9th December, 2022
Ransomware Gang Vice Society poses Threat to Education Sector
Vice Society has been involved in high-profile activities against schools this year. They differ from other Ransomware-as-a-Service (RaaS) groups as they use pre-existing paid software such as HelloKitty and Zeppelin, instead of developing their own / using open-source tools. In September 2022, the Cybersecurity Advisory from the FBI, CISA and MS-ISAC said they recently observed attacks across the educational sector, with around double the attacks occurring compared with 2021. This is expected to increase further through 2023. Vice Society has attacked organisations in all regions of the globe, with the most prolific attacks occurring in the US (35 cases), UK (18 cases), Spain (7 cases), France (6 cases), Brazil (6 cases), Germany (4 cases) and Italy (4 cases). Over 15 threat groups have attacked the education sector throughout 2022, with Vice Society coming out at more than double the attacks of the second highest, Lockbit 2.0 with 33 confirmed cases to 16. Ransoms demanded by Vice Society have been seen to exceed $1 million, with negotiating whittling it down to what is still a vast sum of around $460,000.
New Go-Based Botnet Exploits 21 Vulnerabilities in IOT Devices
Zerobot, a new botnet created in the programming language Go, has taken advantage of 21 different vulnerabilities related to IOT (Internet of Things) devices. This campaign is believed to have begun after November 18th 2022 and singles out Linux devices to be able to gain control. This malware is an updated version of a somewhat more basic variant with more sophisticated modules and string obfuscation capabilities. It's also been updated to target a varied range of CPU architectures including i386, amd64, arm, arm64, mips, mips64, mips64le and s390x. When a device is under the control of Zerobot, it will connect to the C2 (command-and-control) server and await further instructions, which could eventually include launching large scale network attacks such as a DDoS attack, utilising the UDP and ICMP protocols to 'flood' the victim system until it's no longer functional. Affected IOT products include: Huawei HG532 Router, D-Link DNS-320 NAS, TOTOLINK Routers, Realtek Jungle SDK, Zyxel Firewalls and Digital Watchdog IP Cameras among others.
Google Patches a Further Zero-Day Vulnerability in Chrome