From April 2022 to November 2023, the Russian state-sponsored hacking group APT28 conducted NT LAN Manager (NTLM) v2 hash relay attacks using various methods, focusing on high-value targets worldwide. The attacks targeted organizations involved in foreign affairs, energy, defense, transportation, and more. This article continues to discuss APT28's targeting of high-value organizations with NTLM v2 hash relay attacks.

According to security researchers at Trustpair, 96% of US companies were targeted with at least one fraud attempt in the past year.  In the past year, many US companies (83%) saw an increase in cyber fraud attempts on their organization.  The researchers noted that Fraudsters primarily used text messages (50%), fake websites (48%), social media (37%), hacking (31%), BEC scams (31%) and deepfakes (11%) to dupe organizations.  CEO and CFO impersonations (44%) were the third most common type of fraud.

Lurie Children's Hospital in Chicago was recently forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances.  Lurie Children's is a Chicago-based pediatric acute care hospital with 360 beds, 1,665 physicians covering 70 sub-specialties, and 4,000 medical staff and employees.  The hospital is providing care for over 200,000 children annually.

Cloudflare has revealed that a suspected nation-state actor breached its internal Atlassian server. They gained access to its Confluence wiki, Jira bug database, and Bitbucket source code management system. On November 14, the threat actor accessed Cloudflare's self-hosted Atlassian server before moving on to the company's Confluence and Jira systems. To access its systems, the attackers used one access token and three service account credentials stolen from a previous compromise related to Okta's breach in October 2023. This article continues to discuss the Cloudflare hacking incident.

Patchwork, an Indian Advanced Persistent Threat (APT) group known for its targeted spear phishing cyberattacks on Pakistanis, has been using Google Play to distribute six different Android espionage apps masquerading as legitimate messaging and news services. They include a newly discovered Remote Access Trojan (RAT) called VajraSpy. ESET researchers who discovered the campaign found that the VjjaraSpy RAT intercepts calls, SMS messages, files, contacts, and other data. They can also extract WhatsApp and Signal messages, record phone calls, and take pictures.

Researchers have discovered a cross-lingual flaw in OpenAI's GPT-4 Large Language Model (LLM) that enables malicious users to jailbreak the model and bypass its safety measures by using prompts translated into lesser-spoken languages. A team of researchers at Brown University published a paper that explores a potential vulnerability in OpenAI's GPT-4 LLM caused by linguistic inequality in safety training data. According to the researchers, translating unsafe inputs into low-resource languages could provoke prohibited behavior from the chatbot.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

According to researchers at Lloyds Bank, romance scam victims surged by more than a fifth (22%) in 2023 compared to 2022.  The average amount lost per incident was $8847 last year, which is lower than in 2022 when the average loss was $10,505.  The researchers noted that romance scams have exploded in prominence in recent years, with attackers leveraging fake profiles on social media and online dating apps to lure in potential victims.  They are also commonly used as a gateway to other types of fraud and malicious cyber activity.

According to security researchers at ReliaQuest, a hyper-active LockBit group led to a surge in ransomware campaigns in the last quarter of 2023.  The researchers found that ransomware activity was up 80% between October and December 2023 compared with the same period in 2022. Over this period, a total of 1262 victims were listed on data leak sites, with victims ranging from several industries, including manufacturing, construction, professional, scientific, and technical services.

Duke University engineers have demonstrated a system called "MadRadar" that can deceive automotive radar sensors. The technology can hide an approaching car, create a phantom car where none exists, or even mislead the radar into believing a real car has quickly deviated from its course. It can do this without having prior knowledge regarding the specific settings of the victim's radar, thus making it a significant threat to radar security.