Round Up of Major Breaches and Scams
US law enforcement and government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the FBI, and the US Cyber Command, have issued a joint technical alert concerning an ongoing campaign by the North Korean government to rob banks through an ATM cash-out scheme. The campaign, dubbed “FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks,” is an international operation to initiate fraudulent international money orders and ATM cash-outs.
Two accused scammers have arrived in the U.S. from Ghana to face charges that they were involved in separate conspiracies to defraud American victims out of millions of dollars. Deborah Mensah, a 33-year-old Ghanian national, stands accused of stealing more than $10 million through business email compromise (BEC) fraud, in which she allegedly targeted businesses and elderly individuals as part of an international scam.
Dark Web sites frequently experience downtime. This is due to various reasons such as law enforcement agencies cracking in on them or attackers trying to bring down sites with large scale DDoS attacks. One such site that we recently reported on was Empire Market, the largest dark web marketplace which went offline on August 23. Reports alleged that Empire had been the subject of a Distributed Denial of Service (DDoS) attack which resulted in it going offline.
Developer error caused the leak of 150,000 to 200,000 patient health records stored in productivity apps from Microsoft and Google that were recently found on GitHub. Dutch researcher Jelle Ursem discovered nine separate files of highly sensitive personal health information (PHI) from apps such as Office 365 and Google G Suite from nine separate health organizations. He had difficulty reaching the companies whose data had been leaked and so eventually reported the breach to DataBreaches.net.
Round Up of Major Malware and Ransomware Incidents
Transparent Tribe, an advanced persistent threat (APT) group that has been active since at least 2013, has begun deploying a new mobile malware tool in its cyber espionage campaigns. Researchers from Kaspersky this week reported observing the group actively targeting Android users in India with spyware disguised as a couple of popular apps. Once installed on a system, the malware has been observed downloading new apps and accessing SMS messages, call logs, and the device’s microphone.
For the past weeks, a criminal gang has launched DDoS attacks against some of the world’s biggest financial service providers and demanded Bitcoin payments as extortion fees to stop their attacks. Just this week, the group has attacked money transfer service MoneyGram, YesBank India, PayPal, Braintree, and Venmo, a source involved in the DDoS mitigation field has told ZDNet. The New Zealand stock exchange (NZX), which halted trading for the third day in a row today, is also one of the group’s victims.
Social media research group Graphika said today it identified a Twitter botnet of around 3,000 bots that pushed pro-Chinese political spam, echoing official messaging released through state propaganda accounts. Graphika said it was able to identify the botnet due to a quirk shared by the vast majority of bot accounts, most of which used quotes from Bram Stoker’s Dracula book for the profile description and the first two tweets.
US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. The man was arrested on August 22 and appeared in court on August 24. Kriuchkov offered $1 million to the unfaithful employee of the US company. Kriuchkov conspired with other criminals to recruit the employee of an unnamed company in Nevada. Kriuchkov entered the United States on July 28 using his Russian passport and a tourist visa.
Cyberspace has seen an unprecedented rise in modified versions of peer-to peer, also known as (P2P) threats, it might have appeared that these P2P services have been vanishing, but in reality, they have emerged even stronger in newer ways. BitTorrent and eMule are still known to be in use by attackers. A peer-to-peer (P2P) network is an IT infrastructure in which two or more computers have agreed to share resources such as storage, bandwidth and processing power with one another.
A ransomware named SunCrypt has joined the ‘Maze cartel,’ and with their membership, we get insight into how these groups are working together. In June, we broke the story that the Maze threat actors created a cartel of ransomware operations to share information and techniques to help each other extort their victims. When first started, this cartel included Maze and LockBit, but soon expanded to include Ragnar Locker.
A family of Android apps is using the lure of free items to distribute a novel ad fraud botnet. Victims of the scam are told that they will receive a complimentary gift when they download an app from the Google Play Store. However, the only thing received by victims is an infection of malware that silently loads ads in the background on their smart device. The ad fraud operation, discovered by White Ops’ Satori Threat Intelligence & Research team, which named it TERRACOTTA, started in late 2019.
Unsophisticated Iranian hackers are attacking company networks with ransomware, a cybersecurity firm said. The attackers have been using Dharma ransomware “and a mix of publicly available tools” to target companies in Russia, Japan, China and India, cybersecurity firm Group-IB said earlier this week.
Round Up of Major Vulnerabilities and Patches
Windows 10 May 2020 Update, otherwise known as version 2004, was released in May with at least ten known issues. Microsoft later expanded the list of the problems and acknowledged that this feature update is also plagued with a bug that breaks Drive Optimize tool. After upgrading to Windows 10 version 2004, users observed that Optimize Drives (also known as defragmentation tool) is not correctly recording the last time a drive has been optimized.
Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco’s NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant’s Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.
Experts have identified a flaw that allows criminals to steal money from accounts of clients of banks through the Faster Payments System (FPS), which is often opposed to the idea of a crypto-ruble. The experts found out that when the function of transfers via the FPS in the mobile bank was activated, one of the credit institutions was left vulnerable. Fraudsters were able to take advantage of this error and get customer account data.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates.