Stealthy cloud crypto miner, Ukraine blocks pirate sites, and other cybersecurity developments

We round up the week’s most important cybersecurity news.

SafeBreach unveils stealthy cloud-based cryptocurrency miner

Security researchers at SafeBreach have created a fully stealthy cloud cryptocurrency miner built on Microsoft Azure Automation.

See how Security Researcher Ariel Gamrian and VP of Security Research Tomer Bar developed the first free and fully undetectable cloud-based cryptocurrency miner leveraging Microsoft Azure’s Automation Service: https://t.co/SX2HzjQq0E pic.twitter.com/QA14ona0BX

— SafeBreach (@safebreach) November 8, 2023

They discovered a pricing calculator flaw that granted unlimited access to computing resources.

An alternative method involved creating a test mining task, marking it as “Failure,” and then launching a new fictitious task. In this way the researchers achieved covert code execution in the Azure environment.

A similar result was achieved using the Azure Automation feature, which allows uploading user Python packages.

The SafeBreach team released a Proof-of-Concept named CloudMiner. However, according to Microsoft, the method may still be exploitable.

Ransomware operators targeted vulnerable Atlassian Confluence servers

Analysts at GreyNoise warned of active exploitation of a critical vulnerability in Atlassian Confluence’s space for team collaboration.

novel confluence auth bypass is happening in the wild re: CVE-2023-22518 https://t.co/3UirShUG2u pic.twitter.com/VMawNmaLSh

— Andrew Morris (@Andrew___Morris) November 5, 2023

The vulnerability allows bypassing authentication, elevating user privileges, and destroying data on vulnerable servers. According to Rapid7, operators of the Cerber ransomware have already exploited it.

The issue affects all versions of Confluence Data Center and Confluence Server.

Atlassian urged users to apply patches; if this is not possible, back up unpatched instances and block internet access to them.

Media: ICBC halts operations after cyber incident

Operational activity at ICBC, the largest bank by assets in China, was halted after a suspected ransomware attack, the Financial Times reports.

According to the report, the incident prevented the bank from settling US Treasury trades with other market participants.

Cyber expert Kevin Beaumont noted that ICBC’s Citrix server was last connected on November 6 and lacked patches for the Citrix Bleed authentication-bypass vulnerability, and was later taken offline.

The bank did not comment on the situation.

Marina Bay Sands confirms data breach affecting 665,000 customers

The famed Singapore resort Marina Bay Sands (MBS) said the data breach affected 665,000 of its customers. The incident occurred on October 20.

Attackers gained access to MBS’s loyalty program and stole customer phone numbers, email addresses, and their status in the program.

Administration at the resort said that Sands Rewards Club member information was not compromised. The investigation continues.

As of writing, no ransomware group has claimed responsibility for the attack.

Russian firms faced extortion over the threat of DDoS attacks

A hacker going by the name Medivik is extorting Russian companies to avoid conducting a DDoS attack. This was reported by the F.A.C.C.T team.

According to them, since September the attacker has carried out 19 confirmed DDoS attacks. Victims include banks, food manufacturers, and gaming sites. In one incident, the ransom was 25,000 rubles.

Additionally, the hacker is selling access to his botnet for a modest fee.

In Ukraine, 16 pirate sites blocked for movie viewing

The National Council of Ukraine on Television and Radio Broadcasting added 16 popular pirate sites for watching movies and series to the banned list due to ties to Russia.

Following monitoring, the agency found ownership structure discrepancies and a focus on the Russian audience.

The list includes:

• 24TV;
• Amediateka;
• Baskino;
• Filmix;
• HD REZKA;
• KINOGO;
• Kinokrad;
• Kinotochka;
• KinoZapas;
• Kion;
• Viju;
• GidOnline;
• Lime HD TV – Free online TV;
• Smotreshka;
• Tricolor Kino and TV online;
• Digital TV 20 channels for free.

As of writing, 22 Russian media services are blocked in Ukraine.

Lawyers warn of potential fines for Telegram over giveaways

A recently introduced feature in the Telegram messenger for running giveaways could pose a set of problems for the company. Kommersant reports.

Lawyers consulted say that giveaways fall under advertising law and thus should be labeled.

There is also a risk that distributing premium accounts could be deemed an illegal lottery, which would expose organizers to fines and bans.

Additionally, experts foresee increased fraudulent activity on the messenger.

Also on ForkLog:

• Damages from the breach of the cryptocurrency exchange Poloniex exceeded $100 million.
• Kraken converted cryptocurrency worth $2 million to reimburse fraud victims.
• The court postponed the bail ruling for the CEO of SafeMoon.
• Russian-linked hackers carried out a DDoS attack on ChatGPT.
• Former head of OneCoin compliance pleaded guilty.
• In Kazakhstan, investigations have begun into the cryptocurrency pyramid Eolus case.
• An expert suspected the theft of $2 million from the CoinSpot exchange as a result of a breach.
• In Ukraine and Georgia, authorities uncovered the scheme defrauding Bitcoin investors from the EU.
• In Kazakhstan, officials explained the blockade of Coinbase.
• A participant in the Mango Markets attack has been jailed in connection with Sam Bankman-Fried.
• Georgia handed over to the United States the organizer of the cryptocurrency-withdrawal scheme.
• Bitfinex disclosed details of the security incident.
• In Georgia, more than $810,000 was taken from the Tonwex bitcoin exchange.
• A user lost $700,000 due to a liquidity pool misconfiguration.
• Creators of the fake Ledger Live stole cryptocurrencies worth $768,000.
• An unknown actor stole assets worth $450,000 from the Monero fund.
• Aave paused some operations due to a vulnerability.

What to read this weekend?

An excerpt from Bruce Schneier, a pioneer of modern cryptography, “Hack Everything: How the Powerful Use System Vulnerabilities for Their Own Gain“.