Weekly Email Security News Recap #2 [August 2022]

It takes as little as $25 to create customized hacking tools for compromising systems. Threat actors around the world are adapting newer and fool-proof methods, making email security a bigger concern. 

Welcome to August’s second email security breach news recap. From an invitation to hack Starlink satellites and a CISCO breach to blockchain bridges having massive troubles and the Twilio hack, this week’s cybersecurity news stories competed to feature in our recap.

We chose two of them. Read more below.


North Korean Hackers Use Clever Tools to Attack Gmail Users

Researchers have found a ‘never-before-seen’ malware used by North Korean hackers to secretly read and download emails and attachments. They’re infecting Gmail and AOL accounts by fooling users into installing a browser extension in Chrome and Edge browsers. 

The email services aren’t able to trace the extension, and since the browser has already passed multi-factor authentication tests, it’s failing to prevent the account compromise. 

The extension isn’t openly available on any sources like Google Chrome’s Web Store or Microsoft’s add-on page, making it challenging for the Gmail team to combat it. 

As per Volexity, the malware, dubbed SHARPEXT by researchers, has been in use for years and was created by a hacking group named SharpTongue. It’s allegedly sponsored by the North Korean government and overlaps with another hacking group named Kimsuky. 

SHARPEXT has US, Europe, and South Korea-based organizations under its radar, deemed “risky” to South Korea’s national security. 

According to researchers, the malware is installed using spear phishing and social engineering techniques where targets are manipulated into opening and downloading malicious attachments. 

It’s more dangerous than conventional malware as it gets installed without users’ consent and knowledge. Although it’s currently infecting Windows users, Steven Adair, CEO and founder of Volexity, warned of SHARPEXT possibly attacking macOS and Linux users as well. 

The cybercriminals behind this operation have been careful about how Chrome’s security system prevents cyberattacks by making changes to sensitive user settings. So, every time there’s a change, the browser takes a cryptographic hash of the code for verification. If they don’t match, it requests restoration of previously chosen settings.


Hackers Exploit Twitter’s Vulnerability to Steal Information by Exploiting 5 Million Accounts 

A Twitter vulnerability allowed bad actors to steal account names and email addresses of over 5 million Twitter accounts, including celebrities, companies, and anonymous people. Officials stated there’s nothing that users can do from their end to stop or undo this. However, turning on multi-factor authentication can be a preventive step. 

At the start of this year, Twitter became aware of a zero-day vulnerability where a users’ email addresses and phone numbers could be linked to their Twitter accounts.

In July 2022, Twitter found that over 5.4 million accounts were sold on a hacker form for $30,000. Officials claimed to directly inform owners of the compromised accounts.


Final Thoughts

This week’s email security breach news supports the fact that the cyberworld isn’t safe. You should always be careful while using the internet, as anyone can become a victim of cybercrime. 

We will be coming with more email security news next week. Until then, browse safely!

SPF Record Syntax: Structure and Components

SPF Record Syntax: Structure and Components

Understanding what SPF is and bringing it into use is important for technology-driven businesses...

Read More
What is a DKIM Record?

What is a DKIM Record?

What is a DKIM record? That's a question we see everywhere these days. Emails...

Read More
What is an SPF Record?

What is an SPF Record?

What if you realize a threat actor is misusing your domain name to send...

Read More