Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
Top 5 News Stories
NCA Takes Down the “World’s Most Prolific” DDoS-for-hire-service
DigitalStress, a DDoS-for-hire service, was taken down on July 2 in a joint operation led by the UK’s National Crime Agency (NCA) and the Police Service of Northern Ireland.
Top 3 takeaways:
💬 The suspected owner, known as Skiop, was arrested after NCA agents infiltrated the communication services used to plan attacks.
⚡ DDoS attacks can significantly harm businesses and critical infrastructure, often disrupting essential public services.
👮 This takedown is part of Operation PowerOFF, an ongoing effort since 2018 to dismantle DDoS-as-a-service platforms.
Hamster Kombat Players Targeted by Malware
Threat actors are exploiting the popularity of the Hamster Kombat game to distribute spyware and information-stealing malware through fake Android and Windows software.
Top 6 takeaways:
🌍 The game has gained significant traction among cryptocurrency enthusiasts, with claims of 150 million active users and plans to launch a new crypto coin token.
😈 Cybercriminals are exploiting the game’s popularity by distributing malware through unofficial Telegram channels, fake app stores, GitHub repositories, and fake websites mimicking the game.
🎮 Even the genuine game, only available on Telegram, hasn’t been scrutinized for security, and clone apps on Google Play are reported to scam users.
📱 Android users are targeted by spyware disguised as the game, which can steal notifications, send SMS messages, and hide its actions.
💻 Windows users face threats from GitHub repositories offering fake automation tools that contain Lumma Stealer malware.
🛡️ All users are advised to download the game only from its official Telegram channel and be wary of any copycat apps or websites.
CrowdStrike Victims Targeted With Fake Recovery Manual Containing Malware
Cybercriminals are distributing a fake recovery manual to exploit the recent CrowdStrike Falcon update issue.
Top 4 takeaways:
✉️ The fake manual is being spread through phishing emails disguised as a Microsoft recovery manual.
🪲 The fake manual is a Word document with macros that download Daolpu information-stealing malware. The macro retrieves a DLL, decodes it using certutil, and executes it to run Daolpu.
⚡ Daolpu kills Chrome processes, collects credentials from Chrome and Mozilla browsers, and sends the data to a command-and-control server.
🛡️ CrowdStrike has issued a warning and provided detection rules and indicators of compromise to help mitigate the threat.
Telegram Vulnerability Allows Hackers to Send Malicious Android APKs as Videos
A zero-day vulnerability in Telegram for Android, named “EvilVideo,” allows attackers to send malicious APK payloads disguised as video files.
Top 4 takeaways:
💸 The exploit was sold on a hacking forum, affecting Telegram versions v10.14.4 and older. It requires multiple steps for successful execution, reducing the risk of attack.
🪲 The malicious payload appears as a 30-second video, which, when opened, prompts users to install a disguised malicious app.
📅 Telegram patched the vulnerability in version 10.14.5 on July 11, 2024, after being informed by ESET researchers.
🛡️ Users are advised to scan their devices for malicious files if they receive suspicious video files via Telegram.
Network of 3,000+ GitHub Accounts Used to Distribute Malware
Over 3,000 fake GitHub accounts are used by the ‘Stargazer Goblin’ group to distribute information-stealing malware through a service called Stargazers Ghost Network.
Top 5 takeaways:
⚡ The operation uses GitHub repositories and compromised WordPress sites to distribute password-protected malware archives, often targeting specific interests like cryptocurrency and gaming.
🌐 The network uses distinct roles for accounts to maintain operations even when some accounts are banned, ensuring continuous malware distribution.
🥸 The network uses multiple GitHub accounts to star, fork, and subscribe to repositories, making them appear legitimate. This method has evolved from traditional email-based malware distribution.
😈 The Stargazer Goblin group behind this network has earned approximately $100,000 through their operations.
🛡️ Users are advised to be cautious with file downloads from GitHub and to scan password-protected archives using virtual machines or services like VirusTotal.
Top Tips of the Week
Threat Intelligence
- Implement threat intelligence metrics. Track the effectiveness of your intelligence efforts and adjust strategies accordingly.
- Test threat intelligence in tabletop exercises. Simulate scenarios to enhance readiness and identify areas for improvement.
- Foster a threat intelligence sharing culture. Encourage information exchange within your organization and with external partners.
- Incorporate CTI into risk management strategies. Identify and prioritize potential risks based on real-time threat intelligence.
Threat Hunting
- Create a cyber threat hunting roadmap. Define strategies for integrating and optimizing cyber threat hunting processes.
Custom Tooling
- Use modular design principles in custom tool development. Modular components enhance maintainability and scalability.
- Create custom tools with extensibility in mind. Design solutions that can easily adapt to future changes and evolving requirements.
Feature Article
MISP (Malware Information Sharing Platform and Threat Sharing) is an open-source threat intelligence platform that allows you to share, collate, analyze, and distribute threat intelligence.
Today, you will learn how to install and set up MISP. You will discover the various installation methods available, which is best, and how to configure your MISP instance to begin ingesting threat intelligence. Let’s get started building our MISP instance!
Learning Resources
Maximize Your Productivity While Avoiding Burnout
Productivity is king if you want to climb the corporate ladder, improve your skillset, or start a side hustle. However, maximizing productivity often leads to burnout.
Check out how this content creator mastered both with simple time management techniques that led them to optimize their workflow and achieve $20,000 per month as a ghostwriter.
The 10 Things You Need to Start Creating Video Content
I recommend that everyone create some form of content along the cyber journey to learn their craft better and improve their communication skills.
This could be a blog, newsletter, or YouTube channel. If you choose the latter, here are the ten things you need to get started creating quality content and start creating today!
100+ Linux Commands That Might Save You
Linux is a most-learn technology for anyone in cyber security. This video provides an in-depth overview of Linux, covering its history, core concepts, and essential commands. It explains the significance of Linux in the cyber world and offers practical tips for using the operating system effectively.
Give it a watch and get started learning Linux today!
Learn to Make Time for What Matters
The first step to time management is realizing you don’t have time for everything. Step two is finding a way to prioritize the things you want time for.
This video provides strategies for managing time effectively while working a full-time job. It emphasizes prioritizing meaningful activities and creating a balanced schedule through time analysis and categorization with techniques like your dream list and ideal work week.
Personal Notes
🤔 This week has been quiet at Kraven as we continue creating our Learning MISP YouTube series. Our current focus is on improving our video creation and editing skills so you get the most out of the content we produce. I’m keeping my fingers crossed that we get there by the end of the series.
In personal news, my family and I welcomed our first child into this world with a healthy and (relatively) happy birth. Childbirth is truly a miraculous experience and completely worth the lack of sleep and time; just don’t ask me that question at 3 am). Hopefully, your weekend will be a little more relaxing than mine!
