This Month in Cyber Security: March 2023

This month we’ve seen a critical vulnerability hit the headlines, severe security vulnerabilities in Samsung Exynos, counterfeit Telegram, WhatsApp and ChatGPT websites used to target victims financially, global concerns over TikTok security, and a historic Windows flaw exploited in the latest phishing campaign.

Continue reading to learn more about the cyber security headlines from March!

CVE-2023-23397 threat training

On the 14th of March, Microsoft released 83 security fixes, including CVE-2023-23397. This critical vulnerability impacts all versions of the Outlook desktop app on any Windows system.

As a zero-click exploit, no user interaction is required to trigger it. Once an infected email reaches an inbox, the attacker can obtain sensitive Net-NTLMv2 credential hashes. If malicious actors have those hashes, they can gain a user's credentials, authenticate to their system and escalate privileges.

With our new Outlook NTLM Leak room, you can experiment with, exploit, and mitigate CVE-2023-23397. We’ll also teach you everything you need to know about CVE-2023-23397 and how to steal password hashes with an email.

As always, we advise keeping your Outlook installation up to date, with patches already available from Microsoft.

Google discovers severe security vulnerabilities in Samsung Exynos

Google has called attention to 18 severe security vulnerabilities in Samsung Exynos chips, affecting Android devices from Samsung, Vivo, and Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 chipset.

Some of these flaws have the potential to be exploited remotely without requiring any user interaction, with the attacker only needing to know the victim's phone number.

While some handsets have already received a fix for this month’s security updates, patches for other devices are expected in the following weeks/months. Until then, users are advised to switch off Wi-Fi calling and Voice over LTE (VoLTE) in their device settings.

Phishing campaign uses historic Windows flaw

A two-year-old flaw in the Windows User Account Control (UAC) feature is now being used to target victims in Europe in a new phishing campaign. The exploited flaw bypasses endpoint protection and delivers malware by instructing the recipient to open an attachment claiming to be of urgent importance. However, the attachment is a tar.lz archive, carrying the DBatLoader executable.

According to TechRadar, upon running the attachment, it downloads a second payload from a public cloud service and then creates a mock trusted directory.

With the threat evading detection from antivirus programs, users are advised to take particular care when running unexpected attachments.

White House releases national cyber security strategy

On the 2nd of March, the Biden administration released its National Cybersecurity Strategy for 2023 to improve the nation’s security standing.

The report sets out five core priorities: (1) defend critical infrastructure, (2) disrupt and dismantle threat actors, (3) shape market forces to drive security and resilience, (4) invest in a resilient future, and (5) forge international partnerships to pursue shared goals.

Key elements of the strategy that could have important implications for businesses include:

• Expanded regulation of critical sector cyber security practices, including technology and cloud services
• Potential legislative debates over liability frameworks for software security
• Initiatives to increase the speed and scale of collaboration with the private sector to disrupt threat actor groups
• Efforts to harmonise cyber security regulations that apply to businesses

Concerns over TikTok cyber security risks

This month, it was announced that TikTok would be blocked from all parliamentary devices and the wider parliamentary network due to cyber security concerns. The commissions of the House of Commons and House of Lords have announced they will follow the move taken by the government on official devices, citing the need for cyber security.

TikTok can be used on personal devices while on the parliamentary estate, providing that the devices are not connected to parliament's WiFi network.

The popular video-sharing app that soared in popularity with over one billion users has been under increased scrutiny over its security and data privacy in recent months, with the EU Commission and over half of US states also introducing local bans on staff devices.

TikTok has said the bans have "been based on fundamental misconceptions and driven by wider geopolitics, in which TikTok, and our millions of users in the UK, play no part".

Counterfeit Telegram and WhatsApp websites used to inflict malware

Counterfeit websites for instant messaging apps, Telegram and WhatsApp, are being shared to distribute and infect users with trojans and cryptocurrency malware. Researchers believe attackers are targeting cryptocurrency funds of victims with the capability of intercepting private chats and cryptocurrency wallet addresses.

The attack chain begins with users clicking on fraudulent ads in Google Search results that link to counterfeit instant messaging websites.

It has also been reported that the malware can track keywords used in instant messaging conversations related to cryptocurrencies, to later exfiltrate the username, group or channel name to a remote server.

The threat has been declared as a first as the only known occasion that Android-based clipper malware has been built into instant messaging apps.

Counterfeit ChatGPT used in financial scam

Earlier this month, Bitdefender’s researchers discovered a counterfeit replica of ChatGPT to lure users into a financial scam with opportunities that pay up to $10,000 per month.

Users were asked for bank details, among other personal details, to urge investments starting from €250. The counterfeit version of ChatGPT was accessible via an already blacklisted domain.

The scam, which targeted users in Germany, Denmark, Australia and the Netherlands, began with a phishing email linking to ChatGPT. Once accessed, the fake chatbot claimed to allow any user to become a successful investor before asking a series of personal financial questions.

Users are advised to stay alert and only use the official ChatGPT website. With around half of cyber attacks in the UK involving phishing (a third in the US), TryHackMe has training catered to a plethora of cyber threats and patterns, with over 640 training labs.

Learn how to analyse and defend against phishing emails, and investigate real-world phishing attempts using a variety of techniques with our phishing module.