This Month in Cyber Security: July 2023
Explore the latest cyber security news from July 2023, and some key updates from TryHackMe.
Discover the latest news from the world of cyber security in July 2023, including a new spate of open-source software supply chain attacks on banks, three new critical vulnerabilities, an IT Security Analyst convicted for blackmailing their employer, an Amazon Security Engineer indicted in $9M crypto heist, plus much, much more.
Keep reading for your monthly dose of industry updates!
Banks targeted in open-source software supply chain attacks
Cyber security researchers have discovered the first open-source software supply chain attacks specifically targeting the banking sector.
Attackers have deployed advanced and deceptive techniques, such as creating fake LinkedIn profiles, customised command-and-control centres for each target, and targeting specific components in web assets of the victim bank by attaching malicious functionalities.
In the first attack, malware authors uploaded several packages to the npm registry by posing as an employee of the target bank. In a public statement, researchers at CheckMarx investigating the incident said: “A threat actor leveraged the NPM platform to upload a couple of packages containing within them a preinstall script that executed its malicious objective upon installation.”
Once launched, the script proceeded to download second-stage malware from a remote server by using a subdomain that incorporated the name of the relevant bank.
This incident shines a light on the Tactics, Techniques, and Procedures (TTP) to ensure financial institutions, who have always been at the receiving end of attacks, evolve their defenses, and stay ahead of the threat actors.
Without dedicated action, the global financial system will only become more vulnerable, with the financial sector facing unique cyber threats. TryHackMe’s Detection Engineering module guides you through offensive Tactics, Techniques, and Procedures (TTP), alongside looking at the concepts of detection engineering, how to write detection rules, how Windows Event alerts can be triggered, and the basic concepts of Security Orchestration, Automation and Response (SOAR).
Citrix warns of three new critical vulnerabilities
On Tuesday, July 18, cloud computing and virtualisation technology company, Citrix, published a warning of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway. The three vulnerabilities are as follows:
- CVE-2023-3466: Reflected XSS vulnerability—successful exploitation requires the victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NetScaler IP (NSIP)
- CVE-2023-3467: Allows for privilege escalation to root administrator (nsroot)
- CVE-2023-3519: Unauthenticated remote code execution—NOTE that the appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Of the three vulnerabilities, CVE-2023-3519 is the most severe, with successful exploitation allowing attackers to execute code remotely on vulnerable target systems that are configured as a Gateway.
According to Citrix, the following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
- NetScaler ADC 13.1-FIPS before 13.1-37.159
- NetScaler ADC 12.1-FIPS before 12.1-65.36
- NetScaler ADC 12.1-NDcPP before 12.65.36
Citrix continues to notify customers and partners of these potential security issues. Patches are available for vulnerable versions of NetScaler ADC and NetScaler Gateway, and should be applied on an emergency basis.
IT Security Analyst convicted for blackmailing employer
An IT Security Analyst has pleaded guilty to gaining unauthorised access and blackmailing his employer, Oxford BioMedica, after impersonating a ransomware group that previously targeted the company.
Ashley Liles, a former IT Security Analyst, gained access to an unauthorised computer to blackmail Oxford BioMedica after making an ‘unwarranted demand’ for £300,000 in Bitcoin currency.
Ashley initially worked on the incident response team and traced that the attacker demanded ransom payment through email. He then took advantage of this attempt and commenced a secondary attack on his company and accessed the emails of senior members on over 300 occasions. Ashley edited the original email from the primary attacker and inserted his own payment details, before forwarding the edited email back to his employer to demand ransom.
However, Oxford BioMedica refused to pay the ransom and discovered the unauthorised access to internal emails which was later found to be from Ashley’s home address in Hertfordshire, UK.
Ashley Liles attempted to wipe all traces of data from his personal computer, phone and USB stick, which officers from the South East Regional Organised Cyber Crime Unit were later able to recover. The former employee of Oxford BioMedica has since been sentenced to three years in prison.
Following on from this case, all cyber crime victims in the UK are advised to report all incidents to Action Fraud.
Amazon Security Engineer indicted in $9M crypto heist
On the 11th of July, a Senior Security Engineer at Amazon was arrested and indicted for orchestrating a cryptocurrency heist worth millions.
Shakeeb Ahmed, who has worked at Amazon for almost three years, stands accused of illegally manipulating systems and exploiting digital assets for personal gain. Ahmed took advantage of his role as a Computer Security Engineer to steal millions of dollars, before attempting to hide the stolen funds. He then logged false pricing data to generate millions of dollars worth of inflated fees that he did not earn, mistakenly leaving a digital footprint behind which the IRS (Internal Revenue Service) later investigated.
Upon further investigation, Ahmed orchestrated the scheme in July 2022, after he was found conducting a series of test transactions.
The case highlights the risks associated with cryptocurrency exchanges and the misuse of technical expertise for criminal intent, as demonstrated by Ahmed's alleged scheme. According to the indictment, the charges against Shakeeb Ahmed include wire fraud and money laundering. Shakeeb Ahmed has pleaded “not guilty” to the charges against him.
TryHackMe releases report: ‘The World's Cyber Security Powerhouses’
Have you had the chance to dive into our latest report? On the 11th of July, we released our report on the world's cyber security powerhouses, exploring how cyber security differs from country to country, the magnitude of cyber crime across the world, and the critical insights of the global cyber security market.
Find out who leads the global race in cyber security - you might just be surprised!
We’re going to Black Hat USA!
TryHackMe is Heading to Las Vegas for Black Hat USA 2023. Join us at the bustling Mandalay Bay Convention Center at Booth 3019 on August 9 and 10!
Join us for live demonstrations, free prizes up for grabs, a chance to engage with our team and network with cyber security enthusiasts, professionals, and leaders, and win some free swag.
Find out more information about what to expect and why you should visit our booth.
- To speak with our sales team, book your slot here
- For individual users, set up a meeting here
- Existing business clients can arrange their meeting here
Going to DEF CON? We’ll see you there!
We’re also delighted to announce that our team will be attending this year’s DEF CON on the 11th and 12th of August, 2023, at Caesar’s Forum, Las Vegas. We’ll be sponsoring Blue Team Village and IoT Village so come by to grab some swag and say hi!
Blue Team Village (BTV) is a community built for and by defenders to support the growing cyber defender community, meanwhile, the IoT village advocates for advancing security in the Internet of Things (IoT) industry by bringing researchers and industry together.
Whether you’re attending Black Hat or DEF CON, we hope to see you in Vegas!