Articles of interest from the week of October 23, 2023

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's tactics, techniques, and procedures (TTPs). (The Hacker News)

“The barrier for new and emerging threat actors to cross to become proficient or even moderately capable has diminished significantly. While their techniques and capabilities are limited they are much more focused on smash-and-grab techniques to exploit vulnerabilities and deploy their ransomware. While this type of activity is increasing, the vast majority of incidents are due to larger, more sophisticated groups exploiting unmanaged devices and applications within corporate networks as well as capitalizing on living-off-the-land techniques to further mask the threat actor’s presence in the environment. That being said, maintaining a proper and concise inventory of devices and applications that are approved and ensuring proper patching is paramount to limit the potential of compromise.” – Craig Flynn, SOC Analyst Lead at Ingalls Information Security

State-Sponsored APTs Are Leveraging WinRAR Bug

CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals since April 2023, the vulnerability is now also being used by state-sponsored hacking groups. (Help Net Security)

Cybercriminals Register .AI Domains of Trusted Brands for Malicious Activity

Third parties are registering brands under the .AI domain to launch phishing attacks or other types of brand abuse. Almost half of Forbes Global 2000 companies do not have control over their branded artificial intelligence (.AI) domain names, which are registered by third parties. That's according to the 2023 Domain Security Report from CSC, which revealed that cybercriminals are exploiting AI's popularity by attempting to register the domains of trusted brands for malicious activity. This is emphasized by a 350% year-over-year increase in domain dispute cases involving .AI extensions in 2023 from companies who discovered that .AI domains using their brands were misappropriated by third parties, according to the research. (CSO)

Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

Eight newly discovered vulnerabilities in the SolarWinds Access Rights Manager Tool (ARM) — including three deemed to be of critical severity — could open the door for attackers to gain the highest levels of privilege in any unpatched systems. (Dark Reading)

1Password Discloses Security Incident Linked to Okta Breach

On October 23, 2023, 1Password’s CTO, Pedro Canahuati, disclosed the incident, stating that threat actors were unable to access or steal user data during the attack. (HACKREAD)

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. (The Hacker News)