Cybersecurity Threats and Trends - 12/12/2024

A Lynx delivers quite a shock to energy suppliers, Krispy Kreme has some security doughnut holes, and Termites infest Cleo.

Author

J.W. Croley
December 12, 2024

In partnership with

There’s a reason 400,000 professionals read this daily.

Join The AI Report, trusted by 400,000+ professionals at Google, Microsoft, and OpenAI. Get daily insights, tools, and strategies to master practical AI skills that drive results.

1. Termite Ransomware Exploits Cleo Zero-Day Vulnerability

Primary Threat: A newly discovered zero-day vulnerability in Cleo software, tracked as CVE-2024-50623, is being actively exploited in the wild by the Termite ransomware group. According to Huntress Labs, attackers leverage the flaw to gain unauthorized access, deploy ransomware, and encrypt sensitive data within affected systems. Cleo has issued a product advisory urging users to apply patches immediately.

  • MITRE Tactics: Initial Access, Impact

  • Risk: High – Active exploitation of this vulnerability in critical file transfer systems could result in operational disruptions and significant data loss.

2. Fake Recruiters Spread Banking Trojan to Mobile Devices

Primary Threat: Threat actors are posing as recruiters to distribute Applite, a new variant of the Antidot banking trojan. Zimperium zLabs reveals that the malware is disguised as job offers sent via phishing emails. Once installed, Applite collects banking credentials and financial data, targeting both personal and enterprise devices.

  • MITRE Tactics: Initial Access, Credential Access

  • Risk: Medium – Compromised devices can lead to financial fraud and unauthorized access to sensitive business accounts.

3. Krispy Kreme Cyberattack Disrupts Online Operations

Primary Threat: Krispy Kreme has reported a cyberattack that disrupted its online ordering systems and operations. The company disclosed the incident in an SEC Form 8-K filing, indicating that attackers gained unauthorized access to their digital infrastructure. The breach has impacted customer transactions and highlights the increasing vulnerability of online retail platforms.

  • MITRE Tactics: Initial Access, Impact

  • Risk: Medium – Breaches affecting consumer-facing systems can lead to reputational damage and customer data loss.

Did you know...?

Ransomware attacks on critical infrastructure, such as energy suppliers, have surged in recent years. Groups like Lynx often target operational technology (OT) environments, where disruptions can have far-reaching consequences.

The first well-documented ransomware attack on OT systems occurred in 2021, when Colonial Pipeline was breached, leading to fuel shortages across the U.S. Such attacks highlight the critical need for OT-specific cybersecurity strategies.

4. Ivanti Cloud Services Application Maximum Severity Bypass

Primary Threat: Ivanti has identified a critical authentication bypass vulnerability in its Cloud Services Application (CSA), affecting multiple versions. The flaw, tracked as CVE-2024-11639, allows attackers to gain unauthorized access to the application, posing risks to cloud environments. Ivanti has released patches and recommends immediate updates to mitigate exploitation.

  • MITRE Tactics: Credential Access, Privilege Escalation

  • Risk: High – Unauthorized access to cloud services could lead to significant data breaches and system compromise.

5. WPForms Plugin Vulnerability Affects WordPress Sites

Primary Threat: A vulnerability in the WPForms WordPress plugin enables attackers to issue unauthorized Stripe refunds and cancel subscriptions on affected sites. Wordfence reports that this flaw, affecting over 6 million WordPress sites, has been patched, and site administrators are urged to update immediately to protect against exploitation.

  • MITRE Tactics: Execution, Impact

  • Risk: Medium – Financial manipulation on compromised sites can lead to financial losses and operational disruptions.

6. Lynx Ransomware Targets Electrica Energy Supplier

Primary Threat: The Romanian energy supplier Electrica has fallen victim to a ransomware attack attributed to the Lynx ransomware group. The attack disrupted operational systems and was confirmed in a DNSC bulletin. Indicators of compromise (IOCs) suggest a highly targeted operation aimed at critical energy infrastructure.

  • MITRE Tactics: Initial Access, Impact

  • Risk: High – Attacks on energy suppliers pose significant risks to national infrastructure and operational continuity.

IN SUMMARY:

Today’s cybersecurity landscape highlights diverse and escalating threats.

From Termite ransomware exploiting zero-day vulnerabilities in Cleo software to fake recruiter scams targeting mobile devices, attackers are innovating to breach defenses.

The impact on Krispy Kreme’s online operations and critical flaws in Ivanti’s CSA emphasize the urgency of patch management and vigilance.

Meanwhile, Lynx ransomware’s attack on Electrica underscores the risks to critical infrastructure, while WordPress sites face financial vulnerabilities due to the WPForms plugin flaw.

Remember: Patch quickly, educate employees about phishing risks, and monitor critical infrastructure closely.

In cybersecurity, preparedness is always better than recovery.

(P.S. Check out our partners! It goes a long way to support this newsletter!)