Recently Ubisoft, Rockstar,2K gamesWhen many game companies have been attacked by the internet, the main purpose of hackers is not to steal player account information or block unlisted game development data for profit. games are relatively rare. Blizzard Entertainment’s new game “Double Attack 2” was recently officially launched. As the server was attacked by DDoS, players have complained about the inability to access the game.
Hackers use YouTube channels to distribute malicious programs. Many of them used to target players trying to crack the game, but there are now country specific attacks, some in the name of allowing Chinese users to access the Dark Web. Tor Browser distribution with malware.
It can be said that recent attacks on developers are quite frequent – most hackers start targeting the packages they use, but if the target of the attack is the package manager, the impact is likely to be more serious. Researchers exposed the PHP Suite Manager vulnerability they discovered, noting that once exploited, attackers could use it to plant malware.
【Attack and Threat】
Game “Battle Strike 2” just launched by video game company Blizzard Entertainment found that players were unable to log in because the company’s servers were hit by a DDoS attack
The new game from video game company Blizzard Entertainment “Overwatch 2” officially launched on October 4, but it was reported that players faced long waits when logging in. Company CEO Mike Ybarra said the reason was a massive DDoS attack on their servers, which resulted in many connection drops or instability, and the company team was working on it.
And this incident is not the first time the company has been hit by a DDoS attack on new games, for example “World of Warcraft Classic”, which launched in late August 2019,A DDoS attack on US servers was reported on September 8while many players experience disconnection and severe lag.
Information security company Kaspersky revealed the OnionPoison attack. Hackers have targeted users in China. Since January 9 of this year, they have been distributing Tor browsers with malware through Chinese YouTube channels. Once users click on the URL provided by the hackers, they will download a 74MB executable Once installed, the armed library freebl3.dll will be implanted on the computer.These hackers attempt to collect the victim’s browsing history, accounts of the social network, wireless Internet SSID and other information to extract the victim’s true identity. Researchers began detecting computer infections in March of this year.
But why do hackers use this method to launch attacks? The reason is likely that the Tor browser website is blocked in China and Chinese users need to access it via other channels.
US government warns defense agencies targeted by hackers, stealing secrets through CovalentStealer malware
The US Cybersecurity and Infrastructure Security Agency (CISA) warned on October 4 that state-sponsored hackers, using CovalentStealer malware and the January 2021 Impacket penetration testing tool, will attempt to hack into the country’s defense industrial base, stealing sensitive information.
Attackers are suspected to have invaded the Exchange server through the ProxyLogon vulnerability, then searched for the contents of the mailboxes. After more than a month, they used Shell for reconnaissance. The network environment of the victim organization establishes persistence and lateral movement. Hackers use Impacket to achieve their goals and ultimately pass the stolen data to the OneDrive file sharing service via CovalentStealer.
【Vulnerabilities and patches】
The main flaw of Packagist, component of the PHP suite manager, could be used for supply chain attacks
SonarSource, an information security company, pointed out that in April of this year they discovered that Packagist, the main component of the dependency manager of the PHP Composer suite, has a major vulnerability CVE-2022-24828, with a score of CVSS risk of 8.8. attackers exploit this vulnerability, they will. It has full control over Packagist, which in turn affects dependent suites acquired from the development environment and distributes malware to the victim’s computer.
The researchers pointed out that because it is common for PHP developers to use Composer to manage their suites, the vulnerability is likely to be widespread, estimating that at least one million suite update requests could be hijacked. The development team has released versions 1.10.26, 2.2.12 and 2.3.5 for Composer to be fixed after reporting.
Claroty, an information security company, found a total of 11 vulnerabilities in the CPY parking management server system and UWP 3.0 monitoring gateway owned by the Italian manufacturer of industrial automation systems Carlo Gavazzi, of which 6 are rated CVSS risk of 9.8. These vulnerabilities include inactive write passwords, lack of authentication, directory traversal vulnerabilities, and SQL injection vulnerabilities, which can allow attackers to take full control of the target system. Carlo Gavazzi released patched versions of UWP 3.0 and CPY in April and June of this year.
【More information security news】