Cyber Threat Intelligence 01 January 2025

NCSA_THAICERT

Government/Law/Policy

• After UN Adoption, Controversial Cybercrime Treaty’s Next Steps Could Prove Vital
  "A divisive United Nations cybercrime treaty — one that critics say is a huge danger to human rights and that the United States cautiously agreed to advance — is now in the hands of member nations. The U.N. General Assembly adopted the treaty without a vote last week, leaving ratification to individual states. If the past is any precedent, it could be years before some countries act on it, if they do at all. For it to enter into force, 40 nations must ratify the treaty."
  https://cyberscoop.com/after-un-adoption-controversial-cybercrime-treatys-next-steps-could-prove-vital/

Vulnerabilities

• Patched BitLocker Flaw Still Susceptible To Hack
  "A previously patched flaw in Windows BitLocker disk encryption feature is susceptible to attacks allowing hackers to decrypt information, new research has found. Speaking at the recently concluded Chaos Communication Congress in Germany, security researcher Thomas Lambertz said a Microsoft patch for a medium severity flaw tracked as CVE-2023-21563 doesn't fully prevent attacks. Contrary to Microsoft's analysis, the flaw can be exploited over the network, Lambertz also said."
  https://www.bankinfosecurity.com/patched-bitlocker-flaw-still-susceptible-to-hack-a-27195

Malware

• New Details Reveal How Hackers Hijacked 35 Google Chrome Extensions
  "New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. Although initial reports focused on Cyberhaven's security-focused extension, subsequent investigations revealed that the same code had been injected into at least 35 extensions collectively used by roughly 2,600,000 people."
  https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/
• Over 3.1 Million Fake "stars" On GitHub Projects Used To Boost Rankings
  "GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. Stars are similar to "Like" buttons on social media sites, allowing GitHub users to favorite a repository. GitHub uses the stars as part of a global ranking system and to show you related content that it thinks you may like. "You can star repositories and topics to discover similar projects on GitHub. When you star repositories or topics, GitHub may recommend related content on your personal dashboard," explains GitHub."
  https://www.bleepingcomputer.com/news/security/over-31-million-fake-stars-on-github-projects-used-to-boost-rankings/
  https://arxiv.org/pdf/2412.13459
• Bad Likert Judge: A Novel Multi-Turn Technique To Jailbreak LLMs By Misusing Their Evaluation Capability
  "This article presents what we are calling the “Bad Likert Judge” technique. Text-generation large language models (LLMs) have safety measures designed to prevent them from responding to requests with harmful and malicious responses. Research into methods that can bypass these guardrails, such as Bad Likert Judge, can help defenders prepare for potential attacks."
  https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/

General News

• Regulations, Security, And Remote Work: Why Network Outsourcing Is Booming
  "A growing number of enterprises in the US are adopting managed network services to support AI and other new technologies across increasingly complex networks, according to ISG. The 2024 ISG Provider Lens Enterprise Managed Network Services report for the US finds that enterprise networking has become more challenging in recent years with increasing regulation, security risks and remote and mobile work. A growing number of companies rely on managed network services, which can provide security, network management, cloud connectivity, software-defined networking and other functions with less need for internal expertise."
  https://www.helpnetsecurity.com/2024/12/31/enterprise-networking-risks/
• U.S. Army Soldier Arrested In AT&T, Verizon Extortions
  "Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea."
  https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/
  https://www.bankinfosecurity.com/arrest-us-army-soldier-tied-to-att-verizon-extortion-a-27192
• Treasury Sanctions Entities In Iran And Russia That Attempted To Interfere In The U.S. 2024 Election
  "Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) is designating a subordinate organization of Iran’s Islamic Revolutionary Guard Corps (IRGC), and a Moscow-based affiliate organization of the Russian Main Intelligence Directorate (GRU) and its director pursuant to Executive Order (E.O.) 13848, the U.S. election interference authority. As affiliates of the IRGC and GRU, these actors aimed to stoke socio-political tensions and influence the U.S. electorate during the 2024 U.S. election."
  https://home.treasury.gov/news/press-releases/jy2766
  https://therecord.media/2024-election-influence-operations-russia-iran-sanctions
  https://cyberscoop.com/russia-china-sanctions-election-interference/
• Cybersecurity Lags In Middle East Business Development
  "The Middle East is undergoing a digital transformation that is as rapid as it is remarkable. Tech multinationals are investing big in the region as Dubai, Riyadh, and Abu Dhabi strive to establish themselves as global innovation hubs. But this increased digitization comes with an increased risk of cyberattacks — and businesses throughout the Middle East are at risk of being caught with their guard down."
  https://www.darkreading.com/vulnerabilities-threats/cybersecurity-lags-middle-east-business-development
• 6 AI-Related Security Trends To Watch In 2025
  "Most industry analysts expect organizations will accelerate efforts to harness generative artificial intelligence (GenAI) and large language models (LLMs) in a variety of use cases over the next year. Typical examples include customer support, fraud detection, content creation, data analytics, knowledge management, and, increasingly, software development. A recent survey of 1,700 IT professionals conducted by Centient on behalf of OutSystems had 81% of respondents describing their organizations as currently using GenAI to assist with coding and software development. Nearly three-quarters (74%) plan on building 10 or more apps over the next 12 months using AI-powered development approaches."
  https://www.darkreading.com/cyber-risk/6-ai-related-security-trends-watch-2025
• Connected Contraptions Cause Conniption For 2024
  "The holidays are upon us, which means now is the perfect time for gratitude, warmth, and—because modern society has thrust it upon us—gift buying. It’s Bluey and dig kits and LEGOs for kids, Fortnite and AirPods and backpacks for tweens, and, for an adult you particularly love, it’s televisions, air fryers, e-readers, vacuums, dog-feeders, and more, which all seemingly require a mobile app to function."
  https://www.malwarebytes.com/blog/news/2024/12/connected-contraptions-cause-conniption-for-2024
• Data Breaches In 2024: Could It Get Any Worse?
  "It may sound weird when I say that I would like to remember 2024 as the year of the biggest breaches. That’s mainly because that would mean we’ll never see another year like it. To support this nomination, I will remind you of several high-profile breaches, some of a size almost beyond imagination, some that really left us worried because of the type of data that was stolen, and a few duds."
  https://www.malwarebytes.com/blog/privacy/2024/12/data-breaches-in-2024-could-it-get-any-worse
• Finland Identifies Seven Suspects Among Crew Of Alleged Russian 'spy' Tanker
  "Finnish authorities have identified but not arrested seven suspects among the crew of an alleged Russian spy ship that was seized after breaking several submarine cables in the Baltic Sea. It follows the seizure of the Eagle S, an oil tanker that departed from the Russian port of Ust-Luga on Christmas Day, is suspected of intentionally dragging its anchor for several miles resulting in the complete severing of multiple cables, including the Estlink 2 power cable and four telecommunications cables."
  https://therecord.media/finland-suspects-identified-alleged-russian-spy-ship
• China's Cyber Intrusions Took a Sinister Turn In 2024
  "The Chinese government's intrusions into America's telecommunications and other critical infrastructure networks this year appears to signal a shift from cyberspying as usual to prepping for destructive attacks. The FBI and other US federal agencies rang in 2024 boasting about disrupting a Chinese botnet composed of "hundreds" of outdated routers intent on breaking into US critical infrastructure facilities. Spoiler alert: the botnet is back."
  https://www.theregister.com/2024/12/31/china_cyber_intrusions_2024/

อ้างอิง
Electronic Transactions Development Agency(ETDA)