Security News This Week: US Energy Firm Targeted With Malicious QR Codes in Mass Phishing Attack
At the Defcon security conference in Las Vegas last weekend, thousands of hackers competed in a red-team challenge to find flaws in generative AI chat platforms and help better secure these emerging systems. Meanwhile, researchers presented findings across the conference, including new discoveries about strategies to bypass a recent addition to Apple’s macOS that is supposed to flag potentially malicious software on your computer.
Kids are facing a massive online scam campaign that targets them with fake offers and promotions related to the popular video games Fortnite and Roblox. And the racket all traces back to one rogue digital marketing company. The social media platform X, formerly Twitter, has been filing lawsuits and pursuing a strategic legal offensive to oppose researchers who study hate speech and online harassment using data from the social network.
On Thursday, an innovation agency within the US Department of Health and Human Services announced plans to fund research into digital defenses for health care infrastructure. The goal is to rapidly develop new tools that can protect US medical systems against ransomware attacks and other threats.
But wait, there’s more! Each week, we round up the stories we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
A large phishing campaign that’s been active since May has been targeting an array of companies with malicious QR codes in attempts to steal Microsoft account credentials. Notably, researchers from the security firm Cofense observed the attacks against “a major Energy company based in the US.” The campaign also targeted organizations in other industries, including finance, insurance, manufacturing, and tech. Malicious QR codes were used in nearly a third of the emails reviewed by researchers. QR codes have disadvantages in phishing, since victims need to be compelled to scan them for the attack to progress. But they make it more difficult for victims to evaluate the trustworthiness of the URL they’re clicking on, and it’s more likely that emails containing a QR code will reach their target, because it’s more difficult for spam filters to assess QR images included in an attachment like a PDF.
It’s common practice for attackers—both criminal actors and state-backed hackers—to scam or otherwise lure victims from a starting point of mainstream services like email, photo sharing, or social media. Now, research from the security firm Recorded Future attempts to categorize the types of malware most often distributed from these various jumping-off points, and which strategies are most common. The goal was to give defenders deeper insight into the services they need to prioritize securing. The review found that cloud platforms are the most used by attackers, but communication platforms like messaging apps, email, and social media are also widely abused. Pastebin, Google Drive, and Dropbox were all popular among attackers, as are Telegram and Discord.
In response to the “Downfall” Intel processor vulnerability disclosed by Google researchers last week, organizations have been releasing tailored fixes for the flaw. The bug could be exploited by an attacker to grab sensitive information like login credentials or encryption keys. Amazon Web Services, Google Cloud, Microsoft Azure, Cisco, Dell, Lenovo, VMWare, Linux distributions, and many others have all released guidance on responding to the vulnerability. Prior to public disclosure, Intel spent a year developing fixes to distribute across the industry and coordinating to encourage widespread patch release from individual vendors.
