This Month in Cyber Security: November 2022

Dive into our monthly dose of cyber security updates from November. We're exploring some of the in-depth research, trending threats and attacks, and the juicy new releases from TryHackMe!

This Month in Cyber Security: November 2022

Another month has passed in the world of cyber security, and November has been nothing short of newsworthy - with dozens of Meta staff fired in a catastrophic Facebook-Instagram hijack, Google fined $391 million for misleading users, the NCSC adopting advanced methods of identifying UK vulnerabilities, and an all-new SOC Analyst pathway to get your teeth into.

Plus, the annual launch of Advent of Cyber - full of hacker festivities and over $40,000 of epic prizes to win!

Keep reading to deep dive into our November roundup for your monthly dose of cyber security updates!

Dozens of Meta Employees Fired in Facebook-Instagram Hijack

Meta Platforms is said to have fired dozens of employees and contractors (who worked as security guards for Meta) over the past year for allegedly compromising and taking over user accounts.

Those accused of hijacking were initially given access to an internal system called ‘Oops’, used for restoring access to Facebook and Instagram accounts. Dozens of Meta employees were found abusing internal tools to bribe Facebook and Instagram users into paying a fee to recover their locked social media accounts.

Meta security guidelines state that buying or selling accounts or paying for an account recovery service is a violation of the social network's terms of service.

"Meta will keep taking appropriate action against those involved in these kinds of schemes. Individuals selling fraudulent services are always targeting online platforms, including ours, and adapting their tactics in response to the detection methods that are commonly used across the industry.”

Andy Stone, Spokesperson for Meta

With individuals, businesses and organisations across the globe depending on social media, gaining illicit control of an account can be lucrative and detrimental.

The incident has taken the internet by storm, with global news outlets criticising the social media giant and Google searches for ‘Meta hijack’ soaring throughout November.

Google Fined $391M for Location Tracking

Google has been ordered to pay a record $391.5 million fine over charges that the internet giant has prioritised profits over user privacy, with Google collecting user location information without the user’s acknowledgement.

The collection of personal location data has been referred to as ‘deceptive’, after leading users to believe they had turned off location tracking in their account settings. Despite users switching off their Location History settings, Web & App Activity was automatically enabled when users set up their Google accounts.

By misleading consumers with location tracking practices, Google is found to have broken state consumer protection laws. The $391.5 million fine will be divided among 40 affected states in the United States, with Google ordered to be “more transparent” with their practices. Users are advised to check their Google location tracking settings.

Discord Users Hit by Ransomware

On the 20th November, it was announced that Discord was hit by the new 'AXLocker' ransomware family that not only encrypts victims' files and demands a ransom payment, but also steals the Discord accounts of infected users.

When users logged into Discord, the platform then sent the user an authentication token which hackers used to log in as the user or issue API requests that retrieve information about the associated account. The Discord ransomware attack targeted consumers, with ransomware victims were then displayed a pop-up window containing a message that their data was encrypted and how they can purchase a decryptor. Victims were given just 48 hours to contact attackers.

If you notice that AXLocker has encrypted your computer, you are advised to immediately update your login credentials to prevent further compromisation of your accounts and data.

Hive Ransomware Receive $100M in Ransom Payments

Hive ransomware operators struck over 1,300 global businesses between June 2021 and November 2022, attacking vulnerabilities in Microsoft Exchange Server and Fortinet VPNsa.

Collecting an estimated $100 million in ransom payments, the Hive ransomware group used the ransomware-as-a-service (RaaS) model to conduct and distribute the ransomware attacks, targeting a number of businesses and critical infrastructure sectors.

In some reported cases, Hive actors were able to bypass multi-factor authentication (MFA) and gain access to FortiOS servers by exploiting Common Vulnerabilities and Exposures (CVE) CVE-2020-12812.

Initial access was also gained to victim networks through the distribution of phishing emails containing malicious attachments. Around half of cyber attacks in the UK involve phishing (a third in the US), with phishing attempts found in one in every 3,722 emails.

TryHackMe has training catered to a plethora of cyber threats and patterns, with over 560 training labs. Learn how to analyse and defend against phishing emails, and investigate real-world phishing attempts using a variety of techniques with our phishing module.

New Scanning Capability to Identify UK Vulnerabilities

In other cyber security news, the National Cyber Security Centre (NCSC) has launched a new data-driven scanning capability identifying cyber vulnerabilities in the UK, in a bid to make the UK the safest place to live and work.

The scanning capability service intends to enhance the understanding of the UK's security standing, as a whole, and improve responses to shocks, such as widely exploited zero-day vulnerabilities. From this information, the NCSC hopes to identify the common issues for businesses and, in turn, better explain those issues to organisations.

"We're not trying to find vulnerabilities in the UK for some other, nefarious purpose. We're beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we're doing (and why we're doing it)."

National Cyber Security Centre (NCSC)

The vulnerability scanning program will review all connected internet devices in the country for software versions, looking for outdated installations that have known vulnerabilities.

SOC Analyst Pathway Release

Earlier this month, we finally released our brand-new SOC Level 1 pathway, with over 21,000 TryHackMe users already enrolled!

Covering the many tools and real-life analysis scenarios, the pathway equips you with the knowledge and skills to break into the field of defensive security operations, through a day in the life of a Junior Security Analyst.

Get started with our Introduction to Cyber Security and Pre-Security pathways, and upskill with our brand new SOC Level 1 pathway!

Advent of Cyber: 2022

Ho ho hackety ho! The TryHackMe elves have been busy working behind the scenes to bring you yet another epic Advent of Cyber - sleigh, what?!

This year, topics include red teaming, digital investigations, web vulnerabilities, IoT Hacking, and Cyber Defence. Of course, it wouldn’t be Christmas without some exciting prizes up for grabs, and this year, we’re giving away over $40,000 worth of epic prizes!

Throughout the month, expect to see juicy content from people such as John Hammond, Cybersecurity Meg, Husky Hacks, SecurityNinja, Neal Bridges, InsiderPHD, and more!

However you choose to get involved, step into Christmas with us, amp up your cyber security skills, and learn about the Nightmare before Elfmas…