Head Mare Hackers Target Russian Businesses with WinRAR Exploit
Taipei,Taiwan – September 4, 2024 – Cybersecurity firm Kasperskyhas revealed the activities of a hacking group known as Head Mare, which has been targeting Russian businesses and organizations. The group has been active since 2023, exploiting a known vulnerability in WinRAR (CVE-2023-38831) to gain access to their victims’ systems.
Head Mare’s tactics are similar to other hacking groups targeting Russian entities in the wake of the ongoing conflict in Ukraine. However, their use of the WinRAR vulnerability sets them apart. This allows them to effectively disguise and deliver maliciouspayloads, making their attacks more difficult to detect.
Once inside a victim’s network, Head Mare utilizes publicly available tools, including LockBit and Babuk ransomware, to encrypt files and demand ransom payments for their decryption. While theirprimary goal is disruption, the demand for ransom indicates a shift towards financial gain.
This news comes as the world continues to grapple with the escalating cyberwarfare accompanying the conflict in Ukraine. Numerous hacking groups have emerged, targeting both military and civilian infrastructure, leading to a surge in cyberattacks.
ClearviewAI Fined €30.5 Million for Unauthorized Facial Data Collection
In other cybersecurity news, the Dutch Data Protection Authority (Dutch DPA) has imposed a €30.5 million fine on American facial recognition company Clearview AI for its unauthorized use of Dutch citizens’ photos. The DPA states that ClearviewAI built a database of 30 billion facial images without user consent, creating unique biometric identifiers for each face. This database included Dutch citizens and allowed clients to identify individuals by uploading their photos. This practice violates the General Data Protection Regulation (GDPR).
Clearview AI, however, has disputed the ruling, claimingit is illegal and unenforceable. They argue that the Dutch DPA lacks jurisdiction as Clearview AI does not have clients in the Netherlands.
This ruling follows a similar fine of £7.5 million imposed by the UK Information Commissioner’s Office (ICO) in 2022. However, the ICO’s decision was overturned on appeal due to the lack of Clearview AI clients in the UK.
Vulnerabilities and Patches
Zyxel Networks has issued a security advisory regarding a critical vulnerability (CVE-2024-7261) found in several of its Wi-Fi routermodels. The vulnerability stems from improper handling of the host parameter in the router’s CGI program, allowing attackers to execute operating system commands without authentication. This vulnerability affects 29 models across multiple product lines, including NWA, WAC, WAX, WBE, and USG Lite 60AX.Zyxel has released new firmware updates to address this issue.
Meanwhile, D-Link has acknowledged four critical RCE vulnerabilities (CVE-2024-41622, CVE-2024-44340, CVE-2024-44341, and CVE-2024-44342) in its discontinued DIR-846W router. While D-Link will not be providing patches due to the router’s end-of-support status, they urge users to cease using the device.
Strengthening InternetRouting Security
The US White House’s Office of the National Cyber Director (ONCD) has released a blueprint for enhancing internet routing security, aiming to address vulnerabilities related to the Border Gateway Protocol (BGP). BGP, designed in 1989, lacks safeguards against modern cyber threats, leading to incidentslike route hijacking, route leaks, and lack of authentication.
The ONCD believes that the best approach to address BGP vulnerabilities is through Resource Public Key Infrastructure (RPKI), Registration Service Agreements (RSA), Route Origin Validation (ROV), and Route Origin Authorizations (ROA).
Conclusion
The cybersecurity landscape continues to evolve, with new threats and vulnerabilities emerging constantly. The recent attacks by Head Mare highlight the growing sophistication of hacking groups and the importance of vigilance in protecting sensitive data.
Organizations must stay informed about emerging threats, prioritize patching vulnerabilities, and implement robust cybersecurity measures to mitigate the risks posed bycyberattacks. The ongoing conflict in Ukraine has further underscored the importance of cybersecurity in a world increasingly reliant on digital infrastructure.
Views: 0