Threat Briefing: December 1, 2023

Exploiting vulnerabilities to gain access to unpatched computer systems is a routinely-utilized method by cyber threat actors. Staying informed and taking action to address emerging vulnerabilities helps protect your organization.

Vulnerability Found in Ray AI Framework Could Allow for Unauthorized Access, resulting in a remote attacker being able to delete or submit jobs without authentication, execute arbitrary code, or retrieve sensitive information. Other Ray systems impacted include the Ray jobs Python SDK and Ray client API. Security Week

International Coalition Releases Guidance Identifying New Vulnerability Types Affecting A-critical Intelligence Systems – The coalition led by the U.S. and United Kingdom and comprised of 17 other nations and multiple technology companies, issued guidance on how to better secure artificial intelligence systems. The guidance also identified three new vulnerability types, the ability to extract sensitive model information, the impact on models’ classification or regression performance, and the ability for users to perform unauthorized actions. The Record

North Korean Cyber Actors Combing Multiple macOS Malware Variants as Part of New Campaign – The actors are utilizing the RustBucket malware as a dropper to deliver the KANDYKORN malware which has been identified as a remote access trojan. A third malware variant, known as ObjCShellz, has also been deployed by the North Korean actors, and it functions as a remote shell to execute commands from the attack server. The Hacker News

Cryptocurrency Mixer Sinbad Used to Launder Funds for Cyber Actors, Sanctioned by U.S. Department of Treasury – Sinbad has been linked to mixing millions of cryptocurrency stolen by North Korean cyber actors, specifically attacks against Horizon Bridge and Axie Infinity. Sinbad has also been linked to activity for sanctions evasion, darknet market activity, and drug trafficking. A joint operation between law enforcement agencies in the Netherlands, Poland, and the U.S. seized the website domain for the Sinbad mixer. Bleeping Computer

Approximately $54 Million Was Stolen from Cryptocurrency Platform KyberSwap, a decentralized autonomous organization that had a total value of approximately $80 million before the attack. The cyber threat actor responsible for the attack has contacted KyberSwap and indicated they want to negotiate with the company and have been willing to provide a bounty of 10% if the attacker returns 90% of the stolen cryptocurrency. Coindesk

Russian National Pleaded Guilty for Participating in the Development and Deployment of Trickbot Malware – Vladimir Dunaev was involved in developing a program code to prevent Trickbot from being detected by security software. During Dunaev’s time of supporting Trickbot, the malware was responsible for distributing ransomware, resulting in $3.4 million in ransom payments. U.S. Department of Justice

CISA Launches New “Secure by Design” Alert Series to Increase Awareness for Software Development – The new series provides guidance on how vendor decisions can help reduce the harm of cyber attacks. The first alert in the series is focused on web management interfaces and guides software manufacturers so that products incorporate security rather than relying on customers to make security choices. Security Week

European Cyber Force Proposed by European Union Council President to include the capability to carry out offensive cyber operations. The European Union’s European Defence Agency previously established a military computer emergency response team operation network in 2022. The increased focus on offensive cyber capabilities follows the invasion of Ukraine by Russia. The Record

Cyber Attacks Against Middle East and Africa Likely to Increase as Geopolitical Conflicts Intensify – The conflict between Israel and Palestinians is raising tensions and leading to more cyber attacks. The majority of cyber attacks in the region have focused on the education, government, and information technology sectors. During 2023, South Africa saw an uptick in ransomware attacks compared to 2022, with 78% of companies being impacted by ransomware. Dark Reading