Today’s Cybersecurity Threats and Trends - 08/07/2024

Rhinos and Rhadamanthys stealing all your data.

Author

J.W. Croley
August 07, 2024

1. SharpRhino’s Stealthy Strike

Primary Threat: The Hunters International ransomware gang has introduced a new Remote Access Trojan (RAT) named SharpRhino, specifically targeting remote IT workers. The group uses typosquatting of IP scanning websites as the initial distribution point for the malware. This malware is designed to infiltrate enterprise environments, exfiltrate sensitive data, and then deploy ransomware, leaving organizations crippled and extorted.

  • MITRE Tactics: Initial Access, Persistence, Exfiltration, Impact

  • Risk: High – Financial loss, operational disruption, and data breaches.

2. Record-Breaking Data Breach Disaster

Primary Threat: In one of the largest data breaches ever, personal information of 2.9 billion people, including full names, addresses, and Social Security numbers, may have been exposed. This was discovered when an identity protection service discovered a users information available in a 3.5 million dollar database sale on the Dark Web. The breach, which affected National Public Data, highlights the need for tighter security controls around sensitive data.

  • MITRE Tactics: Collection, Exfiltration

  • Risk: High – Widespread identity theft and financial fraud.

3. Rhadamanthys Info Stealer Rampage

Primary Threat: The Rhadamanthys Info Stealer has been making waves, targeting Israeli Windows users through phishing emails and malicious ads. This sophisticated information stealer employs process injection and complex detection evasion, which includes virtual machine and debugger detection and time-based evasion. Once installed, this info stealer captures sensitive information such as banking details, login credentials, and other personal data, which is then sold on the Dark Web.

  • MITRE Tactics: Collection, Credential Access, Persistence, Defense Evasion

  • Risk: High – System compromise, unauthorized access, and theft of sensitive personal and financial information.

4. Western Digital’s WD Discovery App Flaw

Primary Threat: A critical vulnerability in Western Digital's WD Discovery app, tracked as CVE 2024-22169, has been discovered. The vulnerability comes about due to the Node.js environment settings in the WD Discovery App. This flaw allows attackers to execute arbitrary code on affected systems, potentially leading to full control over the device and data loss. Western Digital has released an emergency patch, but many systems remain unpatched and vulnerable.

  • MITRE Tactics: Initial Access, Execution

  • Risk: High – Full system compromise and potential data loss.

5. Dark Web Data Dumps Surge

Primary Threat: As referenced earlier in the National Public Data breach, the Dark Web is seeing a surge in data dumps from various recent breaches, including credit card information, medical records, and login credentials. Cybercriminals are monetizing this data at an alarming rate, fueling further criminal activities and making it increasingly difficult for victims to recover. Now, more than ever, it is critically important to be cautious about the information you share and host online.

  • MITRE Tactics: Collection, Exfiltration

  • Risk: High – Financial loss, identity theft, and prolonged recovery times for victims.

IN SUMMARY:

The Cyber-Savanna is as wild as ever! With SharpRhino charging through IT departments and record-breaking data breaches exposing billions, cyber predators are always on the prowl.

Also, Rhadamanthys is on a data-stealing rampage, and Western Digital's WD Discovery app flaw is leaving devices vulnerable.

Meanwhile, the Dark Web is surging with stolen data.

Remember: Patch early, patch often, and it’s ALWAYS better to be paranoid than pwned.

J.W.