Threat Matrix: November Edition
Threat Matrix: New Wi-Fi Attack Methods, Audible Scams, and More
The latest news from the digital underbelly and how to protect your business
Welcome to the November edition of Upfort’s Threat Matrix, your essential guide to cybersecurity news tailored for small business owners. In this edition, we cover Ransomware threats in the UK, scams flooding Audible, and a Russian attack group’s novel approach to infiltrating target networks by attacking another business that happens to be nearby.
Want to help keep your company safe? It only takes two minutes to complete our interactive cybersecurity checklist to tell how prepared you are. Or take a free cyber security risk assessment, which taps Upfort’s state-of-the-art AI to surface exploitable vulnerabilities in your network.
On November 21, 2024, supply chain management firm Blue Yonder experienced a ransomware attack that disrupted its managed services hosting environment. This incident affected several major grocery chains in the UK, including Sainsbury’s and Morrisons, leading to operational challenges such as delays in inventory management and distribution. Blue Yonder, a subsidiary of Panasonic, is collaborating with cybersecurity experts to restore services and has implemented defensive measures to prevent further breaches.
How to protect your business: Regularly update and patch software systems, implement robust cybersecurity protocols, and conduct employee training to recognize phishing attempts and other common attack vectors.
Meta has taken down over 2 million accounts linked to ‘pig butchering’ scams, a form of financial fraud where victims are manipulated into investing in fake schemes. These scams often originate from forced labor operations in Southeast Asia and the UAE, where individuals are coerced into conducting fraudulent activities. Meta has collaborated with global law enforcement and tech companies for over two years to combat these evolving crime syndicates. Despite these efforts, researchers criticize Meta’s slow public response and lack of engagement with the research community.
How to protect yourself: Be cautious of unsolicited investment opportunities, especially those promising high returns. Verify the legitimacy of investment platforms and be wary of individuals contacting you through social media or messaging apps. If you suspect fraudulent activity, report it to the appropriate authorities.
Russian state-sponsored hackers, identified as APT28 (also known as “Fancy Bear”), have developed a novel cyberattack method termed the “nearest neighbor attack.” In this approach, the attackers first compromise an organization located in close proximity to their primary target. They then exploit the compromised organization’s Wi-Fi network to gain unauthorized access to the target’s systems. This technique allows the hackers to breach networks without being physically present, effectively bypassing traditional security measures.
How to protect your business: To defend against such sophisticated attacks, it’s crucial to implement robust Wi-Fi security protocols, including strong encryption and regular network monitoring. Additionally, conducting comprehensive security assessments of neighboring networks can help identify potential vulnerabilities that could be exploited by attackers.
A recent Environmental Protection Agency (EPA) report reveals that at least 97 major U.S. water systems have significant cybersecurity vulnerabilities, endangering the water supply for nearly 27 million Americans. These weaknesses could allow malicious actors to disrupt services or cause physical damage to drinking water infrastructure. Despite previous cyberattacks highlighting these risks, many water systems remain inadequately protected.
How to protect your business: Water utilities should conduct regular cybersecurity assessments, implement robust access controls, and ensure that all software and systems are up to date to mitigate potential threats.
As Bluesky’s user base surpasses 20 million, the platform is experiencing a significant increase in cryptocurrency scams. Scammers are exploiting the platform’s growth by posting fraudulent crypto giveaways and promoting fake assets like “MetaChain” and “MetaCoin,” often using AI-generated images of tech figures to lend credibility. These deceptive tactics aim to mislead users into associating the scams with reputable companies.
How to protect yourself: Be cautious of unsolicited offers, especially those promising high returns. Verify the legitimacy of accounts and promotions before engaging, and report any suspicious activity to platform administrators.
Amazon and its subsidiaries, including Amazon Music and Audible, have been flooded with fraudulent listings promoting shady “forex trading” schemes and links to pirated software, known as “warez.” These listings often take the form of zero-second audio episodes or misleading podcast descriptions, designed to manipulate search rankings in a process called SEO poisoning. Many of these entries direct users to external websites or Telegram channels, often linked to an untrustworthy trading platform called EliteMarketMovers. While Amazon has taken steps to remove some of the fraudulent content, the issue persists.
How to protect yourself: Be wary of unusual or suspicious listings on platforms like Amazon and Audible. Avoid clicking on external links from unverified sources, and report fraudulent content to Amazon to help protect yourself and other users.
A critical vulnerability, CVE-2023-28461, has been discovered in Array Networks’ SSL VPN products, specifically affecting AG and vxAG Series appliances running ArrayOS version 9.4.0.481 and earlier. This flaw allows unauthenticated attackers to execute remote code by exploiting improper authentication mechanisms. Despite a patch being released in March 2023, recent reports indicate that threat actors are actively exploiting unpatched systems, compromising the security of organizations relying on these VPN solutions.
How to protect your business: Immediately update your Array Networks SSL VPN appliances to the latest firmware version to address this vulnerability. Regularly monitor your systems for unusual activity and ensure that all security patches are applied promptly to safeguard against potential threats.