In February 2023, the cybersecurity landscape continued to evolve rapidly, with new threats and vulnerabilities emerging across the web. From data breaches and social engineering attacks to new strains of malware targeting crypto users, there is no shortage of challenges facing businesses and individuals. In this monthly OSINT and threat intelligence report, we'll explore some of the most significant trends and incidents from the month, and what they mean for the future of cybersecurity.
General leaks and statistics
According to our research, February saw 106 openly revealed security incidents, resulting in a total of 29,582,356 leaked data records. This represents a significant increase compared to previous months, and is among the highest number of instances ever reported. These breaches affected a wide range of industries, from finance and healthcare to government and retail, underscoring the need for robust security measures across all sectors.
Web 3.0 - The crypto world is being threatened by new MortalKombat ransomware and Laplas Clipper malware
MortalKombat is a new ransomware that was discovered by cybersecurity experts in the beginning of 2023, with little information about its creators and operating system. The ransomware's moniker and the wallpaper it installs on the victim's computer are almost definitely references to the Mortal Kombat multimedia property, which includes a number of famous video games and films.
When it comes to Laplas Clipper, it is a comparatively recent clipboard stealer discovered in November of 2022 by cybersecurity researchers. The stealer is a member of the Clipper malware family, which is a collection of malicious programs that particularly target cryptocurrency users. They target users by monitoring the targeted machine's clipboard for their digital wallet address using regular expressions. When the infection discovers the victim's wallet address, it transmits it to the threat actor controlled Clipper bot, which generates a bogus wallet address and copies it to the victim's clipboard. If victims then try to conduct transfers using the lookalike wallet address, the consequence will be a fake cryptocurrency transaction.
Briefly how they work - like any other typical infection, in this campaign it also starts with a phishing email, which launches a cross chain attack in which the attacker distributes malware or ransomware then clears proof of malicious files, concealing their traces and complicating analysis. The user is being tricked to download a phishing email ZIP attachment which contains a BAT loader script. When a victim runs the script, it downloads another malicious file to the victim's computer from a threat actor controlled hosting server, automatically inflates it, and runs the payload, which is either the Laplas Clipper or MortalKombat. The loader script will execute the delivered payload as a process on the victim's computer, then removes the malicious files that were downloaded and dropped to clear up the infection marks.
Social engineering attack on Coinbase: humans remain the weakest link in cybersecurity
Coinbase, a popular cryptocurrency trading company, revealed that it was the victim of a social engineering attack directed at its staff. The attack, which occurred on February 5, 2023, exposed a small quantity of data from its database such as names, emails and phone numbers.
It all started when workers got SMS messages asking that they enter into their company email accounts immediately in order to receive an urgent message. Despite the fact that a large portion of the workforce disregarded the messages, the firm claims that an unnamed staff opened the malicious link and inserted their email ID and password on a bogus login page. When the hackers obtained the user's credentials, they tried to gain direct access to the Coinbase network but they were unable to do so due to two-factor authentication restrictions.
According to Coinbase, the hackers then called an employee directly, claiming to be a Coinbase corporate IT staff member requesting assistance. When the SIEM informed the incident response team of the odd activity, the team told the employee who ended all contact with the intruders.
Other cybersecurity threats that we are seeing in 2023
The rise of deepfake attacks: With the advent of new technologies like GANs (Generative Adversarial Networks), it has become easier for cybercriminals to create convincing deepfakes, which can be used to spread disinformation, defame individuals, or conduct spear-phishing attacks.
The growing threat of supply chain attacks: Cybercriminals are increasingly targeting the supply chain, as it offers an easy way to gain access to multiple organizations and their sensitive data. In 2023, we are seeing a significant increase in supply chain attacks, with hackers exploiting vulnerabilities in third-party software and services to gain access to their targets.
The proliferation of IoT botnets: As the number of IoT devices continues to grow, so does the threat of IoT botnets, which can be used to launch large-scale DDoS attacks. In 2023, we are seeing an uptick in the number of IoT botnets, with cybercriminals exploiting unsecured devices to create botnets that can be used to launch attacks on a massive scale.
The growing sophistication of phishing attacks: Phishing attacks continue to be a top threat in 2023, but we are seeing cybercriminals becoming more sophisticated in their tactics. In addition to traditional phishing emails, we are seeing an increase in SMS and social media phishing attacks, as well as attacks that use deepfakes and other advanced techniques to trick their targets.
Conclusion
As we continue into 2023, cyber threats remain a significant concern for individuals and organizations alike. The latest cybersecurity trends highlight the need for heightened awareness and protection against malware, ransomware, and social engineering attacks. As always, human error remains the weakest link in cybersecurity, emphasizing the need for ongoing education and training to safeguard against potential cyber threats.