Kia Motors Hack, California DMV Data Breach, Morse Code Phishing Campaigns – Cybersecurity News and Trends

1. Kia Motors Suffers a Ransomware Attack, and a $20 million Ransom is Demanded

• The notorious ransomware gang, DoppelPaymer, has seized critical systems belonging to Kia Motors America. Thus, impacting business continuity within 800 dealerships; the integrity of critical data; and the company’s reputation.
• According to the attackers, to receive a decryptor and a return back to normalcy, Kia Motors is being asked to pay a ransom of 404 Bitcoins (valued at $20 million).
• Although the attackers’ original target was Hyundai Motor America, Kia’s parent company, the effects of the ransomware attack is being felt the most by Kia.

SME Comments: The DoppelPaymer ransomware gang is known for stealing unencrypted files before encrypting devices and then posting parts of the stolen data on their data leak site as an attempt to further pressure victims into paying. The stealing of unencrypted data is a widely used attack tactic by ransomware actors to coerce their victims into paying ransoms. One of the most successful ransomware gangs, Emsisoft, stated that it has affected more than 1,300 companies globally.

Learn More

2. A Supply Chain Data Breach Affects California’s DMV

• The California Department of Motor Vehicles (DMV) has reported that one of its third-party vendors, Automatic Funds Transfer Services (AFTS), suffered a security compromise that affected data transfer operations across its supply chain.
• Due to this security incident, California’s DMV decided to quickly halt all data distribution operations via the AFTS platform until further notice, as it remains uncertain whether the DMV’s data were impacted by the attacker.
• According to the State of California, the third-party vendor was given access to sensitive DMV data, including vehicle registration numbers, license plate numbers, and other personally identifiable information of Californians. However, social security numbers were not shared with the third-party vendor, therefore that specific data is not at risk.

SME Comment: The California DMV would have been in more trouble had they permitted access to more than was necessary client information to ATFS. Companies are allowed to share data as long as they check the ‘lawful basis’ of implementation. Either way, it is upon you as an organization to be mindful of how much you share and also guarantee that the third-party can protect your customers.

Learn More

3. Remote Desktop Protocol (RDP) Attacks Skyrocket By 768%

• The rise in remote work has provided hackers with greater opportunities to infiltrate corporate networks undetected, by using legitimate credentials from phishing campaigns or purchased from the dark web. In 2020, security researchers detected 29 billion attempted Remote Desktop Protocol (RDP) attacks targeting remote workers.
• This 768% growth in RDP-based attacks proved that the RDP ports in most organizations are often misconfigured, thus providing attackers with even greater access to otherwise secured networks.
• An attackers’ end goal for leveraging RDP-based vulnerabilities is to gain persistent command-and-control of a target’s infrastructure and attain elevated access into otherwise secured environments for the deployment of malicious payloads and creation of backdoors.

SME Comments: Unlike attack tactics, such as phishing, that prey on human vulnerabilities, RDP attacks are more technology-focused. RDP attackers snoop around for system vulnerabilities, such as server misconfigurations, unpatched systems, or unsecured admin credentials, to gain an initial foothold into a network. While the remote work culture is here to stay, there are best practices that organizations can take to keep RDP-based attacks at bay: using automated passwords; applying two-factor authentication; deploying security patches for operating systems and softwares, etc.

Learn More

4. A New Phishing Campaign Uses Morse Code to Hide Malicious URLs

• Phishing attacks are becoming more complex, as email gateways become better at detecting malicious emails. Security experts uncovered a new, targeted phishing campaign that uses Morse code to hide malicious URLs in an email attachment.
• This technique allows attackers to bypass secure email gateways and mail filters, leveraging Javascript to map letters and numbers to morse code. The morse code is then decoded into a hexadecimal string that is further decoded into Javascript tags that are injected into HTML pages.
• The end goal of this new attack technique is to steal legitimate credentials and trick automated security systems. Thus far, this morse code-powered phishing technique has targeted eleven global companies.

SME Comments: Although phishing attacks are one of the most successful methods of compromise, their advancement continues to push the gap between the threat actor attack sophistication and defenders’ knowledge. Security experts expect threat actors to continue to leverage malicious script injections combined with HTML attachments and communication obfuscating methods to bypass automation security controls.

Learn More

5. Hackers Try to Poison Water Supply in a Florida Town

• Hackers infiltrated the water treatment plant in Oldsmar – a small Florida city – and briefly changed the levels of lye in the drinking water. An employee noticed unusual activity on his computer, whereby his mouse was being controlled remotely.
• Although said employee initially ignored the suspicious activity, he later discovered that the level of lye chemicals had been increased from 100 parts per million to 11,100 parts per million.
• Though the hack was mitigated before it could reach the central drinking supply, this type of attack attempt on a critical infrastructure, which directly affects the lives of millions of citizens, has long been a major concern by cybersecurity experts.

SME Comments: In the U.S., there are about 54,000 water supply systems; most of which are reliant on a remote access infrastructure for administrative monitoring operations. Many of these critical facilities function via legacy operating systems and tools, which are unable to separate operational technology from safety architectures that alert on potentially harmful changes. Although the FBI is yet to attribute this attack attempt to any specific threat group, similar attack tactics were deployed by Iran’s Islamic Revolutionary Guard, against water supply plants in Israel.

Learn More