Cyber Weekly Digest - 2022 Week #28

In this week’s Cyber Weekly Digest find out about the latest Window’s zero-day vulnerability CISA is urging agencies to patch, and the botnet behind the largest DDoS attack. Keep reading to stay up to date on the latest cyber security news from around the world.

1. CISA orders agencies to patch new Windows actively exploited local privilege escalation vulnerability.

CISA has urged agencies to patch a new actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem. The high severity security flaw impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases. Microsoft did patch it as part of the July 2022 Patch Tuesday and was classified as a zero-day as it was abused in attacks before a fix was available. CISA has given the agencies three weeks to patch the actively exploited CVE-2022-22047 vulnerability and block ongoing attacks that could target their systems.

2. Mantis Botnet was revealed to be behind the biggest DDoS attack in June.

The botnet behind the largest HTTPS distributed denial-of-service attack in June has been linked to a wave of attacks aimed at nearly 1,000 Cloudflare customers. Cloudflare noted that the botnet is Mantis and has carried out more than 3,000 HTTP DDoS attacks against its users. Cloudflare notes some key features of the botnet which makes is so powerful including, its ability to carry out HTTPS DDoS attacks, which are expensive in nature due to the computational resources required to establish a secure TLS encrypted connection. Secondly, Mantis leverages hijacked virtual machines and powerful servers, equipping it with more resources instead of IoT devices that traditional botnets rely on.

3. University earns money from recovered ransomware payment.

Maastricht University, a Dutch university with more than 22,000 students, announced that it had recovered the ransom paid after a ransomware attack that hit its network in December 2019. In 2019 the university decided to pay the ransom to have its files decrypted after deciding that rebuilding all infected systems from scratch or creating a decryptor were not viable options. The university paid a 30 bitcoin ransom for the ransomware decryptor. However, this week law enforcement traced and seized a wallet containing the cryptocurrency paid by the university. The value of the cryptocurrencies found at that time was €40,000 which at the current exchange rate, they are worth approximately €500,000. After recovering the money, the university has said it wants to create a fund that would allow the university to help students in need.

4. Amazon Prime Day becomes a key target for scam emails.

Cyber security firms are warning the public about an increase in phishing and credential harvesting around Amazon Prime Day deals. Threat actors are targeting users and consumers with phishing emails which promise an Amazon gift card in return for completing a survey. Researchers found that there has been a 37% increase in Amazon-related phishing attacks this month in comparison to June. All Amazon users should be extra mindful of any emails claiming to be from Amazon, especially as Amazon rarely sends out advertising emails.

5. Ransomware Gang now lets any user search their stolen data.

Two ransomware gangs and a data extortion group have come up with a new strategy to force victim companies to pay threat actors to not leak stolen data. The threat actor’s websites now have search functions built in to make it easier to find victims or even specific details. More threat actors are likely to adopt this style of extortion. Many groups such as BlackCat and LockBit have created their own search functions to their websites, this allows for employees and users to search for their details and check if their information was a part of a data breach.