvest user credentials and account details from infected systems. In the past, Venom Spider looked for low hanging fruit, typically going after e commerce sites and payment portals. However, the threat actors have broadened their horizons and have pivoted to targeting HR portals and job hunting services such as LinkedIn as the initial threat factor. The turn in Venom Spider's tactics was reported by Arctic Wolf. Going after HR teams with resume themed lures is a tried and true cybercriminal tactic. Some of the earliest stories on this go back to 2017 when ransomware gangs turned to fake job applications to distribute their malware. In addition to specific training for HR teams who handle submitted resumes via email or online portals, providing tools to help these teams either in the form of safer submission methods or additional scanning and scrutiny for files sent to them is well warranted. It's also a reminder to everyone listening that attackers recycle tactics. And it's not just about focusing your defensive efforts on the latest and greatest trends in threat actor activity. What's old often becomes new again. Fake AI powered video generation tools are being used to distribute a new information stealing malware family called nudelofile under the guise of generated media content. The websites use enticing names like Dream Machine and are advertised on high visibility groups on Facebook posing as advanced artificial intelligence tools that generate videos based on uploaded user files. Reports Build Toolless for bleeping computer Although the use of AI tools to deliver malware isn't a new concept and it's been adopted by cybersecurity criminals who are quite experienced. The discovery of the latest campaign by Morphisec introduces a new infostealer into the mix. As a reminder, the recent Disney Slack data breach was also the result of someone downloading what they thought was an AI tool. Noodle file is a New Information Stealer Malware that targets data stored on web browsers like account credentials, session cookies, tokens and cryptocurrency wallet files. Quote Mudlo File Stealer represents a new addition to the malware ecosystem. Previously undocumented in public malware trackers or reports, this stealer combines browser credential, theft, wallet exfiltration and optional remote access deployment. End quote Explain the Morphisec researchers Stolen data is exfiltrated via Telegram bot, which serves as a covert command and control or C2 server, giving attackers real time access to stolen information. Amidst the chaos of the current India Pakistan conflict, rumors of impending cyber attacks on India's financial services sector have been circulating across social media in a massive misinformation campaign. India's Business Today reported Friday that a wave of misinformation was circulated on social media platforms, particularly WhatsApp, warning users of a supposed nationwide cyber attack. The viral message falsely claimed that a ransomware attack attributed to Pakistan will lead to all ATMs in the country being shut down for two to three days. The message also references a so called video titled Dance of the Hillary, which it alleges contains a virus capable of formatting users mobile devices upon being opened. Indian authorities have confirmed that no such threat is known to exist. India's Press Information Bureau, or pib, has officially debunked the claims, labeling them as entirely false. PIB urged the public not to believe or forward these kinds of messages, emphasizing the importance of verifying information before sharing it. Officials continue to encourage users to rely on trusted sources for cybersecurity updates and to record suspicious content to help curb the spread of misinformation. This latest misinformation campaign comes in the heels of rumors that Pakistan's military had hacked up to 70% of India's power grid, another claim that India has strongly rebuked. Interestingly, India appeared to engage its financial services sector ahead of its military action last week, with the Indian Express reporting that major banks have been warned to step up their cybersecurity efforts. On Friday evening, India's finance minister also chaired a review meeting on cybersecurity preparedness of banks and financial institutions. The Cybersecurity and Infrastructure Security Agency, or cisa, along with the FBI, Department of Energy and Environmental Protection Agency, has warned organizations of cyber attacks targeting operational technology and industrial control Systems in the U.S. oil and natural gas sector, according to the government agencies. While cybercriminals usually implement basic and elementary intrusion techniques for attacks on such infrastructure, the presence of poor cyber hygiene and exposed assets can lead to severe impact, including operational disruptions and physical damage. Shweta Shawarma reports for CISO Online. Gabriel Hempel, security operations strategist and threat intelligence researcher for the Exabeam 1018 team, echoed the advisory's concern in an interview with CSO Online. Quote there's definitely some systemic negligence in addressing known vulnerabilities, end quote Hempel said the energy sector and a lot of critical infrastructure often relies on legacy systems, either not having the means or the knowledge to properly lock down their landscape, end quote A reminder for Canadian listeners that Canada failed to pass cyber critical infrastructure legislation this spring for its oil and gas sector, and that Canada suffered a major breach in the last few years where a Russian threat actor tried to actually cause a physical incident. CESA's warning comes as it faces a nearly 20% budget cut and a strategy shift at the federal level to shift more responsibility to the state level. Both of these moves could leave the nation more at risk from hostile actors targeting critical infrastructure. Finally, if you haven't listened to Jim's phenomenal weekend interview with Daniel Brulis, the former National Labor Relations Board IT staffer and now high profile whistleblower on security issues related to Doge, you should take 30 minutes and catch up. Jim and Daniel dive into a series of significant security lapses that defy logic and reason. We are always interested in your opinion and you can contact us at editorialechnewsday ca or leave a comment under the YouTube video. I've been your host David Shipley, setting in for Jim Love, who will be back on Wednesday. Thanks for listening.