CyberWeekly 09' Nov | Issue #11
Interpol's crackdown on cybercrime, Google Cloud MFA requirement, Germany's protection for researchers, Snowflake hacking arrests, Cisco vulnerability fixes.
TL;DR: INTERPOL's Operation Synergia II led to over 40 arrests and the seizure of 22,000 malicious IPs in a global crackdown on cybercrime. Google Cloud will mandate multi-factor authentication (MFA) by the end of 2025, aiming to enhance security amid rising cyber threats. In Germany, proposed legal amendments seek to protect ethical hackers from prosecution while clarifying the distinction between legitimate research and criminal activity. Canadian authorities arrested Alexander Moucka, linked to extensive data breaches involving Snowflake, highlighting ongoing cybersecurity challenges. Cisco released critical updates to address command injection vulnerabilities in its Unified Industrial Wireless Software, urging users to update promptly to mitigate risks.
Interpol Global Crackdown on Phishing, Ransomware, and Info Stealers Nets 40+ Arrests
An INTERPOL operation involving law enforcement agencies and private sector partners across multiple countries has resulted in over 40 arrests and the disruption of dozens of servers allegedly used for criminal activities. Operation Synergia II targeted operations involved in phishing, ransomware, and information stealers. More than 22,000 suspicious IP addresses were taken down, and nearly 60 servers were seized.
This operation exemplifies international cooperation; over 95 INTERPOL member countries participated alongside partners like Group-IB, Trend Micro, Kaspersky, and Tem Cymru. While replacement services will likely emerge following these takedowns, we must remain vigilant. I am confident that INTERPOL and others will continue these operations, which help eliminate any perception that cyberattacks are consequence-free.
Well done to all involved in this operation! It is encouraging to see so many arrests for alleged participation in cybercrime and even more reassuring to witness the significant amount of servers and data seized. This should provide a treasure trove of intelligence that law enforcement can leverage in future investigations.
Google Cloud Will Require MFA by the End of Next Year
Google Cloud plans to establish mandatory multi-factor authentication (MFA) by the end of 2025. Starting this month, Google Cloud will encourage the 30% of users who have not yet adopted MFA to do so. In early 2025, Google Cloud will begin requiring MFA for all new and existing users who sign in with a password. By the end of 2025, the expectation is to extend the MFA requirement to all users federating authentication into Google Cloud, offering flexible options for MFA adoption.
This is a welcome move by Google; mandatory MFA should be considered table stakes for any cloud service provider. The time for passwords as the single method of authentication has come to an end. Kudos to Google and other tech companies for ‘forcing’ the transition to multi-factor authentication, as this will make credential harvesting much more difficult for adversaries. Google has been a leader in promoting strong authentication solutions that minimize inconvenience while enhancing security. However, while the end date set for late 2025 seems inconsistent with the urgency of the situation, it may be proportionate to the size of the effort required for implementation.
I may sound like a broken record, but MFA needs to be ubiquitous. Google is taking a three-phase approach with notifications and reminders, and organizations don't have to wait to implement MFA. Given the publicity surrounding this initiative, we can assume attackers will work to exploit remaining password-only accounts. Google’s integration with existing MFA in identity providers means there is no reason not to succeed here.
German Legislators Propose Amendment to Protect Researchers Who Look for Vulnerabilities
Germany’s Federal Ministry of Justice is proposing an amendment to computer criminal law aimed at clearly distinguishing between acceptable actions in IT security research and punishable behavior. The bill seeks to eliminate existing legal uncertainties while increasing penalties for serious offenses that endanger or impair critical infrastructure.
The categorization of common tools as criminal creates a perception challenge that necessitates a legal definition allowing their use. The rise of living-off-the-land attacks shows that it is the activities—rather than tools—that need categorization; this distinction puts ethical hackers at risk. As noted by cybersecurity experts, having a “get-out-of-jail memo” (permission) before conducting any testing should now include checking local laws/regulations to avoid conflicts with less progressive jurisdictions.
This legal gray area has persisted for years across national cybersecurity crime statutes. By creating clear use cases for ethical hackers and cybersecurity researchers, we can strengthen efforts to identify vulnerabilities in vendor products. Let’s hope this amendment passes through the German legislature and inspires similar actions in other countries.
Canada Arrests Hacker Suspected in Snowflake Breaches and Extortions
On October 30, 2024, Canadian authorities arrested Alexander Moucka, also known as Connor Riley Moucka, who is accused of extorting companies after stealing hundreds of millions of customer records from Snowflake cloud data storage accounts. The 26-year-old was taken into custody under a provisional US arrest warrant and appeared in court on November 5 as part of extradition proceedings. Mandiant has been tracking threat cluster UNC5537, which has compromised and sold Snowflake-stored data since April 2024.
Moucka allegedly breached accounts using credentials previously stolen during infostealer attacks; notably, these accounts were not protected by MFA. Among the 165 compromised accounts were those belonging to major companies like Live Nation Entertainment (Ticketmaster), Advanced Auto Parts, Lending Tree, Neiman Marcus, Santander Bank, State Farm, and AT&T—who reportedly paid $370,000 for deletion of stolen phone records.
Moucka has been identified as one of the most consequential threat actors of 2024 by Mandiant, highlighting the risks associated with using off-the-shelf tools for attacks. His extradition raises complex jurisdictional issues regarding where he will be prosecuted for his crimes.
Cisco Releases Updates to Fix Critical Command Injection Vulnerability in Unified Industrial Wireless Software
On November 6, Cisco released updates addressing a critical command injection vulnerability in the web-based management interface of their Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This vulnerability could allow attackers to execute arbitrary commands with root privileges on vulnerable systems due to improper input validation.
Users running Cisco Unified Industrial Wireless Software Release version 17.15 are urged to update to version 17.15.1, while those on versions 17.14 or earlier should migrate to a fixed release immediately. Additionally, Cisco released updates addressing over a dozen other vulnerabilities across their products.
Updating your Cisco devices is crucial; ensure that none of your management interfaces are exposed during this process. Comprehensive input validation must become a survival skill—testing every input thoroughly is essential regardless of how unlikely it may seem that someone would supply bogus data.
Liked this post or want to chat about cybersecurity? Have suggestions? Reach out to the
Sponsored
https://guidedhacking.com/threads/how-to-learn-game-hacking.17525/
Learning game hacking is definitely not an easy task. The learning path for game hacking will often get steep, and you might not even know where or how to start, which is one of the main reasons why the majority of people fail to learn it. The main purpose of this article is to guide you through the game hacking curve so you know where you are standing at or what you should focus on now.
Without the community partners, hacklido wouldn't be where it is now, So we would like to thank them.
If you wish to Sponsor / Partner with hacklido and get benefitted? Reach out to us via email@hacklido.com / discord / telegram group / Author’s LinkedIn to discuss with us!