Articles of interest from the week of March 13, 2023

Cyberattackers Double Down on Bypassing MFA

As companies increasingly require stronger versions of security for their employees and customers, attackers are getting better at bypassing multifactor authentication (MFA), resulting in a steady stream of compromises, such as this week's announcement of a data leak at cybersecurity firm LastPass and the announced breach at social media service Reddit earlier in February. (Dark Reading)

“There are three basic ways that orgs get hacked: stolen credentials, malware, and vulnerabilities being exploited. Attackers must defeat MFA if they are to use stolen credentials, and so it makes sense that we see so much investment of time and effort into bypass and other strategies to do so. Companies must remain vigilant about what MFA solutions are most resistant against bypass, and ensure they stay a step ahead of bad actors by using hardened solutions.” – Jason Ingalls, Founder & CEO at Ingalls Information Security

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. (The Hacker News)

Medusa Ransomware Gang Picks Up Steam As It Targets Companies Worldwide

A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands.

The Medusa operation started in June 2021 but had relatively low activity, with few victims. However, in 2023 the ransomware gang increased in activity and launched a 'Medusa Blog' used to leak data for victims who refused to pay a ransom.

Medusa gained media attention this week after they claimed responsibility for an attack on the Minneapolis Public Schools (MPS) district and shared a video of the stolen data. (BleepingComputer)

Amazon-Owned Ring Reportedly Suffers Ransomware Attack

Ring, a home security and smart home company owned by Amazon, has reportedly suffered a ransomware attack by the Russia-linked ALPHV group, according to a tweet by VX-Underground.

The ALPHV ransomware group, also known as BlackCat, has posted the company’s logo on its website along with a message that reads, “There’s always an option to let us leak your data.” The group has threatened to leak the stolen data if the company refuses to pay the ransom. (CSO)

Pig Butchering & Investment Scams: The $3B Cybercrime Threat Overtaking BEC

The massive popularity of OpenAI’s chatbot ChatGPT has not gone unnoticed by Pig butchering is a repulsively named, rising investment scam that uses a potent mix of the promise of romance and the lure of making easy cryptocurrency millions against its unsuspecting targets.

Through a careful process of "fattening up" victims with small returns on cryptocurrency deals and personal interactions, often with a romance element, all of which is meant to convince them to invest wildly. If successful, as they often are, threat actors are able to make off with the "whole hog" of their targets' assets. (Dark Reading)

Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily

An open-source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale.

Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101. (The Hacker News)