Risky Biz News: Members of US Congress targeted by phishing op - Risky Bulletin

Summary6 min read

Risky Business News: Members of US Congress Targeted by Phishing Operation
Release Date: December 8, 2024

In this episode of Risky Business News, host Claire Aird delves into a series of critical cybersecurity developments affecting governmental bodies, telecommunications, international law enforcement, and technology vulnerabilities. The episode, prepared by Catalyn Kimpanu, provides a comprehensive overview of recent threats and regulatory responses shaping the cybersecurity landscape.

1. Spear Phishing Campaign Targets US Congress Members

The episode opens with a concerning spear phishing campaign aimed at members of the US Congress. Attackers impersonated an unnamed US government official to deceive legislators into installing a compromised encrypted messaging app.

“[00:04] Claire Aird: In today's top story, a spear phishing campaign targeting members of the US Congress encouraged them to install a backdoored encrypted messaging app.”

This operation coincided with recent FBI advisories urging the use of encrypted communication tools, highlighting the sophistication of the attackers in exploiting timely security recommendations.

2. FCC Proposes New Cybersecurity Regulations for Telcos

In response to a series of breaches, including the significant Salt typhoon hacks attributed to Chinese actors, the Federal Communications Commission (FCC) has proposed stringent cybersecurity risk management requirements for US telecommunications companies.

“[00:04] Claire Aird: The U.S. federal Communications Commission has proposed new rules that would require US telcos to submit cybersecurity risk management plans to the agency.”

The FCC emphasizes that vulnerabilities within telcos can have cascading effects on other critical infrastructure sectors, underscoring the necessity for robust defensive measures.

3. Assessment for a Dedicated Cyber Force in the US Military

The US House and Senate Armed Services Committees have sanctioned an independent assessment, led by the National Academies of Sciences, Engineering, and Medicine, to evaluate the potential establishment of a specialized cyber force within the military.

“[00:04] Claire Aird: The US House and Senate Armed Services Committees have agreed to carry out an independent assessment of the need to create a dedicated cyber force in the US military.”

Despite initial resistance from the Pentagon earlier in the year, the proposal has been incorporated into the 2025 National Defense Authorization Act, signaling bipartisan support for enhancing military cyber capabilities.

4. TikTok Ban Upholding by US Court of Appeals

The US Court of Appeals for the District of Columbia has upheld legislation that may lead to a ban on TikTok, a move grounded in national security concerns. The court's unanimous decision reinforces the law's validity, prompting TikTok to seek a review from the Supreme Court.

“[00:04] Claire Aird: The US Court of Appeals for the District of Columbia has upheld the law that could ban TikTok in the US... TikTok says it plans to take the case to U.S. supreme Court.”

The dispute centers on Congress's mandate for TikTok to divest its US operations or face a prohibition, amidst fears of data access by the Chinese government.

5. Europol Dismantles International Phishing Gang in Belgium and Netherlands

Belgian and Dutch authorities have apprehended eight individuals suspected of operating a large-scale phishing syndicate. The group employed tactics such as impersonating law enforcement and banking institutions to defraud victims across 10 European nations, amassing losses in the millions of euros.

“[00:04] Claire Aird: Belgian and Dutch police have arrested eight suspects believed to be part of an international fishing group... losses estimated in the millions of euros.”

This takedown represents a significant victory for Europol in combating transnational cybercrime networks.

6. FBI Seizes Stolen Crypto Assets from Rain.com Exchange

The FBI has successfully seized over $500,000 in cryptocurrency assets that were illicitly obtained from the Rain.com exchange earlier in the year. While this seizure accounts for a fraction of the approximately $15 million stolen in April, it marks a decisive action against cyber theft.

“[00:04] Claire Aird: The FBI has seized over 500,000 worth of crypto assets stolen from the Rain.com cryptocurrency exchange earlier this year.”

Investigations link the attack to North Korean hacker group APT 38, who infiltrated the exchange by deceiving a Rain employee into installing malware under the guise of a fake job application.

7. Nigerian National Sentenced for Business Email Compromise Operations

US authorities have sentenced 39-year-old Okochukwu Valentine Osuju, a Nigerian national, to eight years in prison for his involvement in extensive Business Email Compromise (BEC) and romance scams. Through these operations, Osuju is believed to have illicitly accrued at least $6 million.

“[00:04] Claire Aird: US authorities have sentenced a 39 year old Nigerian national to eight years in prison for his role in a sprawling BEC operation.”

His arrest in Malaysia and subsequent extradition to the US in 2022 underscore international cooperation in tackling cyber-enabled financial crimes.

8. Abuse of Cobalt Strike Red Teaming Tool in the Wild

The latest iteration of the Cobalt Strike tool, version 4.10 released in June, has been observed being exploited by threat actors in new phishing campaigns. Hunt IO, a security firm, identified clusters of IP addresses utilizing Cobalt Strike to mimic reputable brands, enhancing the credibility of phishing attempts.

“[00:04] Claire Aird: The most recent version of the Cobalt Strike red teaming tool has been observed being abused in the wild.”

Despite Cobalt Strike's popularity among legitimate security professionals for penetration testing, its abuse in phishing underscores the challenges in securing widely used cybersecurity tools.

9. Vulnerability in Windows Explorer Exposes NTLM Credentials

Researchers have uncovered a vulnerability within Windows Explorer that allows malicious actors to extract NTLM credentials when users view certain files. This flaw affects Windows versions from Windows 7 and Server 2008 onwards.

“[00:04] Claire Aird: Researchers have discovered a vulnerability that exposes NTLM credentials when malicious files are viewed in Windows Explorer.”

In response, security company Acros has reported the issue to Microsoft and released interim micro patches to mitigate the risk for affected systems.

10. Multiple Vulnerabilities Found in Mongoose Open Source Networking Library

Ten distinct vulnerabilities have been identified in the Mongoose Open Source networking library, which is prevalent in Internet of Things (IoT) and industrial devices. These flaws allow attackers to send deceptive TLS connections, potentially causing device crashes or perpetual reboots.

“[00:04] Claire Aird: Researchers have discovered 10 vulnerabilities in the Mongoose Open Source networking library.”

The widespread use of Mongoose in critical systems means that many devices may remain vulnerable for extended periods, especially in sectors where updates are infrequent.

11. New Attack Exploits SD Express Standard for Memory Access

Russian security firm Positive Technologies has developed an attack vector targeting the SD Express standard, enabling unauthorized access to device memory via malicious SD cards. This "Damage Card" exploit leverages the standard's allowance for direct memory access.

“[00:04] Claire Aird: Russian security firm Positive Technologies has developed a new attack that exploits the SD Express standard to gain access to a device's memory through its card reader named Damage Card.”

While the adoption of SD Express is currently limited, the potential for such attacks poses significant risks as the standard becomes more widespread.

12. Apple Acquires Firefox Add-On for iCloud Passwords

Apple has assumed ownership of the popular Firefox add-on "iCloud Passwords," which facilitates the autofill of passwords from the iCloud Keychain app into Firefox browsers. This acquisition marks Apple's second official Firefox extension, following "iCloud Bookmarks."

“[00:04] Claire Aird: Apple has taken ownership of a popular Firefox browser, add on, named iCloud passwords.”

The integration of iCloud Passwords into Firefox enhances cross-platform password management for Apple users, aligning with Apple's broader ecosystem strategy.

This episode of Risky Business News provides an in-depth look at the evolving cybersecurity threats and the measures being taken both by governmental bodies and private entities to address them. From sophisticated phishing campaigns targeting legislators to vulnerabilities in widely used technologies, the episode underscores the dynamic and multifaceted nature of cybersecurity challenges in 2024.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
A fishing operation targets members of Congress the FCC proposes new telco cyber rules following the Salt typhoon hacks, Europol detains a major fishing gang in Belgium and the Netherlands and a new attack targets the SD Express card standard. This is Risky Business News prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 9th of December and this podcast episode is brought to you by Proofpoint. In today's top story, a spear phishing campaign targeting members of the US Congress encouraged them to install a backdoored encrypted messaging app. The campaign took place after the FBI urged Americans to start using encrypted messaging apps last week. According to nextgov, the attackers posed as an unnamed US government official. The US House Sergeant at Arms sent a warning to elected officials about the ongoing campaign. The U.S. federal Communications Commission has proposed new rules that would require US telcos to submit cybersecurity risk management plans to the agency. The proposal comes in the aftermath of a Chinese hack that breached multiple US telcos over the last two years. The agency warned that breaches at telcos can easily impact other critical sectors. The US House and Senate Armed Services Committees have agreed to carry out an independent assessment of the need to create a dedicated cyber force in the US military. The assessment will be conducted by the National Academies of Sciences, Engineering and Medicine. Earlier this year, the Pentagon tried to stop the independent assessment, but it made it into the 2025 National Defence Authorisation act on Saturday. The US Court of Appeals for the District of Columbia has upheld the law that could ban TikTok in the US. In January, the court rejected TikTok's argument that the law is unconstitutional and violates the First Amendment. The court passed the ruling with a unanimous vote. TikTok says it plans to take the case to U.S. supreme Court. The company sued the U.S. government after Congress passed the law, which demands the Chinese company divest its U.S. assets or face a ban on national security grounds. Belgian and Dutch police have arrested eight suspects believed to be part of an international fishing group. Officials say the gang was behind large scale phishing campaigns that tried to get into people's banking accounts. The group posed as police or banks and even approached some of their victims at their homes. Police say the gang had victims in 10 European countries with losses estimated in the millions of euros. The FBI has seized over 500,000 worth of crypto assets stolen from the Rain.com cryptocurrency exchange earlier this year. The sum represents only a small fraction of the nearly $15 million that hackers stole from the exchange in April, according to court documents. The hack took place after North Korean hackers tricked a RAIN employee into infecting their system with malware while applying for a fake job. The FBI says that Mandiant linked the attack to APT 38. US authorities have sentenced a 39 year old Nigerian national to eight years in prison for his role in a sprawling BEC operation. Okochukwu Valentine Osuju is believed to have made at least $6 million from both BEC and romance scams. He was arrested in Malaysia and extradited to the US in 2022. The most recent version of the Cobalt Strike red teaming tool has been observed being abused in the wild. Security firm Hunt IO says it discovered a cluster of IP addresses running Cobalt Strike 4.10, which was released in June. The company says the servers impersonate well known brands, suggesting they might be used in phishing campaigns. Cobalt Strike is a popular tool abused by threat actors, but most attacks take place using old cracked versions of the software. Security researchers have discovered a vulnerability that exposes NTLM credentials when malicious files are viewed in Windows Explorer. Their vulnerability impacts Windows versions all the way Back to Windows 7 and Server 2008. Security company Acros reported the bug to Microsoft and has issued its own set of micro patches for affected operating systems. Researchers have discovered 10 vulnerabilities in the Mongoose Open Source networking library. The vulnerabilities can be exploited by sending malicious TLS connections to devices running the library. Most of the vulnerabilities can be used to crash devices or cause continuous reboots whilst the vendor released a security patch. The vulnerabilities are likely to linger for years because the library is commonly used with IoT and industrial gear that doesn't often get updated. The bugs were found by Nozomi. Russian security firm Positive Technologies has developed a new attack that exploits the SD Express standard to gain access to a device's memory through its card reader named Damage Card. The attack exploits the fact that new SD Express standard allows direct memory access. Researchers say this access can be abused via malicious custom built SD Express cards plugged into a target device. Fortunately, there is still relatively low adoption of the new SD Express standard. And finally, Apple has taken ownership of a popular Firefox browser, add on, named iCloud passwords. The add on lets users autofill passwords from the iCloud Keychain app when signing into websites using Firefox. The Add On's ownership was transferred to Apple with the original developer's approval. This is now Apple's second official Firefox add on after iCloud Bookmarks, an extension that syncs Firefox and Safari bookmarks. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Proofpoint. Find them@proofpoint.com thanks for your company.