Cybersecurity Report #11

The field of cybersecurity has been quite busy in recent days, with emphasis on the Brazilian scenario. There were two events with a direct or indirect impact on the national scenario in data protection, privacy and virtual crimes.

Additionally, vulnerabilities on popular platforms have been reported and require an update from responsible companies and consumers.

Top 6 cybersecurity news of the week

1. Ransomware breaks record in number of attacks and victims in 2023

A study carried out by Corvus Insurance claims that ransomware attacks broke a record number of victims in 2023. According to the survey, there were 4,496 victims posted on leak sites last yearbetween small and large companies or government institutions.

Even without taking into account who paid for the ransom, the number is much higher than the number recorded in 2022 (2,670) and 2021 (3,048) — the year in which ransomware soared as it was still a peak year for the Covid-19 pandemic and the beginning of the war between Russia and Ukraine.

The number of ransomware victims is on the rise.The number of ransomware victims is on the rise.Source: Corvus Insurance

According to the company, new groups gained access to attack tools and began their own operations. Furthermore, the responsible authorities are unable to completely stop the invasions. On the other hand, there is an optimistic view in the scenario.

Companies throughout 2023 have increased security on their own so as not to be part of the statistics. Furthermore, the number of companies that paid the ransom fell by 29%, an action that respects the recommendations of experts.

2. ChatGPT is leaking confidential conversations and data to third parties, says report

The world's most popular chatbot can “hand over” people's private information to other users in conversations. This is an alarming conclusion published by the website ArsTechnica regarding the use of ChatGPT.

ChatGPT.ChatGPT has sensitive data and leaked conversations.Source: GettyImages

According to the survey, the OpenAI platform It even reveals some people's logins and passwords. In other tests, the platform delivered details of an unpublished research proposal, scripts in the PHP language and the name of an academic presentation under development.

Details were disclosed in ChatGPT responses about content different from what was requested by the user. The platform is fed with data from the internet – which is causing legal problems for the company – and this type of information may have been obtained from these sites without receiving a filter.

3. Serious flaw in Linux leaves several distros vulnerable to attacks

A series of vulnerabilities in the GNU C Library (glibc) of Linux can result in attacks on equipment with different distros of the platform. According to the Qualys Threat Research Unit, millions of systems would be at risk because of security flaws.

Fedora, one of the affected distros.Fedora, one of the affected distros.Source: Fedora Project

The main flaw, called CVE-2023-6246, allows unauthorized third-party access to the system by granting privileges to an attacker. In addition to this, three other breaches of lesser impact were identified.

The popular distros Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37, 38 and 39 are among the platforms at risk. The recommendation is that users update their systems to the latest versions immediately.

4. Federal Police arrest those accused of creating the Grandoreiro banking malware

Last Tuesday (30), the Federal Police carried out an action to investigate a cybercriminal group based in Brazil. The call Operation Grandoreiro resulted in five temporary arrest warrants and another 13 search and seizure warrants in five states.

The members will be accused of criminal association, qualified theft through fraud in a cyber environment, hacking of a computer device and money laundering.

Time of seizure during PF operation.Time of seizure during PF operation.Source: Federal Police

The suspects are accused of programming banking malware used inside and outside the country. Ao least 3.6 million euros have been moved by the group since 2019. Grandoreiro infected machines via phishing and stole personal and financial data from victims.

5. Tim, Vivo and Claro did not alert Anatel even though they knew about a possible spy attack, says newspaper

Three of the country's main mobile phone operators could be punished by the National Telecommunications Agency (Anatel). Vivo, Claro and Tim will be investigated for not informing the agency about the use of spy software against Brazilian citizens.

The application in question is FirstMile, denounced in the investigation into the existence of a parallel service in the Brazilian Intelligence Agency (Abin) during the government of Jair Bolsonaro. According to Anatel, operators noticed the use of the platform and even took their own security measures, but they should also notify the entity.

Anatel - National Telecommunications Agency.Anatel – National Telecommunications Agency.Source: GettyImages

The investigation may result in administrative punishments for operators. The Abin case is also still under evaluation and involves the illegal obtaining of location data from political opponents or opponents of the government.

6. FBI accuses China-linked hackers of attacking US infrastructure

The FBI claims that it dismantled the operations of a cybercriminal group that acted at the behest of the Chinese government. The gang in question is Volt Typhoon, which has been attacking “critical systems” of the United States' infrastructure for two years.

The FBI will continue to investigate the Volt Typhoon's actions.The FBI will continue to investigate the Volt Typhoon's actions.Source: GettyImages

Criminals would have invaded computers using vulnerabilities in home and corporate routers that were out of date. Water treatment plants, electrical power plants and oil distributors were among the possible targets.

Microsoft discovered the group's activities in May 2023 and helped with the investigation. Recently, the agency also neutralized the activities of the ALPHV/Blackcat groupsecond most active in the world in creating ransomware-as-a-service variants.

These were the main cybersecurity news this week and now you are up to date on the subject. To the next!

Leave a Reply

Your email address will not be published. Required fields are marked *