15 December 2023

Recent Cyber Threats and Breaches:

■ MITRE Introduces EMB3D for Critical Infrastructure Threat Modeling

MITRE launches EMB3D, a new framework designed to map cyber threats, vulnerabilities, and flaws, aiming to fortify defense mechanisms for operational technology and industrial control systems.

■ Ten New Android Banking Trojans Target Nearly 1,000 Bank Apps

In 2023, the discovery of ten sophisticated Android banking trojans showcases advanced capabilities, including automated transfers, social engineering, and live screen-sharing features, targeting around 985 bank apps.

■ Box.com Faces Critical Outage Affecting Cloud Storage Access

Box.com, a cloud storage provider, experiences a critical outage preventing users from accessing their stored files, impacting their cloud storage service.

■ Delta Dental Data Breach Exposes Data of 7 Million Individuals

Delta Dental of California reports a data breach affecting nearly seven million individuals due to a security incident involving their MOVEit Transfer software.

■ Kraft Heinz Investigates Potential Hack Claims

Kraft Heinz responds to claims made by an extortion group regarding a data breach, asserting that their systems continue to operate normally, and no evidence suggests a breach.

Cybersecurity Developments and Insights:

■ NKAbuse: New Malware Abuses NKN Blockchain for Covert Communication

'NKAbuse,' a newly discovered Go-based malware, utilizes NKN (New Kind of Network) technology for covert data exchange, enhancing its stealth capabilities.

■ Pierogi++ Malware Updated by Gaza Cyber Gang

The discovery of an updated version of the Pierogi++ malware suggests continuous refinement by the Gaza Cyber Gang to maintain persistent access to targeted networks.

■ Iranian OilRig Group Deploys New Malware Downloaders

The Iranian OilRig group deploys three new malware downloaders—ODAgent, OilCheck, and OilBooster—alongside an updated SampleCheck5000 to obfuscate attack infrastructure.

■ Approval Phishing Scams Drain $1 Billion in Cryptocurrency

Chainalysis reports that approval phishing scams have led to over $1 billion in cryptocurrency losses since May 2021, particularly impacting victims of romance scams.

■ Wyoming Shell Companies Linked to Cybercrime Activities

Wyoming LLCs are being implicated in high-profile hacking activities due to the state's easy registration process for anonymous shell companies, creating a virtual hub for cybercriminals.