Today’s Cybersecurity Threats and Trends - 10/01/2024

Multiple crypto miners get lost in the PhaaS.

Author

J.W. Croley
October 01, 2024

1. Docker Cryptojacking and Miner Madness

Primary Threat: A new cryptojacking campaign is exploiting Docker API and Kubernetes clusters to create a malicious botnet. According to Datadog research, attackers are leveraging exposed Docker endpoints to deploy cryptocurrency miners across compromised containers. The malware uses sophisticated lateral movement techniques to spread across Docker, Kubernetes, and SSH systems, turning infected hosts into part of a cryptocurrency mining botnet.

  • MITRE Tactics: Execution, Lateral Movement

  • Risk: High – Docker and Kubernetes remain vulnerable to resource hijacking without proper configuration.

2. Patelco Credit Union Plundered

Primary Threat: Patelco Credit Union experienced a data breach impacting over one million members. Personal information such as names, dates of birth, driver’s licenses, and Social Security numbers were stolen. The attack, believed to be carried out by the RansomHub gang, led to significant service disruptions, including the outage of their online banking and mobile systems. Patelco is providing victims with credit monitoring and identity protection services.

  • MITRE Tactics: Exfiltration, Impact

  • Risk: High – Personal and financial information is at risk, increasing the likelihood of identity theft.

Did you know…?

The first Docker release in 2013 revolutionized cloud computing by allowing developers to package applications into lightweight containers. But today, those same containers have become a hot target for cryptojacking attacks, where hackers hijack system resources to mine cryptocurrency. This modern-day threat mirrors the early rise of botnets in the 2000s, which used compromised machines for spamming or DDoS attacks.

The rise of Docker cryptojacking shows how attackers continually adapt to new technologies!

3. Apache2 Malware Mines Crypto

Primary Threat: A newly discovered malware campaign targets Apache2 web servers to deploy crypto-miners and conduct DDoS attacks. According to Elastic Research, attackers use sophisticated malware, including RUDEDEVIL and KAIJI, to hijack system resources. These bots are leveraged to mine cryptocurrency and abuse gambling APIs to launder money. The attackers maintain persistence through cron jobs and utilize C2 channels disguised as kernel processes.

  • MITRE Tactics: Persistence, Execution

  • Risk: High – Critical web servers can be used for resource exploitation if not secured.

4. BBTok Targets Brazilian Corporations

Primary Threat: The BBTok malware, primarily targeting Brazilian organizations, uses an intricate infection chain beginning with email attachments in ISO format. G Data's research reveals that the malware leverages Microsoft’s Build Engine to compile malicious code on the target system. It uses AppDomain Manager Injection to execute the payload and maintain persistence. The malware is capable of exfiltrating data and avoiding detection through advanced obfuscation techniques.

  • MITRE Tactics: Execution, Persistence

  • Risk: Medium – Advanced obfuscation techniques make detection difficult, allowing the malware to compromise sensitive data.

5. Sniper Dz Casts a Wide Net

Primary Threat: The Sniper Dz phishing-as-a-service (PhaaS) platform has been linked to over 140,000 phishing attacks worldwide. Unit 42 research highlights the platform's infrastructure and tactics, which allow cybercriminals to deploy phishing attacks easily. The platform is used to steal credentials by targeting popular brands and SaaS services. Sniper Dz is unique because it offers its services free of charge, making it accessible to a wide range of cybercriminals.

  • MITRE Tactics: Credential Access, Initial Access

  • Risk: High – The rise of phishing-as-a-service platforms has made it easier for criminals to carry out credential-stealing campaigns.

IN SUMMARY:

Today’s cyber threats showcase a mix of critical vulnerabilities and rising cybercrime. From cryptojacking attacks targeting Docker clusters to the massive Patelco data breach, it’s clear that attackers continue to evolve their methods.

Also, things like the malware targeting Apache2 servers and the BBTok malware underline the need for businesses to bolster their defenses.

Lastly, the rise of Sniper Dz’s phishing tools highlights how easy it’s becoming for criminals to launch attacks at scale.

Patch up, monitor closely, and stay vigilant!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)