Conti cybercrime group is on a hacking spree as researchers discover one of the shortest and most successful campaigns from 2021. Codenamed as ARMattack, the campaign targeted more than 40 organizations in less than two months. It is to be noted that the gang’s fastest attack was carried out in only three days. A new malware loader dubbed Nimbda has also caught the attention of researchers while investigating an attack campaign associated with the Tropic Trooper APT group.
In other news, several operational technology devices from 10 Industrial Control System (ICS) vendors are impacted by 56 flaws that are collectively called OT:Icefall. The flaws are yet to be patched by vendors. Meanwhile, Google has addressed 14 security vulnerabilities found in the Chrome 103 browser.
Top Breaches Reported in the Last 24 Hours
Automotive manufacturer affected
The U.S subsidiary of Nichirin Co.
was forced to halt some of its operations following a ransomware attack. According to the firm, the attack occurred on June 14 after attackers gained unauthorized access to its systems.
DDoS attacks observed
Cyber Spetsnaz has been held responsible for multiple DDoS attacks against Lithuanian government resources and critical infrastructure. The list of targets includes logistics companies, transport infrastructure, airports, and energy companies, among others.
Conti’s ARMattack campaign exposed
Conti cybercrime group ran one of its most aggressive operations to hack more than 40 companies in a little over a month. Security researchers codenamed the hacking campaign as ARMattack and revealed that it occurred between November 17 and December 20, 2021.
Top Malware Reported in the Last 24 Hours
New Nimbda loader spotted
Check Point researchers have discovered a new malware loader, dubbed Nimbda, in a new campaign associated with the Tropic Trooper APT group. Written in Nim language, the loader is a variant of the Yahoyah trojan and leverages a malicious version of the SMS Bomber tool for propagation. The attackers had used the loader to deploy TClient backdoor in the final stage of the campaign.
Top Vulnerabilities Reported in the Last 24 Hours
Flawed OpCon UNIX agent fixed
SMA Technologies OpCon UNIX has fixed a critical vulnerability in OpCon UNIX agent that resulted in the same SSH key being deployed in every installation. Tracked as CVE-2022-2154, the issue impacted the 21.2 and earlier versions of the OpCon UNIX agent.
Google patches Chrome 103
Google has announced the release of a stable version of Chrome 103 that includes patches for a total of 14 vulnerabilities. Some of these could lead to arbitrary code execution, corruption of data, or denial of service attacks. The most severe of these flaws is tracked as CVE-2022-2156 and is described as a use-after-free issue in Base.
Jacuzzi fixes critical flaws
Jacuzzi has fixed multiple security vulnerabilities in its SmartTub app, for Android and iOS, that could enable attackers to view and potentially manipulate the personal data of hot tub owners. According to researchers, the abuse of the vulnerabilities exposed the first names, last names, and email addresses of users.
MEGA patches critical flaws
MEGA has addressed multiple vulnerabilities in its cloud storage service that could have allowed threat actors to decrypt user data stored in encrypted form. According to researchers, the flaws can be abused in a variety of ways, including Plaintext Recovery attack, Framing attack, Integrity attack, and Guess-and-Purge (GaP) Bleichenbacher attack.
Advisories for OT:Icefall released
Forescout researchers have discovered a set of 56 vulnerabilities affecting devices from 10 ICS vendors. Collectively called OT:Icefall, the flaws are related to insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware update mechanisms, and native functionality abuse. Affected vendors include Baker Hughes (Bentley Nevada), Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. Vendors are yet to release patches for the flaws.
Top Scams Reported in the Last 24 Hours
Microsoft 365 users targeted
A phishing email campaign spoofed MetaMask cryptocurrency wallet provider in an attempt to steal recovery phrases from Microsoft 365 users. The recovery phrases could later enable attackers to steal NFTs and cryptocurrency from compromised wallets. The phishing email used a Know Your Customer (KYC) verification request to lure recipients into sharing sensitive data.