This Week in Cyber 6th April 2023

Cryptocurrency Companies Targeted In Sophisticated 3CX Supply Chain Attack

Cybersecurity firm Kaspersky has identified a second-stage implant, known as Gopuram, behind the supply chain attack on 3CX, with a focus on targeting a small number of cryptocurrency companies. Gopuram is a versatile backdoor that connects to a command-and-control server and waits for further instructions to interact with victim's files, create processes, and launch in-memory modules. The backdoor has been linked to North Korea through its co-existence with AppleJeus, a backdoor attributed to the Korean-speaking threat actor Lazarus. Kaspersky identified a C2 overlap with a server employed in an AppleJeus campaign. The highest infection rates have been detected in Brazil, Germany, Italy, and France. BlackBerry revealed that the initial phase of the operation took place between the end of summer and the beginning of fall 2022, with healthcare, pharma, IT, and finance emerging as the top targeted sectors. Multiple versions of the desktop app have been impacted, and 3CX has pinned the attack on a highly experienced and knowledgeable hacker.

ChatGPT Banned In Italy Over Privacy Concerns

The Italian data protection regulator, Garante, has temporarily banned OpenAI's ChatGPT service in the country over concerns about data protection. The company has been ordered to stop processing users' data immediately, and the Garante intends to investigate whether OpenAI is unlawfully processing such data in violation of GDPR. The Garante cited the lack of information provided to users, the lack of a legal basis for the collection and processing of personal data, the absence of age verification, and questions about the accuracy of information surfaced by ChatGPT. OpenAI has blocked its generative AI chatbot from being accessed by users with an Italian IP address, and it is issuing refunds to subscribers of ChatGPT Plus. The company has 20 days to notify the Garante of measures taken to bring the service into compliance, or it risks fines of up to €20 million or 4% of the total worldwide annual turnover. The ban is not expected to affect other countries using OpenAI's technology.

FBI Seizes Stolen Credentials Market ‘Genesis’

Law enforcement has seized the domains and infrastructure of Genesis Market, a popular marketplace for stolen credentials, as part of "Operation Cookie Monster". While the administrators have not been caught or identified, the FBI has executed a seizure warrant, and the platform's site on the dark web is still accessible. The Genesis Market operators have confirmed that the Tor network domain is active, and they plan to keep the shop running by launching their plugin via Tor. The platform offered about 80 million credentials and digital fingerprints, and at the time of the takedown, more than 460,000 bots were available for sale. Following a raid at a suspected cybercriminal that used Genesis Market, the Romanian Police seized more than $200.000 in cash and over 9 kilograms of pure gold.

Capita Recently Became Victim To A Suspected Cyber-Attack Which Disrupted Services

Capita, an outsourcing company that provides critical services to the NHS, military and government agencies, suffered a major IT outage on Friday, which was confirmed to be caused by a cyber-attack. The company has been working over the weekend to restore its online services for clients, including local councils, and has confirmed that the incident primarily impacted access to internal Microsoft Office 365 applications. While some customers were able to continue services, others had to resort to using radios and pen and paper. Capita has not disclosed which customers were affected, but it holds £6.5bn worth of public sector contracts and is one of the UK government's most important suppliers. The company says it is making progress in restoring remaining client services in a secure and controlled manner.