Hello and welcome to Gone Phishing, a handy look at the last week in phishing news. It looks like... hey! This is the first one of these things. I'm thrilled to have you reading this and look forward to doing this for many weeks to come.
- Hugely popular NFT marketplace OpenSea experienced a data breach after (allegedly, we legally have to add) an employee of their email vendor, Customer.io, downloaded their entire email marketing list and then shared some 600,000 email addresses with an unauthorised third party. According to BleepingComputer, OpenSea has over $20B in transaction volume which makes them a big target, and this isn't the first big breach they've had.
- The Ukrainian police force has arrested 15 in connection with a hacking / phishing ring that took some $3.4m USD from Ukrainian citizens believing they were linking their bank accounts to European Union social safety net payments. The group allegedly created 400+ websites in order to achieve this, and face 15 years in jail for their crimes.
- Ransomware-as-a-Service (RaaS) is making a big splash in general — we published an article on PhaaS late last week — but ransomeware syndicate Black Basta are the current darlings of the nascent RaaS scene after amassing 50+ victims since April. What makes the attacks so effective is, according to The Hacker News, "the actors behind Black Basta have developed a Linux variant designed to strike VMware ESXi virtual machines (VMs) running on enterprise servers, putting it on par with other groups such as LockBit, Hive, and Cheerscrypt." Black Basta got a pretty big land after successfully phishing Elbit Industries, an American defence, cybersecurity, and aerospace manufacturer.
- ReversingLabs reports that AstraLocker is running an old-school phishing campaign using an .EXE file buried within a .DOC attachment. It encrypts your hard drive and threatens you with mass-deletion unless you pay them in cryptocurrency. As usual, don't click on shady attachments!
- A critical failure in Zoho's ManageEngine ADAudit Plus (which itself monitors changes to Microsoft Active Directory) meant that users were left open to attacks. Speaking to DarkReading, Horizon3.ai chief architect Naveen Sunkavally said, "“ADAudit Plus is a tool that's used for compliance and auditing, which is a common need for many companies spanning different verticals,” he says. “This vulnerability has been found to be present in many types of environments, from healthcare and technology to construction and local governments.”
- Apple — you may have heard of them — just announced that they're implementing a new mode into the upcoming iOS 16 release called 'Lockdown Mode' that is designed to "help protect users who may be personally targeted by some of the most sophisticated digital threats." In a recent Apple press release, Apple’s head of Security Engineering and Architecture Ivan Krstić elaborates further: “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.” Amongst other things, 'Lockdown mode' is able to turn off iMessage, Facetime, and even shield Safari (their iPhone web browser) from connecting to anything shady. This is pretty damn big news for anyone interested in cybersecurity, and the whole press release is worth reading.
- Hey, it's another Apple news item! Towards the bottom of the 'Lockdown Mode' announcement is an interesting tag aimed towards white-hat bounty hunters: "Apple has ... established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 — the highest maximum bounty payout in the industry."
Here's some fun stuff from our blog this week:
That's it from me! Enjoy your week, and as always, happy hoxhunting.