Cybersecurity Weekly: Geico breach, Morse code phishing attack, CMMC’s role in cybersecurity

August 17, 2021 by Sam Fay

A Geico breach exposed customers’ driver’s license numbers. Hackers are using Morse code in phishing attacks to evade detection. How CMMC can help counter current cyberattacks. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Geico breach exposed customers’ driver’s license numbers

In a data breach notification filed with the California Attorney General’s office, Geico states that, for over a month, threat actors abused an online sales portal to gain access to policy holder’s driver’s license numbers. The threat actors utilized customer information obtained elsewhere to pull up the info on policyholders.
Read more »


2. Hackers using Morse code in phishing attacks to evade detection

Microsoft disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average. In an attempt to cover their tracks and surreptitiously harvest user credentials, the group periodically relied on the use of Morse code in their attacks.
Read more »


3. How CMMC can help counter current cyberattacks

The publicly available Cybersecurity Maturity Model Certification (CMMC) is getting a lot of attention these days, both within and outside the public sector. Developed in response to escalating cyberattacks aimed at the defense industrial base and DoD supply chain, CMMC has broader appeal for any organization determining the maturity of its IT security controls.
Read more »


4. Evasive Office 365 phishing campaign active since July 2020

Microsoft says that a year-long and highly evasive spear-phishing campaign targeted Office 365 customers in multiple waves of attacks starting with July 2020. The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims.
Read more »


5. Seven ways technical debt increases security risk

Two in three CISOs believe that technical debt, the difference between what’s needed in a project and what’s finally deployed, to be a significant cause of security vulnerability. Here are seven ways technical debt can become a problem for a CISO.
Read more »


6. Hackers actively searching for unpatched Microsoft Exchange servers

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year.
Read more »


7. Experts shed light on new malware-as-a-service written in Rust

An information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
Read more »


8. Vice Society ransomware joins ongoing PrintNightmare attacks

The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims’ networks. Attackers can abuse this set of security flaws for local privilege escalation or distributing malware as Windows domain admins via remote code execution with SYSTEM privileges.
Read more »


9. WordPress sites abused in Aggah spearphishing campaign

Threat actors are using compromised WordPress websites to target manufacturers across Asia with a new spear-phishing campaign that delivers the Warzone RAT.The threat group Aggah is delivering the RAT in a campaign aimed at spreading malware to manufacturing companies in Taiwan and South Korea.
Read more »


10. Accenture hit by apparent ransomware attack

Accenture appears to have been hit by the LockBit ransomware gang, who are offering to sell data stolen from the global consultancy firm to interested parties. On their dark web website, the LockBit ransomware gang confirmed the breach, and has threatened to release data exfiltrated from Accenture’s systems if a ransom is not paid.
Read more »

Posted: August 17, 2021
Sam Fay
View Profile