In 2022, we saw many new technologies and methods in the tech industry and in the never-ending battle between hackers and cybersecurity experts. Sometimes, these new technologies can result in unexpected outcomes, or discovering mind-blowing methods seems like a scene from science fiction movies. Our lists include a music video becoming a vulnerability with a CVE, very unusual services being hacked by hackers, an AI bot turning into a hacker’s assistant, and many more.
LockBit is a victim of a DDoS attack coming from its victim
Each year, ransomware groups are attacks thousands of organizations to extort money. But this time, the perpetrator became the victim. LockBit, a notorious ransomware gang, managed to breach Entrust, which is a payment, identity, and data protection service provider in late July. The gang demanded $8 million for the decryption key, which is then reduced to $6.8 million. We don’t know the exact conversation between the two sides but it seems like Entrust declined to pay the ransom and as a result, the gang started leaking the data on their Tor website on the 19th of August. Then, something unusual happened. The gang’s website suffered a DDoS attack. It seems like Entrust is the actor behind the attack they made their message very clear in a rude way. Although they were the victim of a ransomware attack, it is unusual to see a legitimate company launch a DDoS attack targeting a hacker group.
Feces delivery service hacked
There is an online service to meet everyone’s needs. If you want to send feces to someone else, there is a service for that too. ShitExpress, a web service that allows customers to send a box of feces of their choice with a message anonymously, was hacked in 2022. According to a forum post published by pompompurin, a notorious hacker known for stealing data from companies, he found a vulnerability in the website while he was sending feces to a cybersecurity researcher, Vinny Troia and decided to exploit it. The hacker managed to download the entire database from the website, including customer messages, email addresses, and other customer order data. Pompompurin shared a small sample data set from the stolen database, which revealed very angry and creative messages sent by customers.
Pen-tester breaks into a data center using “piss corridor”
Pen-testers are playing an important role in the cybersecurity field, helping organizations find the weak points in their system. Although many people think that Pen-testers’ primary focus is software, the security of the building is also very important. A penetration tester, Andrew Tierney shared an unusual anecdote he experienced. When Tierney examined the floor plans of the building, he noticed a corridor running along the back of the toilets, which he refers to as the “piss corridor”. After accessing the insecure side, Tierney enters the toilet and in the accessible cubicle found a door to the corridor. Tierney states that he could easily open it and walked along the corridor. When he reached the toilets on the secure side of the facility, he leaves the corridor after being sure that there is no one in the toilet. This enabled him to bypass cylinder mantrap gates.
Ransomware accidentally becomes a wiper
Nowadays, it is very easy for internet users to find hacking tools, making it easier for them to attack their targets. But in the hands of a wannabe hacker, it can turn into a complete disaster. In November, Fortinet discovered an unusual case, which uses an open-source ransomware toolkit, named Cryptonite. An inexperienced hacker tried to modify the ransomware tool but accidentally turned it into a wiper. The malware encrypts files, as usual, but doesn’t display the window allowing the victim to start the decryption process with the decryption key. Researchers noticed that the ransomware generates the key, but it is never used again in the code and it is not sent to the operator. Thus, the attacker completely rules out the opportunity to extort money from the organization and there is nothing the organization can do to get the files back.
Researchers pinpoint a new cyber-attack technique using SATA cables
Every once in a while, we see a science fiction movie that includes a ridiculous hacking scene where a hacker uses a genius or a ridiculous method. But researchers at Ben-Gurion University have discovered a new cyber-attack technique that is similar to the ones in those movies, which is hard to believe. The technique, named SATAn, uses SATA cables as wireless antennas to transfer radio signals at the 6 GHz frequency band. Researchers stated that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band even though the air-gap computers don’t have wireless connectivity. The research states that the design of the transmitter and receiver and present the implementation of these components allows researchers to demonstrate the attack on different computers.
New GoodWill ransomware demands donations for the poor
Ransomware gangs are the bad guys of the internet that are trying to extort millions of dollars from organizations for themselves. But there is an unusual ransomware group not only trying to steal the data of organizations but also the hearts of millions. The Indian cybersecurity company CloudSEK discovered the ransomware group that encrypts the data on the target systems’ storage devices with the AES algorithm. But instead of extorting money for themselves, it displays a ransom note that gives the task of providing new clothes and blankets to homeless people and taking a video while doing it. The group then asks the organizations to share that video on Facebook, Instagram, and WhatsApp stories by using the photo frame provided by the group. When the organization completes all tasks, the Robin Hood of the ransomware world claims to provide the decryption key. Unfortunately, (or fortunately) currently there is no victim of GoodWill ransomware and their techniques remain unknown.
Russian attackers target Eurovision 2022
This year, we also witnessed a horrible event. Russia’s invasion of Ukraine was one of the worst things that happened in 2022 and it was the first hybrid war with the involvement of hackers attacking both sides. While Russian hackers targeting Ukraine’s important facilities and government organizations, Western countries are helping Ukraine to defend its digital infrastructure. In May, the war between the two countries spread to Eurovision Song Contest. While Ukraine won the song competition with huge support from public votes, Russia was banned from the competition. The Italian police, where the contest was staged, announced that hacker groups targeted the contest’s first semi-final and the grand final on Saturday. Italian police stated that their cybersecurity division blocked the incoming DDoS attacks. Eurovision organizers also stated that they have noticed irregular voting patterns in six countries, including Azerbaijan, Romania, and Georgia. Scores from those countries were replaced with a substitute aggregated result.
ChatGPT can be used to create a full infection flow
ChatGPT became one of the highlights of 2022. Shortly after its release, millions of internet users spammed questions to the popular chatbot to better understand how the AI works. Meanwhile, Check Point Research tried something else and the result was terrifying, especially for cybersecurity professionals. The researchers showed that ChatGPT can be used to create hacking tools, helping less-skilled threat actors effortlessly launch cyber-attacks. To demonstrate, the team used ChatGPT and OpenAI’s Codex, an AI-based system that translates natural language into code. The team tried to create a single execution flow, a phishing email with a malicious Excel file weaponized with macros that downloads a reverse shell. The team managed to create a full infection flow without writing a single line of code and let the AIs do the work.
Janet Jackson’s music video gets a CVE
Did you know that a music video can get a CVE? We didn’t either. Janet Jackson’s Rhythm Nation music video from 1989 has a CVE now. The music video, tracked as CVE-2022-38392, was capable of crashing certain models of laptops. Playing the music video on a laptop can also cause another laptop nearby to crash. It was discovered by Raymond Chen, who claims that one of his colleagues shared the story from Windows XP product support. Chen stated that playing the music video on one laptop caused a laptop sitting nearby to crash, even though that other laptop wasn’t playing the video. In its CVE page, it is described as: “Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video.”
Hackers using TikTok challenge to spread malware
Despite all the allegations, TikTok was one of the most popular social media platforms in 2022 too. As expected, it is not only attracting teenager who wants to be influencers. In 2022, TikTok became an important tool for hackers to spread malware. The new popular TikTok challenge, named Invisible Challenge, removes the naked body parts from the video and replaces them with a blurry background. Users participating in the challenge are recording videos naked, and the filter obscures their bodies. Hackers are posting fake videos on TikTok that claims that there is a solution, which reverses the invisible body filter and exposes the nude videos of TikTok users. As you can guess, it is a malware called WASP Stealer that is capable of stealing Discord accounts, passwords, and credit cards stored on browsers, cryptocurrency wallets, and files. Hackers are sharing Discord links to spread the malware. One of those Discord servers has more than 32,000 members. When a new user joins these servers, a bot sends a link to the user. The link leads to a GitHub repository, which hosts the malware.