Over the past week there have been many hot topics in cybersecurity. This edition of This Week in Cybersecurity includes stories covering Microsoft rolling back their decision to not block Office macros by default, phishing campaigns successfully bypassing multi-factor authentication (MFA), a former CIA engineer responsible for the “Vault 7 Leaks” was convicted, hackers targeting industrial control systems, and much more. Check out the details below.
- Microsoft Rolls Back Decision To Block Office Macros By Default
While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said that it will roll back this change based on “Feedback” until further notice. Microsoft’s customers were the first to notice that Microsoft rolled back this change in the Current Channel, with the old ‘Enable Editing’ or ‘Enable Content’ buttons shown at the top of downloaded Office documents with embedded macros. While Microsoft has not shared the negative feedback that led to the rollback of this change, users have reported that they are unable to find the Unblock button to remove the Mark-of-the-Web from downloaded files, making it impossible to enable macros.
- Large-Scale Phishing Campaign Bypasses MFA
Attackers are getting wise to organizations’ increasing use of MFA to better secure user accounts and creating more sophisticated phishing attacks like these that can bypass it, noted a security professional. “While MFA is certainly valuable and should be used when possible, by capturing the password and session cookie – and because the session cookie shows that MFA was already used to login – the attackers can often circumvent the need for MFA when they login to the account again later using the stolen password,” observed Erich Kron from KnowB4. This attack is especially convenient for threat actors because it precludes the need for them to craft their own phishing sites such as the ones used in conventional phishing campaigns, researchers noted. In the phishing campaign observed by Microsoft researchers, attackers initiate contact with potential victims by sending emails with an HTML file attachment to multiple recipients in different organizations. One of nGuard’s most common assessments is Social Engineering. During these assessments our engineers come across applications that require MFA and attempt to bypass the requirement using these techniques and others like MFA Prompt Bombing.
- Jury convicts ex-CIA engineer for leaking the agency’s “Vault7” hacking toolset
Joshua Schulte, the former CIA engineer arrested for what’s being called the biggest theft of classified information in the agency’s history, has been convicted by a federal jury. Schulte was arrested in relation to the large cache of documents that Wikileaks had published throughout 2017. That string of CIA leaks known as “Vault 7” contained information on the tools and techniques the agency used to hack into iPhones and Android phones for overseas spying. It also had details on how the CIA broke into computers and how it turned smart TVs into listening devices. A federal jury has found Schulte guilty on nine counts, including illegally gathering national defense information and then transmitting it. As part of his closing arguments, he told the jurors that the CIA and the FBI made him a scapegoat for their embarrassing failure, repeating what his side had been saying from the time he was arrested.
- State-backed hackers targeted US-based journalists in widespread spy campaigns
State-sponsored hackers from China, North Korea, Iran and Turkey have been regularly spying on and impersonating journalists from various media outlets in an effort to infiltrate their networks and gain access to sensitive information, according to a report released by cybersecurity firm Proofpoint. In one of the operations, the report found that since early 2021, Chinese-backed hackers engaged in numerous phishing attacks mainly targeting U.S.-based journalists covering U.S. politics and national security. The researchers concluded their report with a warning to journalists to protect themselves and their sources because these types of attacks are likely to persist as state-sponsored hackers attempt to gather more sensitive information and manipulate public perception.
- Hackers are targeting industrial systems with new strain of malware
People hawking password-cracking software are targeting the hardware used in industrial-control facilities with malicious code that makes their systems part of a botnet, a researcher reported. Lost passwords happen in many organizations. A programmable logic controller — used to automate processes inside factories, electric plants, and other industrial settings, for example, may be set up and largely forgotten over the following years. When a replacement engineer later identifies a problem affecting the PLC, they may discover the now long-gone original engineer never left the passcode behind before departing the company. An entire ecosystem of malware attempts can capitalize on scenarios like this one inside industrial facilities. Online advertisements promote password crackers for PLCs and human-machine interfaces, which are the workhorses inside these environments. nGuard has a wide range of experience securing Critical Infrastructure, SCADA systems, and Industrial Controls Systems for the manufacturing industry. Our penetration testing and compliance assessments can give you the confidence in the security posture of these environments.