Categories
APT BEC Botnet Breach Bug Cyber Security Data leak DDoS Espionage Hacking Malware Maze Ransomware Scam Spam Spyware Vulnerability

FASTCash 2.0 campaign, ongoing bank-theft by BeagleBoyz, Empire Markets scam steals $30m BTC, and more

Major cybersecurity events on 27th August 2020 (Morning Post): GitHub developer errors cause leak of 150,000 to 200,000 patient health records stored in Microsoft, Google apps. 3000 bots on Twitter that propagated pro-Chinese political spam taken down.

Round Up of Major Breaches and Scams

US Warns of Ongoing BeagleBoyz Bank-Theft Operations

US law enforcement and government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the FBI, and the US Cyber Command, have issued a joint technical alert concerning an ongoing campaign by the North Korean government to rob banks through an ATM cash-out scheme. The campaign, dubbed “FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks,” is an international operation to initiate fraudulent international money orders and ATM cash-outs.

Two accused email scammers brought to US to face fraud-related charges

Two accused scammers have arrived in the U.S. from Ghana to face charges that they were involved in separate conspiracies to defraud American victims out of millions of dollars. Deborah Mensah, a 33-year-old Ghanian national, stands accused of stealing more than $10 million through business email compromise (BEC) fraud, in which she allegedly targeted businesses and elderly individuals as part of an international scam.

Empire market exit scam- Admins allegedly steal $30 million worth of BTC

Dark Web sites frequently experience downtime. This is due to various reasons such as law enforcement agencies cracking in on them or attackers trying to bring down sites with large scale DDoS attacks. One such site that we recently reported on was Empire Market, the largest dark web marketplace which went offline on August 23. Reports alleged that Empire had been the subject of a Distributed Denial of Service (DDoS) attack which resulted in it going offline.

Medical Data Leaked on GitHub Due to Developer Errors

Developer error caused the leak of 150,000 to 200,000 patient health records stored in productivity apps from Microsoft and Google that were recently found on GitHub. Dutch researcher Jelle Ursem discovered nine separate files of highly sensitive personal health information (PHI) from apps such as Office 365 and Google G Suite from nine separate health organizations. He had difficulty reaching the companies whose data had been leaked and so eventually reported the breach to DataBreaches.net.

Round Up of Major Malware and Ransomware Incidents

‘Transparent Tribe’ APT Group Deploys New Android Spyware for Cyber Espionage

Transparent Tribe, an advanced persistent threat (APT) group that has been active since at least 2013, has begun deploying a new mobile malware tool in its cyber espionage campaigns. Researchers from Kaspersky this week reported observing the group actively targeting Android users in India with spyware disguised as a couple of popular apps. Once installed on a system, the malware has been observed downloading new apps and accessing SMS messages, call logs, and the device’s microphone.

DDoS extortionists target NZX, Moneygram, Braintree, and other financial services

For the past weeks, a criminal gang has launched DDoS attacks against some of the world’s biggest financial service providers and demanded Bitcoin payments as extortion fees to stop their attacks. Just this week, the group has attacked money transfer service MoneyGram, YesBank India, PayPal, Braintree, and Venmo, a source involved in the DDoS mitigation field has told ZDNet. The New Zealand stock exchange (NZX), which halted trading for the third day in a row today, is also one of the group’s victims.

Twitter takes down ‘Dracula’ botnet pushing pro-Chinese propaganda

Social media research group Graphika said today it identified a Twitter botnet of around 3,000 bots that pushed pro-Chinese political spam, echoing official messaging released through state propaganda accounts. Graphika said it was able to identify the botnet due to a quirk shared by the vast majority of bot accounts, most of which used quotes from Bram Stoker’s Dracula book for the profile description and the first two tweets.

FBI arrested a Russian national for recruiting employee of US firm to plant malware

US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. The man was arrested on August 22 and appeared in court on August 24. Kriuchkov offered $1 million to the unfaithful employee of the US company. Kriuchkov conspired with other criminals to recruit the employee of an unnamed company in Nevada. Kriuchkov entered the United States on July 28 using his Russian passport and a tourist visa.

Over 500 SSH Servers being Breached by FritzFrog P2P Botnet

Cyberspace has seen an unprecedented rise in modified versions of peer-to peer, also known as (P2P) threats, it might have appeared that these P2P services have been vanishing, but in reality, they have emerged even stronger in newer ways. BitTorrent and eMule are still known to be in use by attackers. A peer-to-peer (P2P) network is an IT infrastructure in which two or more computers have agreed to share resources such as storage, bandwidth and processing power with one another.

SunCrypt Ransomware sheds light on the Maze ransomware cartel

A ransomware named SunCrypt has joined the ‘Maze cartel,’ and with their membership, we get insight into how these groups are working together. In June, we broke the story that the Maze threat actors created a cartel of ransomware operations to share information and techniques to help each other extort their victims. When first started, this cartel included Maze and LockBit, but soon expanded to include Ragnar Locker.

Giveaway Scam Infects 65,000 Devices with Malware

A family of Android apps is using the lure of free items to distribute a novel ad fraud botnet. Victims of the scam are told that they will receive a complimentary gift when they download an app from the Google Play Store. However, the only thing received by victims is an infection of malware that silently loads ads in the background on their smart device. The ad fraud operation, discovered by White Ops’ Satori Threat Intelligence & Research team, which named it TERRACOTTA, started in late 2019.

Unsophisticated Iranian hackers armed with ransomware are targeting companies worldwide

Unsophisticated Iranian hackers are attacking company networks with ransomware, a cybersecurity firm said. The attackers have been using Dharma ransomware “and a mix of publicly available tools” to target companies in Russia, Japan, China and India, cybersecurity firm Group-IB said earlier this week.

Round Up of Major Vulnerabilities and Patches

Microsoft tests fix for bug that defrags SSD drives too often

Windows 10 May 2020 Update, otherwise known as version 2004, was released in May with at least ten known issues. Microsoft later expanded the list of the problems and acknowledged that this feature update is also plagued with a bug that breaks Drive Optimize tool. After upgrading to Windows 10 version 2004, users observed that Optimize Drives (also known as defragmentation tool) is not correctly recording the last time a drive has been optimized.

Cisco Patches ‘High-Severity’ Bugs Impacting Switches, Fibre Storage

Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco’s NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant’s Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

Experts identified flaw that allows criminals to steal money using Faster Payments System (FPS)

Experts have identified a flaw that allows criminals to steal money from accounts of clients of banks through the Faster Payments System (FPS),  which is often opposed to the idea of a crypto-ruble. The experts found out that when the function of transfers via the FPS in the mobile bank was activated, one of the credit institutions was left vulnerable. Fraudsters were able to take advantage of this error and get customer account data.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates.