Threat Briefing: October 11, 2024

In recognition of Cybersecurity Awareness Month, Cybersecurity and Infrastructure Security Agency (CISA) is emphasizing the critical role of multi-factor authentication (MFA) in safeguarding online accounts. MFA is essential because cybercriminals constantly seek to exploit vulnerabilities, whether through brute force attacks or by using malware to steal credentials.

Various MFA methods exist, such as receiving a one-time passcode via phone or email for authentication. However, despite these layers of protection, cyber attackers still attempt to bypass MFA in creative ways.

• New Mamba 2FA Phishing-as-a-Service Platform Helps Cyber Threat Actors Compromise Microsoft 365 Accounts – Priced at $250 per month and active since 2023, the platform now employs proxy servers, following a security group’s report on its operations. Mamba allows attackers to capture one-time passcodes and authentication cookies, which can then be used to infiltrate both corporate and personal Microsoft accounts. The platform offers a range of customizable templates, allowing users to create fraudulent login pages. Bleeping Computer
• North Korean Actors Utilize Updated Malware in Fake Job Recruitment Offers – North Korean cyber actors are impersonating job recruiters to target victims on LinkedIn. They infect their targets with two types of malware: one is an information stealer known as BeaverTail, which is designed to capture credentials, including those for cryptocurrency wallets. The second variant, called InvisibleFerret, functions as a keylogger and downloads AnyDesk, enabling the attackers to remotely control the infected device. The Record
• Phishing Campaign Directs Victims to GitHub Repositories Hosting Malware – Victims in the finance and insurance sectors are receiving phishing emails themed around tax issues, which contain a password-protected file. Upon opening this file, the Remcos RAT (Remote Access Trojan) is installed on their computers, granting attackers unauthorized access to the victims’ systems. Cofense
• U.S. Government Agencies Warn of Scams Using Hurricane Relief as a Lure – The Federal Trade Commission (FTC) and the Cybersecurity and Infrastructure Security Agency (CISA) have released warnings about scams aimed at stealing money or personal data from victims. These scams often involve impersonating government officials or using the names of charities associated with disaster relief efforts. Individuals affected by hurricanes may be targeted through malicious emails and deceptive content on social media. The Record
• Global Signal Exchange a Partnership Between Google and Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to Combat Cybercrime – This partnership aims to facilitate real-time information sharing by integrating data from multiple sources. By collaborating across various sectors and platforms, the initiative seeks to enhance efforts to combat online scams through improved information exchange.  Google