RedLine stealer MaaS latest example of hackers exploiting generative AI technologies as AI platforms gain popularity

As generative AI platforms like OpenAI’s ChatGPT and Google Bard continue to dominate headlines, cybercriminals have been quick to target victims in new, unsuspecting ways. According to security researchers at Veriti, a new “malware-as-a-service (MaaS) campaign that leverages the popularity of these AI platforms to distribute a strain of malware known as RedLine Stealer,” reads a Veriti blog post.

The potential for threat actors to leverage this latest technology for their own nefarious uses is impressive. Generative AI platforms can package AI in mobile applications or as open source, which, according to Veriti researchers, “creates the perfect excuse for malicious actors to trick naïve downloaders.” That means “the potential impact of such attacks is significant, as hackers could steal confidential data, compromise financial accounts, or even disrupt critical infrastructure,” the researchers wrote. “Moreover, these attacks are becoming more sophisticated, making detecting and preventing them harder.”

In the case of the MaaS RedLine Stealer, cybercriminals steal data from compromised devices, allowing individuals with even limited technical knowledge to launch sophisticated cyberattacks. Because “the MaaS ecosystem operates through online forums that act as marketplaces for malicious actors to advertise their malware and stolen data, the forums offer a range of services, including access to malware, stolen data and even hacking tools,” say Veriti researchers.

RedLine Stealer, in particular, “is designed to steal sensitive information from web browsers, including credit card details, saved credentials and autocomplete data.” It can also gather information on the user, location, hardware, and installed security software, upload and download files, execute commands, and send back information about the infected computer at regular intervals. Verity warns that organizations would be wise to “recognize that the availability of MaaS and other types of tactics, threats and procedures, is growing quickly and becoming more difficult to detect.”

Read: https://securityboulevard.com/2023/04/hackers-exploit-generative-ai-to-spread-redline-stealer-maas/

Multiple salesforce websites have disclosed personal information

A popular cloud-based software program called Salesforce Community makes it simple for businesses to swiftly construct websites. However, on their open Salesforce Community websites, a startling number of businesses, notably banks and medical firms, are disclosing confidential and private information. A configuration error in Salesforce Community that enables an unauthorized user to view records that should only be accessible after logging in is the root cause of all the data exposures.

Moreover, unintentionally granting visitors permission to utilize internal resources is a common occurrence among Salesforce administrators. Chief Information Security Officer for Vermont Scott Carbee reported that his security teams have been thoroughly reviewing their Salesforce Community sites and have already discovered one additional state-run Salesforce site that was also incorrectly configured to permit visitor access to sensitive data.

Akiri’s research was used by KrebsOnSecurity on Monday to alert Washington, D.C. city officials that at least five separate public D.C. Healthcare websites were exposing private data. The entire name, address, Social Security number, date of birth, license number, and expiration of one D.C. Health Salesforce Community website for healthcare professionals looking to renew their city licenses were among the information that was exposed.

Read: https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/

Paul Thacker defends Tucker Carlson, says WHO stealth-edited vaccine information to censor Tucker

On April 28th, Paul Thacker, former lead investigator to Sen. Chuck Grassley, joined the Tucker Carlson debate by publishing an article on the topic over at The Disinformation Chronicle. In his article, Thacker outlined the massive role of the media in shaping popular narrative while simultaneously cautioning against the danger of a single, curated story.

According to Thacker, Tucker Carlson was the black sheep of journalism, easily scapegoated by his fellow journalists for his controversial hot takes. Thacker, however, believes Carlson was the unwitting victim of an organized attack designed to publicly discredit him and his opinions. Nowhere was this more clearly observed, says Thacker, than when Carlson publicly called out the World Health Organization for backtracking on its original advice to not vaccinate young children during the early days of the pandemic.

When Carlson’s June 2021 report on the WHO’s vaccine recommendations hit Twitter, Thacker claimed that the WHO stealth edited their COVID vaccine page to remove language Tucker cited in his op-ed. The following day, Twitter officials began discussing Tucker’s essay and how to limit its impact without calling attention to Tucker and creating “political risks” for Twitter by directly censoring Fox News.

In several leaked emails, Twitter officials can be found scrambling back and forth to control vaccine information and limit damage to the WHO’s reputation. According to a previously reported Twitter File, Twitter began helping their client Johnson & Johnson market the pharma company’s COVID vaccine in early 2021 while simultaneously removing tweets for what they called vaccine “misinformation.” In the end, Twitter apparently chose to ignore Tucker’s op-ed itself and annotate tweets for “vaccine misinformation” if the tweet were to “explicitly advance the claims in the op-ed itself.”

Thus, says Thacker, Carlson’s voice was effectively subdued and wrongfully censored. According to Thacker, Big Tech took many steps to ensure they were not held complicit in withholding key pieces of information during the pandemic, thus costing thousands of people their lives.

Read: https://www.zerohedge.com/political/twitter-files-who-stealth-edited-vaccine-info-help-twitter-censor-tucker-carlson

In latest ransomware attack, hackers leak massive cache of Minneapolis public school student information, demand $1M

Hackers have circulated an enormous cache of student and teacher information online after breaking into Minneapolis Public Schools earlier this year. Files from the Minneapolis school district were posted online in March following the announcement that the district had been attacked by ransomware. More than 500 documents were able to be downloaded and reviewed by NBC News. These documents included information about children’s contact details, abuse by teachers, psychological reports by students, and teachers’ social security numbers, as well as much more sensitive information.

In addition to leaking the cache, which contains some 200 000 files, the ransomware group has also taken one step further by posting the contents of these documents on public platforms like Facebook and Twitter—an atypical move for this kind of ransomware attack. The Minneapolis Public Schools have declined to answer specific questions about the documents; however, they have assured the public that they are working with “external specialists and law enforcement to review the data.” School district interim superintendent Rochelle Cox announced on April 11 that the district was reaching out to individuals whose personal information had been leaked.

Cybersecurity experts describe the leak as among the worst they have seen. Embsisoft analyst Brett Callow commented on the issue: “It’s awful. As bad as I’ve seen.“

Since 2015, ransomware attacks have become increasingly common in schools across the U.S., resulting in hackers releasing sensitive information. In the U.S., 122 school districts have been affected by ransomware since 2021, Callow said, and 76 have allowed hackers to leak student and school information.

Read: https://www.nbcnews.com/tech/security/students-psychological-reports-abuse-allegations-leaked-ransomware-hac-rcna79414

‘Evasive Panda’ from China snoops on software updates

Chinese advanced persistent threat (APT) actors have been using genuine application update routes for software developed by Chinese companies to spread their own malware. Over the course of two years, the attacks have targeted individuals in China and Nigeria. Eset researchers have discovered that this malicious activity is aimed at stealing passwords and data for cyber espionage.

Identifying the Chinese APT was a simple task, as the MgBot backdoor was never used by any other threat actors. This modular malware allows Evasive Panda to spy on victims and enhance its capabilities as required.

Security experts warn that these attacks are difficult for organizations to detect and prevent as they appear legitimate to end users. In their post, Eset researchers published a list of indicators of compromise (IoCs) to assist potential victims in avoiding compromise.

Kaspersky researchers cautioned in their report on the LuoYo attack that the only way for potential targets to defend against such attacks is to remain vigilant and take necessary security measures.

Read: https://www.darkreading.com/attacks-breaches/china-evasive-panda-hijacks-software-updates-custom-backdoor

Elsewhere online: 

The EARN IT Act is back and it is reviving the encryption issue at a crucial time
Read: https://cyberscoop.com/earn-it-stop-csam-encryption-privacy/

Latest Uptycs Report Details New Ransomware Strain Capable of Attacking Linux Machines
Read: https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html

Malverposting Campaign Might Have its Origin in Vietnam
Read: https://www.infosecurity-magazine.com/news/vietnamese-hackers-malverposting/

Check Point’s latest research pointed hacking activities originating from Iran
Read: https://cyware.com/news/power-play-iranian-hackers-execute-attacks-with-powerless-backdoor-6770d8a2/

China’s Latest Steps to Expand its Cyber Capacities Raise Alarm for US Military Officials, Concern about Rivals’ Increasing Military Capacity
Read: https://www.cpomagazine.com/cyber-security/us-intelligence-leak-china-is-focusing-cyber-capabilities-on-capturing-shutting-down-satellites/

Previously on #AxisOfEasy