Threat Matrix: GenAI Obituary Scams, WordPress Malware, and Bogus Invoice Attacks

Threat Matrix: GenAI Obituary Scams, WordPress Malware, and Bogus Invoice Attacks

Welcome to the first Threat Matrix of spring 2024. In this edition, we drudge up emerging (and concerning) threats from the digital muck such as a growing gen AI-powered phishing scam targeting mourning co-workers, Wordpress malware infecting more than 39,000 business sites, and new revelations that Russian hackers have accessed source code to multiple internal Microsoft systems.


The good news? There are steps you can take to defend yourself and your business, which we’ve detailed below. 

Be sure to set aside some time this spring for a little cyber hygiene. Take two minutes to fill out our interactive cybersecurity checklist or take a free cyber security risk assessment, which taps Upfort’s state-of-the-art AI to surface exploitable vulnerabilities in your digital network. 

Also be sure to keep up on the latest threats by following Upfort on LinkedIn and subscribing to the Level Up Security newsletter.

AI Obituary Scams Are a Growing Risk for Businesses

Scammers are using genAI tools such as ChatGPT to rapidly build and publish fraudulent obituaries of recently passed individuals to lure their coworkers so they can install malware on their devices. And in some cases, they're even creating obits for people who are very much alive.

These unscrupulous individuals exploit the initial information void that exists before an official obituary is published to disseminate fake obituaries across several bogus memorial sites. 

Visitors to these sites are redirected to spam or fooled into downloading malware. The phishers appear to be using the deaths of individuals at target companies so they can find ways into the organization via malware downloaded onto tricked colleagues' devices.

DIY cybersecurity kit: Examine the URLs clicking to judge if it appears to be a legitimate publication or source. NOTE: GenAI and other tools empower phishers to rapidly build increasingly sophisticated spoof sites, so consider tapping an additional layer of website browsing protection that can automatically flag potentially malicious sites.

via Dark Reading

The phishers appear to be using the deaths of individuals at target companies so they can find ways into the organization via malware downloaded onto tricked colleagues' devices.

'Sign1' Malware Hits 39,000 WordPress Sites

An elusive malware dubbed 'Sign1' has infected about 39,000 sites, causing disruptive ads and redirects for site visitors. The malware infiltrates WordPress sites via custom HTML widgets and legitimate plugins and uses random URLs that change every 10 minutes to avoid detection. 

DIY cybersecurity kit: Fend off such attacks by creating robust admin passwords, keeping plugins up-to-date, and minimizing excess add-ons that may present vulnerabilities.

via BleepingComputer

Microsoft Source Code Breach Linked to Russian Hackers 

Microsoft revealed that a breach by Russian hackers, known as Cozy Bear or Midnight Blizzard, was more extensive than initially believed, involving access to Microsoft source code and internal systems. 

The attack, which began in November, stemmed from a compromised test system and escalated to infiltrate emails of senior executives. Microsoft assures that customer-facing systems remain uncompromised, concern lingers over the hackers' persistence and ability to leverage stolen information. 

The company is intensifying security measures in response to the ongoing threat, illustrating the evolving and complex landscape of sophisticated nation-state cyber attacks.

DIY cybersecurity kit: Keep all Microsoft systems (and all systems in general) up-to-date with the latest free updates and patches as soon as they are available. 

via CyberScoop

Phishers Duping Companies with Fake Legal Invoices

A group identified as 'Narwhal Spider' recently tricked several organizations into downloading access malware hidden in phony legal invoices, which might signal larger, forthcoming cyber-attacks. 

This latest scheme involved a phishing campaign where the group's deceptive emails contained malicious PDFs designed to look like genuine invoices for legal services. 

DIY cybersecurity kit: Watch for suspicious traffic patterns, unusual influxes of external PDF invoices, and provide proper phishing awareness training for employees. Indeed, research has shown that 95% of cyber incidents are due to human error.

via Dark Reading

Roku Breach Exposes 15,000 Accounts

Streaming device company Roku has revealed a data breach affecting over 15,000 accounts, allowing hackers to access stored credit card information and make unauthorized purchases of streaming subscriptions. 

The breach, likely resulting from credential stuffing tactics using information from previous data breaches, prompted Roku to secure affected accounts, reset passwords, and cancel/refund unauthorized purchases. 

DIY cybersecurity kit: While sensitive information like social security numbers and full payment account numbers weren’t compromised in the attack, users are advised to change their Roku passwords and monitor for any unauthorized activity on their accounts.

via The Verge

Cyberattackers Phishing Microsoft Office Users

A cybercrime campaign known as 'PhantomBlu' is targeting US-based Microsoft Office users, mimicking an accounting service to deliver an undetectable remote access trojan (RAT). 

Designed to evade detection by appearing as legitimate software, the attackers' emails invite recipients to download a Microsoft Word file supposedly containing their 'monthly salary report.' This infected file eventually delivers the sinister NetSupport RAT, notorious for conducting surveillance, capturing data, taking over system resources, and spreading within networks. 

DIY cybersecurity kit: PhantomBlu seeks to exploit employee trust, and as always, training and awareness are key defenses against such schemes. Email phishers are tapping increasingly sophisticated methods to fool users, so consider employing additional inbox defenses

via Dark Reading

Designed to evade detection by appearing as legitimate software, the attackers' emails invite recipients to download a Microsoft Word file supposedly containing their 'monthly salary report.'

Belgian Grand Prix's Email Hacked, Fans Phished

Hackers recently commandeered the Belgian Grand Prix's official contact email, tricking fans with a €50 voucher scam on a phony site. According to race organizers, the criminals hijacked the email on March 17, and subsequently sent deceitful emails promising race ticket vouchers in exchange for personal and banking details. 

DIY cybersecurity kit: In the event that a legitimate account is hacked, phishers will send people to their own accounts (often not associated with the legitimate site). Take a look at the URL to see if it’s a match. NOTE: sometimes phishers will go to the trouble to secure a website that resembles a legitimate site, e.g., the letter O is replaced with a zero. You should also implement automated, up-to-date browsing defenses to detect and flag users to potential issues.

via BleepingComputer

Emerging 'Loop DoS' Attack Poses Threat to 300k Hosts

The security researchers at CISPA Helmholtz-Center for Information Security have discovered 'Loop DoS,' a new denial-of-service attack that can engulf network services in a perpetual communication loop, generating vast volumes of traffic. The attack, which affects nearly 300,000 hosts, exploits a vulnerability (CVE-2024-2169) in the User Datagram Protocol (UDP). 

DIY cybersecurity kit: To safeguard against Loop DoS, CERT/CC recommends regularly updating software, disabling unnecessary UDP services, employing TCP or request validation, setting up anti-spoofing solutions, and implementing Quality-of-Service measures to cap network traffic.

via BleepingComputer

South African Government Hit by Ransomware Attack

A potentially devastating ransomware attack supposedly perpetrated by the LockBit cybercrime gang has reportedly leaked 668GB of critical national pension data in South Africa. While allegations of the breach remain under investigation, the incident has sparked concerns regarding the organization's security posture and system resilience. 

DIY cybersecurity kit: To resist ransomware attacks, experts recommend enforcing proactive strategies, such as using multifactor authentication, maintaining current backups, applying endpoint protection and threat detection capabilities, managing vulnerabilities, and securing management and administrative interfaces of public-facing applications.

via Dark Reading

US Water Systems Under Threat From China, Iran

In a recent advisory, the White House has highlighted the growing cybersecurity threats posed by Chinese and Iranian threat groups to US water and wastewater systems. It has urged stakeholders in these sectors to urgently review their cybersecurity practices and establish strategies to mitigate risk and respond to attacks. 

The memo points to incidents like the November attack on Pennsylvania's Municipal Water Authority by an Iran-sponsored group, as an indication of potential damage that could be posed by targeting water systems.

DIY cybersecurity kit: For most of us, there’s unfortunately not much to do when it comes to state-sponsored cyber warfare. For water systems, authorities recommend stringent separation of IT and OT environments to contain damage in cases of successful attacks.

via The Verge

Sign up for our newsletter