Youtube

Keyboards, 3am, TikTok, LummaC2, Cityworks, Honeypots, Fancy Bear, Aaran Leyland… – SWN #479

Youtube
Keyboards, 3am, TikTok, LummaC2, Cityworks, Honeypots, Fancy Bear, Aaran Leyland… – SWN #479

This episode of Security Weekly covers recent advances in cyber threats, including sophisticated targeted attacks at 3:00 a.m., the evolution of ransomware tactics, and the rise of AI-driven exploits like prompt injection vulnerabilities in GitLab. It also discusses takedown efforts against Lumac C2 malware infrastructure, nation-state activities targeting city systems, and the risks posed by unprotected industrial control systems and AI tools. #Lumac #FancyBear

Keypoints :

  • Cyber attackers are deploying highly targeted social engineering attacks around 3:00 a.m., using email bombings, spoofed calls, and remote access tools to steal network credentials.
  • Malware like Lumac 2, an info stealer, was taken down by a joint operation between Microsoft and the US Department of Justice, highlighting ongoing efforts to disrupt malicious C2 infrastructure.
  • Threat actors such as Fancy Bear (AP28) are increasing attacks on Western logistics and tech companies, especially those supporting Ukraine, using spear phishing and exploits against Microsoft Exchange.
  • Industrial control systems (ICS) connected to the internet are often honeypots or intentionally misleading systems, with nearly 25% identified as honeypots by researchers, emphasizing the need for better isolation and protection.
  • Recent vulnerabilities in City Works systems exploited by Chinese threat actors demonstrate the risks that small public entities face from nation-state cyber espionage and backdoor deployment.
  • AI development tools like GitLab’s AI assistant have been found vulnerable to prompt injection attacks, which can lead to code exfiltration and internal data leaks, necessitating strict security controls.
  • Organizations are advised to treat AI tools as full team members with limited permissions, rigorous monitoring, and security policies, to leverage their benefits while managing associated insider threats and data risks.