Hackers are making their presence felt across the globe as we transition to the new year. Sort through the latest digital security news, and you'll find a seemingly endless number of reports about spyware, malware, DDoS attacks, and other digital infiltrations. News broke earlier this week of hackers using IIS server modules to zero in on Microsoft exchange credentials. The credentials were stolen with the use of a binary. This theft allowed for the hackers to remotely command executions in the form of the assembly dubbed Owowa. The attack targets servers in Malaysia, Mongolia, the Philippines, and Indonesia.
The Log4j Bug
The Log4j bug is also wreaking havoc on computers across the globe. This bug, also known as Log4Shell, exploits site weaknesses through Java. Though patches are available, Log4j is likely to cause problems into '22 and beyond. The United States'
CISA agency for cybersecurity protection responded with a GitHub repository, patches, and guidance to combat the bug.
WordPress Attacks
WordPress sites are also being targeted. Around 14 million attacks on WordPress sites were levied in a period of a day-and-a-half. These
cyber attacks stem from 16,000 different IP addresses. The digital miscreants behind the attacks take advantage of vulnerabilities in WordPress plug-ins.
DarkWatchman
A JavaScript Trojan avoids detection from digital security defenses. The Trojan accomplishes this feat through a fileless approach. The hackers responsible for the Trojan use social engineering to launch the attack. Though the attack has been ongoing since November, it was not revealed until earlier this week. Known as DarkWatchman, the attack is administered through spear-phishing emails.
Additional Attacks of Note
A 24-year-old man living in New York pleaded guilty to conspiracy to commit wire fraud. The hacker stole in excess of $100 million of cryptocurrency from investors with a phony SIM swap. The hacker used victims’ mobile phone numbers to steal their identities and take their cryptocurrency.
Conti Gang
The hackers known as Conti Gang are alleged to be behind the
ransomware attacks on McMenamins. The attack occurred this past weekend. The infiltration exposed employee data to hackers, forcing the company to shut down its internal systems, including point-of-sale systems used for credit card sales. The restaurant chain shut down its corporate email to halt the attack.
Meta is in the News
Meta, previously known as Facebook, revealed it removed surveillance businesses from its popular social media platform. The nefarious companies used Meta to make money by targeting innocent victims in 100+ nations. The companies responsible for the illegal surveillance are based in India, Israel, North Macedonia, and China. The services affected more than 50,000 people, including human rights activists, those who oppose totalitarian rulership, political dissidents, and investigative news reporters.
Twizt
A botnet dubbed Twizt stole more than half a million dollars of cryptocurrency. The targeted crypto owners are based in the Philippines, Guatemala, India, Nigeria, and Ethiopia. The botnet variant functions without the use of active servers for command-and-control. The hackers behind this botnet sold its source code on a dark web forum before its server reemergence less than two weeks later. The new version of Twizt has a clipping feature that steals crypto directly out of targets' digital wallets. This unique attack compromised computers, so they function as servers that transmit commands to other bots within the overarching chain.