By Ashwani Mishra, Editor-Technology, 63SATS
RansomHub ransomware operators have introduced new malware, “EDRKillShifter,” designed to disable Endpoint Detection and Response (EDR) tools. Meanwhile, FlightAware reported a data leak compromising user IDs, passwords, and potentially more sensitive information. A significant cyberattack has disrupted the Central Bank of Iran, and Unicoin disclosed a G-Suite breach that locked out staff and may have led to data tampering. Additionally, Columbus Mayor Andrew Ginther addressed a cybersecurity attack that has impacted the city since July.
Stay informed with our brief guide to the latest in cybersecurity. Keep up with the ever-changing landscape of cyber threats and advancements.
Ransomware Gang Uses New Malware to Disable Security Software
RansomHub ransomware operators have developed new malware, dubbed “EDRKillShifter” by Sophos researchers, to disable Endpoint Detection and Response (EDR) security tools in Bring Your Own Vulnerable Driver (BYOVD) attacks. The malware uses a legitimate but vulnerable driver to escalate privileges, disable security solutions, and gain control over targeted systems. This technique, popular among both ransomware groups and state-backed hackers, poses a significant threat to cybersecurity defenses.
FlightAware Data Leak Exposes User Information
FlightAware has alerted users to a data leak that occurred on July 25, 2024, due to a configuration error. The exposed information includes user IDs, passwords, email addresses, and potentially more sensitive details such as billing and shipping addresses, phone numbers, and the last four digits of credit card numbers. The breach raises concerns about data security and the protection of user information in digital services.
Cyberattack Disrupts Central Bank of Iran Amid Rising Tensions
A major cyberattack has disrupted the Central Bank of Iran (CBI) and several other banks, crippling their computer systems. The attack coincides with heightened international scrutiny of Iran’s actions in the Middle East and accusations of interference in the upcoming U.S. Presidential election. This incident is reported to be one of the largest cyberattacks on Iran’s state infrastructure to date.
Global DDoS Attacks Surge in 2024, Driven by Geopolitical Tensions
Radware reports a 265% increase in web DDoS attacks in the first half of 2024 compared to late 2023. Application-layer DNS DDoS activity also tripled, with a significant rise in locked network-layer attacks. Geopolitical tensions are cited as a major factor, with hacktivist groups launching between 1,000 to 1,200 DDoS attacks per month. Ukraine remains the most targeted country, with pro-Russian group NoName057(16) leading the charge.
Unicoin Faces Potential Data Tampering After G-Suite Compromise
Unicoin, a cryptocurrency offshoot from the show Unicorn Hunters, reported a G-Suite compromise that locked all staff out of their accounts. The attacker, who gained access on August 9, had the privileges to change every user password, locking employees out of Gmail, Docs, and other Google services. The incident, reported to the SEC, highlights the vulnerabilities organizations face in securing their digital operations.
Columbus Mayor Addresses Ongoing Cybersecurity Attack
Columbus Mayor Andrew Ginther has publicly addressed the cybersecurity attack impacting the city since July. The breach, initially thought to be from an email link, was later traced to a website download. The city’s tech department quickly severed internet connections to contain the threat. However, there is growing concern that personal information accessed during the attack may be leaked on the dark web.