7TH SEP 2023
Imagine you have a secret diary. To keep it safe, you use not one but many locks to open it. The use of multiple locks to get access is what cybersecurity specialists call multi-factor authentication.
Because hey, passwords get discovered all the time, with 8.4 billion leaked passwords in September 2023.
Why should this development concern everyone? You see, threat actors can use these leaked passwords to launch password spraying attacks against online accounts, and brute-forcing their way into your digital lifestyle. This is all the more worrying when you consider that:
Let us walk back to the secret diary we mentioned. This treasure trove of secrets requires four locks. And not just any lock but different kinds of locks at that.
The first lock is your regular password (something you know), like a secret word.
The second lock is like a special card (something you have), like a library card.
The third lock is like a picture of your face (something you are), where the diary only opens if it recognizes your face.
The fourth lock only works if you are present at the treehouse where the diary resides (location).
So, multi-factor authentication (MFA) is like using these multiple locks for your online accounts to make sure only you can get in. It's super safe because even if someone knows your password, they still can't get in without your special card and your face.
The best part? MFA has stopped 99.9% of account compromising attempts, proving to be the best defence against credential stuffing, brute-force attacks and password spraying. They are not completely phishing-resistant but can block most intrusion attempts by unauthorized entities.
The DarkGate malware is back in the news again. This sophisticated malware distributes itself through compromised Microsoft Teams accounts.
First discovered in 2017, the group behind DarkGate has resurfaced, releasing an enhanced version of the original malware variant, which spread through malvertising and email phishing campaigns.
Researchers believe that new DarkGate activity is linked to the developer’s attempt to expand their affiliate network. Sources say the malware developer intends to push it as a ransomware-as-a-service offering for $100,000 annually.
Infection occurs when targets open an emailed ZIP file that purportedly includes an ‘updated staff vacation schedule for their organization.” A disguised PDF document in the email redirects victims to a malicious shortcut link inside the ZIP file. Clicking on the link could result in DarkGate infecting the target's system.
On September 11, 2023, the ALPHV ransomware group took over MGM Resorts, locking out the doors, reservation system, even the slot machines.
Sources reveal that several major hotels in Las Vegas were hit by the social engineering attack targeting the multi-billion dollar hospitality conglomerate.
ALPHV, the threat actor behind the MGM Resorts attack, reportedly searched for an MGM employee on LinkedIn and called their help desk. They got crucial information in a 10-minute call which enabled them to break into the resort's systems.
Security researchers have issued a "critical severity" alarm over a malicious Microsoft Word document that packs multiple malware strains as part of a clever phishing campaign. If opened, the Word document infects the target computer with RedLine Clipper, Agent Tesla and OriginBotnet malware strains.
Senior Virus Analyst Cara Lin of FortiGuard Labs posted a detailed breakdown of how the ‘maldoc’ works.
The malware contains a fishy URL that, once clicked, could install the multiple payloads on a victim’s system. The three strains accomplish three separate things - keylogging, cryptocurrency theft via clipboard monitoring, and credential harvesting.
Targets of this maldoc include leading web browsers, crypto wallets, email clients such as Outlook, and some VPN services.
