Possible signs of a cyberattack began as early as mid December with the launch of a campaign against several extensions to the Google Chrome browser as said by Reuters. It was designed to pilfer browser cookies and seize session authentications, according to Cyberhaven, which was among the victims: the malware was devised “to target certain social media advertising and AI services.”
A computer system cyber attack functions as a malicious effort to destroy, impair or break into unauthorized control of computers networks and digital devices. Hackers execute these cyber attacks in order to obtain sensitive data and break security while interrupting operations.
Types of Cyber Attacks:
A computer system cyber attack functions as a malicious effort to destroy, impair or break into unauthorized control of computers networks and digital devices. Hackers execute these cyber attacks in order to obtain sensitive data and break security while interrupting operations.
The crime of Phishing depends on deceiving users through fake messages to steal their identity information.
Systems become infected by three types of malware including viruses and ransomware and spyware that results in data theft or corruption.
The network-crushing DDoS (Distributed Denial-of-Service) cyber attack delivers too much traffic to a website which makes it stop working.
During a Man-in-the-Middle attack hackers position themselves between two parties to intercept their communication thus enabling the theft of data.
SQL Injection attacks happen when hackers upload damaging code to databases so they can obtain confidential information.
The unlawful use of software vulnerabilities which have yet to receive patches becomes a Zero-Day Exploit.
Table of Contents
Details of the Cyber Attack
By the help of information gathered from Cyberhaven which believes that the attack was likely to have come from a phishing email. Based on a technical review, the firm found out that most of the hackers went for Facebook Ads accounts. However, security researcher Jaime Blasco pointed out that the cyber attack might not have specifically targeted Cyberhaven, but formed part of an ongoing campaign. Blasco tweeted on X (formerly Twitter), describing that he found the same malware in other add-ons like VPN and Artificial Intelligence.
Some of the most at-risk extensions which may be used to execute the cyberattack are Internxt VPN, VPNCity, Uvoice, and ParrotTalks according to Bleeping Computer. These commonly used tools improve efficiency and extend the impact of the cyberattack.
Cyberhaven’s Incident Timeline
Cyberhaven confirmed that hackers pushed a compromised update (version 24.10.4) of its data loss prevention Chrome extension on Christmas Eve at 8:32 PM ET. This update included the malicious code, which remained active until December 25th at 9:50 PM ET.
The company detected the breach on December 25th at 6:54 PM ET and was able to eliminate the malicious code in less than an hour. By the time that the code was neutralized, the clean version of the extension (24.10.5) had already been delivered to users.
Impact and Recommendations
Cyberhaven has urged organizations that use its tools—or any potentially compromised extensions—to take precautionary steps, including:
- Log Analysis: Referral records of activity for various data such as access and modification from different users.
- Password Management: Remove or change authentications which do not use FIDO2 reoccurring Passwordless authentication.
- Prompt Updates: This may pose additional risks that should be dealt with delt with by ensuring that all relating extensions are switched to its clean version.
Communication and Response
Before going public, Cyberhaven emailed its customers to let them know about the situation, as well as the consequences. The company also explained its actions in the social network and stressed that users can always contact the security team at any time.
“We learned that our team recently determined there was a cyberattack on Christmas Eve using Cyberhaven’s Chrome extension’. Here's our post about the incident and the steps we're taking: [link] We have security personnel on stand-by for the affected customers any time of the day.” - Cyberhaven on X at December 27, 2024.
This incident highlights the current spates of phishing campaigns and how the security in the browser extensions is least secure. It also raises awareness about serious security and protection, FIDO2 multifactor authentication and constant updates for software.
