Cybercrime , Fraud Management & Cybercrime

Breach Roundup: Israel Hit by Evolving BiBi Malware Surge

Also, Clorox CISO Steps Down Amid Cyberattack Fallout
Breach Roundup: Israel Hit by Evolving BiBi Malware Surge
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, BiBi malware hit Israeli computers, the Clorox CISO stepped down, the FCC proposed a school cybersecurity program, U.K. ICO issued a Black Friday warning, a pro-Palestine APT group unleashed a cyberespionage campaign, the FBI dismantled the IPStorm botnet and VMware disclosed a flaw.

Israel Hit by Surge of Evolving BiBi Malware

Israel faces a surge in data-wiping attacks after hackers adapted the BiBi malware family to target both Linux and Windows systems. The attacks prompted the government's Cyber Emergency Response Team to issue identifiers for detection. The malware, linked by researchers at Palo Alto to an Iranian-backed APT group called Agonizing Serpens, erases data without encryption or ransom demands. Pro-Hamas hacktivists deploy the BiBi wiper, and the latest variant, "BiBi-Linux," was discovered by Security Joes and Eset researchers. The malware overwrites files, renames them randomly and deletes shadow copies for data recovery.

See Also: How to Build Your Cyber Recovery Playbook

Clorox CISO Steps Down Amid Cyberattack Fallout

Clorox Chief Information Security Officer Amy Bogac exited the company following a major cyberattack in August that disrupted order fulfillment for over a month, reported Bloomberg.

The attack led to a significant drop in revenue.

FCC Proposes Cybersecurity Program for Schools

The U.S. Federal Communications Commission proposed a Schools and Libraries Cybersecurity Pilot Program aimed at learning which cybersecurity and advanced firewall services have the greatest impact in protecting the networks of K-12 schools and public libraries.

American schools are typically understaffed and underfunded when it comes to cybersecurity, and they have experienced a ramp-up in ransomware attacks with consequences that include temporary closures (see: White House Pushes Cybersecurity Defense for K-12 Schools).

"We want to learn from this effort, identify how to get the balance right and provide our federal, state and local government partners with actionable data about the most effective and coordinated way to address this growing problem," said FCC Chairwoman Jessica Rosenworcel. She said a $200 million pilot program over three years would also defray the costs of deploying cybersecurity tools.

UK ICO Issues Black Friday Warning on Smart Devices

The U.K. Information Commissioner’s Office cautioned shoppers ahead of Black Friday to scrutinize sellers' privacy and security features. Tips include checking privacy policies and app store permissions. Consumer rights group Which? echoed the warning, advising buyers to research products, avoid security flaws, and control device data access. The ICO aims to provide clearer guidance in the coming year.

Pro-Palestine APT Group Unleashes Cyberespionage Campaign

A group associated with Palestinian intelligence objectives and tracked as TA402 by Proofpoint conducted a targeted cyberespionage campaign against Middle Eastern governments using a novel downloader called IronWind from July to October. Proofpoint said the group employed a complex infection chain, shifting from Dropbox links to actor-controlled infrastructure for command-and-control communication. Phishing emails sent from a compromised Palestine Ministry of Foreign Affairs account targeted government agencies with economic-themed social engineering purportedly about the Gulf Cooperation Council.

The group varied its tactics varied, using a Dropbox link in July, an attached XLL file in August and a RAR file in October. Despite the conflict in the Gaza Strip, TA402 maintains operational continuity.

FBI Dismantles IPStorm Botnet

The U.S. Department of Justice revealed that the FBI has dismantled the IPStorm botnet proxy service. IPStorm facilitated cybercriminals in anonymously directing malicious traffic through compromised Windows, Linux, Mac and Android devices globally.

Justice also said Russian and Moldovan national Sergei Makinin pleaded guilty to computer fraud charges and faces a potential 10-year prison term for controlling the botnet and selling access to infected computers from June 2019 to December 2022. Makinin promoted bot proxies on and, advertising that he possessed more than 23,000 "highly anonymous" proxies from all over the world.

Makinin confessed to earning $550,000 from selling proxy services and agreed to forfeit cryptocurrency proceeds.

VMware Cloud Director Flaw Exposes Authentication Bypass

VMware disclosed a severe authentication bypass vulnerability in Cloud Director appliances, affecting versions upgraded to version 0.5 from older releases. Unauthenticated attackers can exploit this flaw remotely on ports 22 - secure shell protocol - and 5480 - appliance management console - without user interaction. The bug doesn't affect fresh installs, Linux deployments or other appliances. While VMware lacks a patch, a temporary workaround exists that involves downloading a script.

About the Author

Anviksha More

Anviksha More

Senior Subeditor, ISMG Global News Desk

More has seven years of experience in journalism, writing and editing. She previously worked with Janes Defense and the Bangalore Mirror.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.