Content 

01. News Bites
  • Phishing campaign targets UK and German industries using HubSpot
  • AI and Deepfakes heighten cyber threats for UK SMBs
  • APT29 Exploits RDP Proxy Servers in MiTM Attacks
  • Meta fined £207 million for Facebook security breach
  • US considers ban on TP-Link routers over security concerns
02. Conclusion

Quick News Bites

Phishing campaign targets UK and German industries using HubSpot

A sophisticated phishing campaign has targeted automotive, chemical, and industrial manufacturing companies in Germany and the UK, exploiting HubSpot’s Free Form Builder to steal Microsoft Azure credentials.

Palo Alto Networks’ Unit 42 reports the campaign began in June 2024 and compromised approximately 20,000 accounts by September. Threat actors created at least 17 fraudulent forms on HubSpot to redirect victims to credential-stealing pages mimicking Microsoft Azure and Outlook Web App.

Victims received DocuSign-branded phishing emails with links to these deceptive HubSpot forms. Since HubSpot is a legitimate CRM tool, security systems often failed to flag these emails.

Post-compromise, attackers used VPNs to appear local and attempted password resets, creating a "tug-of-war" over account control. Although many servers involved are now offline, the campaign highlights ongoing abuse of legitimate platforms to bypass email security tools.

Stay vigilant against phishing campaigns leveraging trusted services.

AI and Deepfakes heighten cyber threats for UK SMBs

New research highlights how artificial intelligence (AI) and deepfakes are increasing cyber risks for Britain’s small and medium-sized businesses (SMBs).

The study revealed 86% of UK SMB workers are concerned about cyber breaches, yet only a third feel confident in identifying threats. Additionally, 63% believe they wouldn’t recognise a cyber security issue, and one-third are increasingly worried their mistakes could lead to an attack.

AI has made writing malicious code more accessible, contributing to a rise in cyberattacks. Ofcom data shows 34% of internet users have faced scams or phishing attacks, while 43% encountered deepfakes in early 2024.

Sharp UK’s COO Mark Williams warns that nine in ten data breaches begin with phishing and emphasises the need for robust, regularly updated cyber security training. Alarmingly, 43% of workers reported no cyber security training in the past year, leaving businesses vulnerable.

APT29 Exploits RDP Proxy Servers in MiTM Attacks

Russian hacking group APT29, also known as "Midnight Blizzard," has been identified using 193 remote desktop protocol (RDP) proxy servers to conduct man-in-the-middle (MiTM) attacks, according to Trend Micro. These attacks target government bodies, military organisations, IT service providers, and more across the US, Europe, and Australia.

The group uses the PyRDP tool to intercept RDP sessions, allowing them to steal credentials, extract data, and execute malicious commands. Victims are tricked into connecting to rogue RDP servers via phishing emails containing malicious file attachments.

Once connected, attackers gain access to local resources, including disks, networks, and clipboards, and can browse file systems, modify files, and deploy payloads.

APT29 obscures its activities using VPNs, TOR nodes, and residential proxies. Experts recommend connecting only to trusted RDP servers and avoiding RDP links received via email to defend against such campaigns. Stay alert and practice good cyber hygiene.

Meta fined £207 million for Facebook security breach

Meta has been fined £207 million (€251 million) by the Irish Data Protection Commission (DPC) for a 2018 Facebook breach that exposed the personal data of 29 million users, including three million in Europe.

Attackers exploited a vulnerability in Facebook’s "View As" feature, compromising users' names, contact details, locations, and other sensitive information, including their children’s personal data.

The breach was promptly resolved by Meta, which notified affected users and the DPC. However, the DPC criticised Meta for failing to embed robust data protection measures during the platform's design phase, calling it a significant risk to individuals' rights and freedoms.

This fine adds to nearly €3 billion in penalties Meta has faced under GDPR, including a record €1.2 billion fine in 2023. Meta plans to appeal, stating it took swift action to address the breach. The case underscores the importance of stringent data security practices.

US considers ban on TP-Link routers over security concerns

US authorities are investigating a potential ban on TP-Link routers due to fears they could be exploited in Chinese cyberattacks. Holding 65% of the US home and small business router market, TP-Link faces scrutiny from the Departments of Commerce, Defense, and Justice.

The investigation follows lawmakers' claims that Chinese laws compel companies to support state intelligence and military operations, alongside reports of cyberattacks exploiting TP-Link devices. In October 2024, Microsoft linked a Chinese hacking group to attacks leveraging TP-Link routers targeting Western governments and defence organisations.

US officials may prohibit TP-Link sales as early as next year, citing security vulnerabilities and possible violations of pricing laws. TP-Link insists its practices align with industry standards and pledges cooperation with US authorities.

If enacted, the ban could reshape the US router market, reflecting escalating tensions between the US and China in technology and cyber security.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.