The biggest cyber attacks and vulnerabilities from December 2024
Insights and trends from recent cyber threats and vulnerabilities from December.
Arjun Pednekar
6th January 2024
In December, we witnessed a new cyber security threat spreading through fake game sites, Chrome extensions compromised in a supply chain attack, and a dangerous denial-of-service (DoS) vulnerability affecting Windows LDAP, among other developments.
1. Malware disguised as game beta tests targets users
A new cyber security threat is spreading through fake game sites, where unsuspecting victims are tricked into downloading malware disguised as a beta testing opportunity. The scam typically begins with a message on platforms like Discord, where users are asked if they would like to test a game. If they agree, they are given a link to download a seemingly harmless installer, which installs an information-stealing Trojan instead. These malware variants, such as the Nova Stealer, Ageo Stealer, and Hexon Stealer, steal sensitive information like browser cookies, passwords, and cryptocurrency details. The ultimate goal of the scam is financial gain, with criminals using stolen credentials to expand their networks of compromised accounts, including Discord. To avoid falling victim to this scam, users are advised to be cautious with unsolicited messages, verify the authenticity of links, and use reliable anti-malware solutions.
2. DoubleClickjacking exploit targets OAuth and One-Click Account Edits
In a similar vein, DoubleClickjacking, a novel form of clickjacking, builds on the technique of deceiving users into clicking on concealed or disguised buttons. This variation exploits the timing gap between the mouse down and on-click events during a double-click action. According to security researcher Paulos Yibelo, this vulnerability could lead to account takeovers on websites that use OAuth and enable one-click account modifications. This type of exploit highlights the sophisticated and evolving nature of cyber attacks, which are becoming increasingly difficult to detect and mitigate.
3. Bad Likert Judge method targets large language model security
Continuing the theme of novel attack techniques, a method for jailbreaking large language models (LLMs) was recently published by Unit 42 from Palo Alto. This attack, dubbed “Bad Likert Judge“, involves manipulating the evaluation capabilities of an LLM by having it score the harmfulness of generated responses on a Likert scale. The model is then prompted to create responses based on different score levels, with the most harmful content typically receiving the highest score. This multi-turn attack, bypassing LLM safety measures, has improved attack success rates by over 60%. The development of such techniques demonstrates the increasing complexity of attacks and the need for robust security measures to protect AI systems.
4. Windows LDAP vulnerability
Another concern is that a proof-of-concept (PoC) exploit code has been published for CVE-2024-49113, a dangerous denial-of-service (DoS) vulnerability affecting Windows LDAP. The issue, which Microsoft patched in December 2024, could crash unpatched Windows Server systems, particularly Domain Controllers connected to the internet. The attack exploits an integer overflow in the wldap32.dll library. It manipulates DNS and LDAP requests to crash the Local Security Authority Subsystem Service (LSASS) process. While this DoS bug is concerning, it could also be used to trigger remote code execution (RCE) with minor adjustments. Administrators are urged to apply patches promptly to prevent potential attacks. This vulnerability serves as a reminder of the ongoing need for vigilance in patch management, especially regarding critical infrastructure components.
5. Microsoft patches severe vulnerabilities in Dynamics 365 and Power Apps Web API
Similarly, Microsoft has patched three severe security vulnerabilities in Dynamics 365 and Power Apps Web API that could lead to data exposure. Stratus Security discovered two flaws tied to the OData Web API Filter, allowing unauthorised access to sensitive contact data like phone numbers and password hashes. The third vulnerability involves the FetchXML API, enabling attackers to bypass access controls. These flaws could allow attackers to retrieve password hashes and emails, which could be cracked or sold. Microsoft urged organisations to apply patches promptly to prevent the exploitation of these vulnerabilities. As organisations face challenges securing sensitive data, timely updates and comprehensive security measures remain paramount.
6. Chrome extensions compromised in supply chain attack targeting Facebook users
In a related security breach, several Chrome extensions were compromised in a supply chain attack, with malicious versions of the Cyberhaven extension uploaded to the Chrome Web Store. This attack occurred after a Cyberhaven employee fell victim to a phishing scam, granting unauthorised access to the developer account. The compromised extension, available from December 25-26, targeted Facebook advertising users, collecting sensitive data like access tokens and business account details. The malicious extension also bypassed security measures like captchas and 2FA. Other extensions, including Internxt VPN and VPNCity, were also affected in the same attack. The malicious versions were quickly removed, but users with auto-update enabled were affected. This incident underscores the importance of securing developer accounts and ensuring that third-party tools undergo thorough scrutiny.
7. Cisco confirms authenticity of data leaked in IntelBroker attack
8. Rising threats to critical infrastructure and telecom security
As experts reflect on the lessons learned in 2024, they have pointed to several key takeaways, including the increasing sophistication of cyber threats. Zero-day exploits, particularly those driven by nation-state actors like China, and collaborations between nation-states and cybercrime rings were significant concerns in 2024. Proactive patch management and defence strategies are critical to mitigating these risks. Additionally, ransomware attacks disrupted supply chains and businesses, emphasising the need for improved business continuity planning and segmentation tools to minimise disruptions.
Critical infrastructure, such as water and power systems, also became a growing target in 2024, highlighting the need for robust cyber security strategies and collaboration between IT and operational technology teams. Attacks on water systems in the U.S. and the increasing vulnerability of essential services to cyber threats exemplified this. Similarly, telecom security risks came to the forefront when the cyber-espionage group Salt Typhoon infiltrated telecom networks, compromising sensitive data. Experts are urging businesses and individuals to adopt encrypted messaging platforms to secure communications from intrusions.
9. UK SMEs lack cybersecurity preparedness, with many untrained and uninsured
Turning to the UK, a survey by Markel Direct revealed a concerning lack of cyber security preparedness among small and medium enterprises (SMEs), with 69% lacking a formal cyber security policy. Furthermore, many SMEs do not provide adequate employee training, with 43% admitting they do not educate staff on cyber security best practices. Despite this, 72% of SMEs use antivirus software, 49% have email filtering, and 47% have firewalls. However, more comprehensive measures like data backups and multi-factor authentication are less common.
The survey also revealed that many SMEs are ill-prepared for cyber attacks, with 49% unsure how to respond during a breach. Additionally, 53% lack cyber insurance, leaving them vulnerable to financial losses. Remote work security is another concern, with only 52% of SMEs using VPNs and 48% providing training on secure remote work practices. Cyber security concerns among SMEs are growing, with 62% worried about the increasing sophistication of cyber threats, followed by fears of securing remote work environments and ransomware. The lack of resources and staffing to defend against cyber threats remains a significant barrier for SME IT teams, with 49% reporting such constraints.
Stay secure, stay informed, and most importantly, stay engaged. Your active participation in the cyber security community is crucial for our collective safety. Why not talk to us about your cyber security requirements?