This Week in Cyber 9th December 2022

Ransomware Gang Vice Society poses Threat to Education Sector

Vice Society has been involved in high-profile activities against schools this year. They differ from other Ransomware-as-a-Service (RaaS) groups as they use pre-existing paid software such as HelloKitty and Zeppelin, instead of developing their own / using open-source tools. In September 2022, the Cybersecurity Advisory from the FBI, CISA and MS-ISAC said they recently observed attacks across the educational sector, with around double the attacks occurring compared with 2021. This is expected to increase further through 2023. Vice Society has attacked organisations in all regions of the globe, with the most prolific attacks occurring in the US (35 cases), UK (18 cases), Spain (7 cases), France (6 cases), Brazil (6 cases), Germany (4 cases) and Italy (4 cases). Over 15 threat groups have attacked the education sector throughout 2022, with Vice Society coming out at more than double the attacks of the second highest, Lockbit 2.0 with 33 confirmed cases to 16. Ransoms demanded by Vice Society have been seen to exceed $1 million, with negotiating whittling it down to what is still a vast sum of around $460,000.

New Go-Based Botnet Exploits 21 Vulnerabilities in IOT Devices

Zerobot, a new botnet created in the programming language Go, has taken advantage of 21 different vulnerabilities related to IOT (Internet of Things) devices. This campaign is believed to have begun after November 18th 2022 and singles out Linux devices to be able to gain control. This malware is an updated version of a somewhat more basic variant with more sophisticated modules and string obfuscation capabilities. It's also been updated to target a varied range of CPU architectures including i386, amd64, arm, arm64, mips, mips64, mips64le and s390x. When a device is under the control of Zerobot, it will connect to the C2 (command-and-control) server and await further instructions, which could eventually include launching large scale network attacks such as a DDoS attack, utilising the UDP and ICMP protocols to 'flood' the victim system until it's no longer functional. Affected IOT products include: Huawei HG532 Router, D-Link DNS-320 NAS, TOTOLINK Routers, Realtek Jungle SDK, Zyxel Firewalls and Digital Watchdog IP Cameras among others.

Google Patches a Further Zero-Day Vulnerability in Chrome

On Friday 2nd November, tech giant Google released an update to fix another actively exploited zero-day vulnerability, making it the 9th vulnerability patch this year, and the 4th actively exploited confusion flaw. The high severity flaw is tracked as CVE-2022-4262 and allows out of bounds memory access to threat actors via a type confusion bug in the V8 JavaScript engine. Similarly, to CVE-2022-4135 which they patched the week before, it allows the memory heap to be corrupted via a custom crafted HTML page. Exploiting this flaw leads to the system crashing (Denial of Service (DoS)) and arbitrary code execution. Its highly recommended to update Chrome to a least version 108.0.5359.94 to mitigate the issue.