Pulsar Cyber Trends Mar 2023

The world of cyber security has seen some interesting developments in the month of March. The first topic shows that hundreds of critical infrastructure organizations were hit by ransomware attacks in 2022. Also highlighted is a new email protection system for Mozilla Firefox. Finally, pirated versions of Final Cut Pro have been found to secretly execute crypto miners on a system.

At least 860 critical infrastructure organizations faced ransomware attacks last year according to the 2022 Internet Crime Report published by the Federal Bureau of Investigation (FBI). The sectors that were most impacted by the ransomware attacks were health care and public health, critical manufacturing, government facilities, and information technology. The report shows that Lockbit, BlackCat, and Hive were the top three ransomware groups linked to targeting critical infrastructure organizations based on number of attacks. The FBI advises victims of ransomware to not pay any ransom to the cybercriminals, because they are not guaranteed to get their files recovered and it may encourage future attacks. Victims are also urged to report ransomware attacks to the Internet Crime Complaint Center (IC3), since they can provide important information to help track attackers and prevent future attacks.

Mozilla has announced a new feature for the Firefox browser called Firefox Relay, which allows users to create email aliases to help protect their real email address from spammers. The alias forwards all messages to the user’s actual email address, allowing the user to keep their privacy and anonymity while using online services. If the alias starts to receive spam or unwanted messages, then Firefox Relay makes it easy for the user to delete it and create a new alias without any impact to the primary account. Mozilla first launched this feature as a beta in August of 2020, and since then it has successfully blocked over 2.1 million spam emails. To start with, Firefox Relay will only be available to a limited number of users and websites, but Mozilla has promised to expand the feature to all users and more websites before the end of 2023.

Pirated versions of Final Cut Pro, a video editing program for MacOS, have been found to contain a payload which uses the system as a crypto miner. A user of The Pirate Bay has been found to have uploaded to the torrent sharing site multiple malicious versions of programs such as Adobe Photoshop and Logic Pro X, dating back to 2019. These programs all contain a payload which executes the XMRig utility to secretly mine crypto. Analysis from Jamf Threat Labs has found multiple generations of the code, with each new generation adding more evasion techniques. With updates to MacOS, the malicious code was able to remain undetected through clever code signing and self-termination techniques. An Apple spokesperson has since shared this malware is on their radar and they are working to mitigate its effects. Lastly adding, the official App Store is the best and safest place to get software for Mac.