This Month in Cyber Security: April 2023

This month we’ve seen one of the world’s biggest criminal marketplaces shut down, a 3CX supply chain attack, MSI falling victim to a ransomware attack, ChatGPT launches a bug bounty program, the growing risk of hackers for hire, and something exciting coming to TryHackMe in the next couple of weeks.

Continue reading to learn more about the cyber security headlines from April!

Popular cyber crime website shut down by police

One of the world's biggest criminal marketplaces used by online fraudsters has been closed down following a series of raids in 17 countries across the globe, including the United States, Australia, the United Kingdom, the Netherlands, and other countries across Europe.

Genesis Market sold banking and shopping login details, IP addresses and other sensitive data to fraudsters from as low as $1, with over 80 million records of credentials from the public. Through the website, fraudsters were even able to log in to Facebook, PayPal, Amazon, Uber and Airbnb accounts, redirect online shopping deliveries and even change passwords without raising suspicion.

Described as an enormous enabler of fraud, the Genesis website has since been shut down with a message that read "Operation Cookie Monster. This website has been seized."

While law enforcement agencies around the world were part of the coordinated raids, globally, 200 searches were carried out and 120 people were arrested. Local law authorities of affected countries are conducting online investigations into the cyber crime website, while Dutch police have launched a portal for the public to check whether their data has been compromised.

3CX supply chain attack

This month, a new Lazarus campaign was discovered targeting Linux users with TAXHAUL (AKA “TxRLoader”) malware. The campaign, considered part of Operation DreamJob, was discovered by researchers at ESET. Evidence suggests that Lazarus conducted the recent supply-chain attack on VoIP provider, 3CX.

According to The Hacker News, the attack chain, based on analyses from multiple security vendors, entailed the use of DLL side-loading techniques to load an information stealer known as ICONIC Stealer, followed by a second-stage called Gopuram in selective attacks aimed at crypto companies.

Mandiant, an American cyber security firm and a subsidiary of Google, published insights into their investigation into the 3CX breach, stating that the threat actors infected 3CX systems with a malware codenamed TAXHAUL. The malware is designed to decrypt and load shellcode containing a "complex downloader" labeled COLDCAT.

While it’s not yet confirmed how threat actors managed to break into 3CX’s network, Nick Galea, CEO of 3CX, revealed the company is aware of only a ‘handful’ of cases where malware was activated. Furthermore, 3CX is currently working to strengthen their policies, practices, and technology to protect against future attacks.

MSI falls victim to ransomware attack

Leading gaming brand, MSI, confirmed it was the victim of a ransomware attack on its systems.

MSI initiated incident response and recovery measures after detecting network anomalies before alerting law enforcement agencies. A public statement released by the Taiwanese giant explained that operations had resumed, however, specifics of the attack have not yet been revealed.

Users are urged to obtain firmware/BIOS updates only from MSI’s official website, and to be cautious when downloading files from other sources.

ChatGPT launches bug bounty program

OpenAI, the company behind the ChatGPT AI chatbot, has partnered with security platform Bugcrowd to launch a bug bounty program in an attempt to protect its systems.

The partnership will allow independent researchers to report vulnerabilities discovered in ChatGPT in exchange for rewards ranging from "$200 for low-severity findings to up to $20,000 for exceptional discoveries."

Findings include defects in ChatGPT (including plugins), OpenAI APIs, third-party integrations, public exposure of OpenAI API keys, and any of the domains operated by the company. Prohibited categories include denial-of-service (DoS) attacks, brute-forcing OpenAI APIs, and demonstrations that aim to destroy data or gain unauthorised access to sensitive information.

Hackers for hire

The UK's cyber security agency warns that ‘hackers for hire’ is set to soar in the next five years, increasing the risk of unpredictable targeting or unintentional escalation.

The risks of ‘hackers for hire’ can lead to a wider span of targets and off-the-shelf capability, described by some as "Hacking-as-a-Service" and bespoke hacking services.

Combined with the anticipated rise in spyware among other hacking tools, we can expect to see an increased rate of cyber attacks and a rise in unpredictable threats as more state and non-state actors obtain capabilities and intelligence not previously available to them.

Businesses face a higher corporate espionage risk, while individuals are advised to take caution.

A NCSC report released earlier in the month read: "Increased demand, coupled with a permissive operating environment, will almost certainly result in an expansion of the global commercial cyber intrusion sector, driving an increased threat to a wide range of sectors.”

Red Teamers - something is coming!

Red Teamers, rejoice! Something huge is coming for a limited time only…

We’ll announce on Thursday 11th of May, so be sure to keep an eye out on our socials and blog. In the meantime, make sure you keep up your hacking streak! 🔥