01-Oct-24: In Security News Today

DOJ Charges 3 Iranian Hackers In Political ‘Hack & Leak’ Campaign

The U.S. Department of Justice has charged three Iranian hackers affiliated with the Islamic Revolutionary Guard Corps (IRGC) for conducting a politically motivated “hack-and-leak” operation targeting U.S. presidential campaigns. The attackers infiltrated accounts of U.S. government officials and political figures, stealing sensitive information which was later weaponized to disrupt election integrity. Their tactics included spear-phishing and social engineering, with the U.S. offering up to $10 million for information on election interference tied to foreign actors.

Elaborate Deepfake Operation Takes a Meeting With Us Senator

Senator Ben Cardin was targeted by cybercriminals using deepfake technology, where attackers impersonated a Ukrainian official during a Zoom meeting to elicit sensitive political information. The operation was thwarted when the attackers asked out-of-character questions, prompting Cardin’s office to end the call and report the incident. This case highlights the growing threat of deepfakes, which pose significant risks to national security, businesses, and individuals, with experts stressing the need for heightened awareness, education, and robust verification processes.

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets With Image Recognition

Rhadamanthys, an AI-powered information stealer, has introduced new capabilities that use optical character recognition (OCR) to extract cryptocurrency wallet seed phrases from images, significantly increasing its threat level to cryptocurrency users. The malware, marketed under a malware-as-a-service (MaaS) model, also harvests credentials, system information, and browser data, with the latest version incorporating enhanced stability, AI-powered graphics recognition, and evasion techniques. Alongside other stealers like Lumma, it has been involved in large-scale phishing campaigns targeting tech-savvy victims, emphasizing the rapidly evolving and sophisticated nature of modern cybercrime.

Evil Corp Hit With New Sanctions, Bitpaymer Ransomware Charges

Evil Corp, a notorious cybercrime syndicate, has been hit with additional sanctions by the US, UK, and Australia, targeting seven individuals and two entities linked to its operations. The US also indicted Aleksandr Ryzhenkov, a member of the group, for conducting ransomware attacks using BitPaymer and LockBit ransomware, demanding ransoms to decrypt victim data. These sanctions reinforce restrictions on financial transactions with Evil Corp, making it illegal for organizations to pay ransom demands without prior approval, as the group continues to evolve its tactics to evade detection and sanctions.

Ransomware Attack Forces UMC to Divert Emergency Patients

The University Medical Center (UMC) in Lubbock, Texas, faced a ransomware attack that severely disrupted its IT systems, forcing the diversion of emergency patients and disabling critical services like phone systems and patient portals. Although some services have been restored, UMC continues to divert select patients, and the full extent of the incident, including potential data breaches, is still under investigation. This attack highlights the increasing threat ransomware poses to healthcare institutions, stressing the need for proactive, intelligence-driven security measures to protect critical infrastructure.

Four Lockbit Ransom Gang Arrests, Servers Seized By Europol

Europol has arrested four individuals linked to the LockBit ransomware group, including a developer, affiliates, and a Bulletproof hosting administrator, as part of the third phase of Operation Cronos. In addition to the arrests, nine critical servers used by LockBit were seized, dealing another blow to the ransomware group’s infrastructure. Despite these efforts, LockBit remains one of the most evasive and dominant ransomware threats, accounting for 47% of publicized ransomware attacks in the last year, and continuing to operate using a Ransomware-as-a-Service model.

UAE, Saudi Arabia Become Plum Cyberattack Targets

The UAE and Saudi Arabia have become prime targets for cyberattacks, with a 70% increase in DDoS attacks driven by hacktivist groups, particularly focused on public sector entities. A report from Positive Technologies highlights that stolen data and illicit access are highly sought on Dark Web forums, with 54% of posts relating to selling or buying access, often involving government agencies. The growing attack surface and geopolitical tensions make the region a hotspot for both nation-state and hacktivist cyber campaigns, signaling a need for stronger cybersecurity defenses.

Ten Million Brits Hit By Fraud In Just Three Years

A recent study sponsored by Santander UK revealed that 10 million Brits were victims of fraud between 2021 and 2023, with the direct economic loss reaching £9bn and broader productivity costs pushing the total to £16bn. The study emphasizes that combating fraud requires a coordinated international response, as fraudsters operate across borders, affecting both developed and developing countries. Recommendations include the UK taking a global leadership role in enhancing law enforcement, promoting cross-border cooperation, and pushing for private sector accountability in fraud prevention efforts.

Cyberattackers Use HR Targets To Lay More_Eggs Backdoor

The FIN6 group has shifted its spear-phishing tactics, now targeting recruiters by posing as job applicants, spreading the more_eggs backdoor malware, which can deploy secondary payloads. Researchers from Trend Micro discovered that the campaign leverages fake resumes, malicious .zip files, and convincing applicant websites to deceive recruiters into executing the malware. Organizations are advised to bolster their cybersecurity measures, especially through advanced threat detection systems and fostering cybersecurity awareness to combat these evolving, social engineering-based attacks.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.