Cybercrimes pose major threats across industries globally as bad actors exploit new techniques and vulnerabilities to cause widespread damage. From ransomware attacks affecting major retailers to the weaponization of old software, digital security remains volatile.
In this edition of the TF Cybercrime Round-up, we take a closer look at some of the latest incidents making headlines. Today’s review includes a hack involving Russian state-sponsored hackers; a sizable ransomware breach; the dangerous use of old drivers.
What’s Happening & Why This Matters
Russian Hackers Hijack Wi-Fi Networks via Neighboring Devices
A Russian hacking group, believed to be Fancy Bear (APT28), executed a rare cyberattack that allowed them to infiltrate a U.S.-based organization’s Wi-Fi network. The hackers used a technique called the “Nearest Neighbor Attack,” which involved hijacking a device across the street to gain access. They exploited a less secure neighboring Wi-Fi network to access the target’s network and steal valuable data related to Ukraine. This attack highlights the vulnerabilities in Wi-Fi networks, especially when multi-factor authentication (MFA) is not used.
Why This Matters
This breach shows the growing risks to Wi-Fi networks, especially in a corporate environment. Organizations need to strengthen their security protocols to prevent unauthorized access and data theft. It’s a reminder that cybersecurity measures, including MFA, should be standard practice for all networks, not just VPNs or email services.
Ransomware Attack Disrupts Starbucks and Other Retailers
Blue Yonder, a supply chain and retail management software company, suffered a ransomware attack, affecting major retailers including Starbucks and Morrisons. Starbucks resorted to manual processes to track employees’ work hours. The attack also disrupted grocery supply chains. Blue Yonder is still working to restore its systems. The attack also raises concerns about the cascading effects of cyberattacks, where one breach can disrupt operations across multiple industries.
Why This Matters
Ransomware attacks are increasingly affecting critical business functions. This incident is a cautionary tale for companies relying on third-party software providers for essential services, highlighting the need for robust backup strategies and quick recovery measures.
Avast Driver Exploited in Windows Malware Attack
Cybercriminals have leveraged a kernel-level Avast Anti-Rootkit driver to drop malware on Windows PCs. The malware, dubbed “Kill Floor,” uses this trusted driver to disable security systems and take control of infected machines. While the exact number of affected users is unknown, this technique raises concerns over the safety of using legitimate software that could be exploited by malicious actors.
Why This Matters
The use of trusted drivers for malicious purposes underscores the evolving tactics of cybercriminals. This attack reinforces the importance of keeping all software up-to-date and using malware protection with real-time scanning to prevent such intrusions. Users should be cautious when downloading or updating software and ensure that their systems are protected against such hidden threats.
TF Summary: What’s Next
As cyber threats evolve, it’s clear that companies and individuals alike must stay vigilant. The “Nearest Neighbor Attack” on Wi-Fi networks and the widespread effects of the Blue Yonder ransomware attack show how interconnected and vulnerable businesses have become in the digital age. As for the Avast driver exploit, it serves as a reminder to be cautious about trusted software and to maintain a proactive stance against cybersecurity risks.
In the coming months, TF expects continued focus on strengthening cybersecurity defenses especially in terms of securing enterprise networks and third-party services. Organizations must also invest in training and awareness that ensures employees can recognize threats, mitigate risks, and reduce the need for escalation.
— Text-to-Speech (TTS) provided by gspeech