Ransomware groups continue to target organizations across multiple industries. Meanwhile, government entities are urged to be vigilant of data-stealing malware, law enforcement continues to punch back against cybercrime groups, and more. Get up to speed in this week's Friday Five.
SOCIALLY SAVVY SCATTERED SPIDER TRAPS CLOUD ADMINS IN WEB BY ELIZABETH MONTALBANO
The ransomware group Scattered Spider has been using advanced social engineering techniques, including SMS and voice phishing (smishing and vishing), to target financial and insurance companies. The group impersonates employees and uses fake login portals to gain access to application management and identity access policy platforms and bypass MFA, aiming to steal high-level permissions to cloud-based environments for ransomware delivery. Furthermore, they are also said to be exploiting legitimate cloud-based services by closely mimicking single sign-on (SSO) portals, delivered via advanced social engineering attacks, to "remotely execute commands, transfer data, and maintain persistence while avoiding detection," according to a recent analysis. Researchers emphasize stronger cloud security and monitoring to mitigate risks from phishing attacks.
CHINESE HACKERS USE NEW DATA THEFT MALWARE IN GOVT ATTACKS BY BILL TOULAS
Mustang Panda, a China-based cyber-espionage group, has shifted to new tactics and malware, specifically FDMTP and PTSOCKET, to breach networks and steal data. The group is spreading malware via removable drives, using a variant of the HIUPAN worm to deliver the PUBLOAD stager, which establishes persistence and conducts reconnaissance, along with a secondary control tool dubbed PTSOCKET. Mustang Panda is evolving its strategies to carry out highly targeted, time-sensitive cyber operations to target government and non-government organizations, mainly in Asia-Pacific, using spear-phishing and sophisticated tools to exfiltrate sensitive files.
RANSOMWARE ATTACKS ARE DRIVING UP COSTS TO MILLIONS OF DOLLARS FOR SCHOOLS AND EDUCATIONAL INSTITUTIONS BY NAVEEN GOUD
Educational institutions are facing a growing threat from ransomware attacks, with notable spikes in IT costs and vulnerability. A recent report highlights that 44% of schools in 14 states have faced ransom demands over $5 million, with some paying as much as $6.6 million. Moreover, despite attack frequency slightly decreasing in 2024, recovery times have worsened due to disruptions in backup systems. The report attributes these attacks to network vulnerabilities and phishing schemes, warning that AI-driven ransomware could escalate risks. Institutions are urged to strengthen cybersecurity measures, invest in resources, and hire specialized talent to safeguard against future attacks.
SINGAPORE POLICE ARREST SIX HACKERS LINKED TO GLOBAL CYBERCRIME SYNDICATE BY RAVIE LAKSHMANAN
The Singapore Police Force arrested five Chinese nationals and one Singaporean man for involvement in a global cybercrime syndicate following a raid this past Monday, September 9, 2024. The suspects, aged 32 to 42, were found with laptops, hacking tools, malware control software, personal data from foreign internet providers, and substantial amounts of cash and cryptocurrency. They are accused of unauthorized access to computer systems and retaining personal information and malicious software. The Singaporean man allegedly aided the group, whose members now face charges under the Computer Misuse Act.
RUSSIAN, KAZAKHSTANI MEN LIVING IN MIAMI INDICTED OVER CYBERCRIME TRAINING SERVICE BY AJ VICENS
Two men, Alex Khodyrev and Pavel Kublitskii, were indicted for their roles as administrators of WWH Club, a Russian-language cybercrime forum that facilitates illegal activities. WWH Club, active since 2014, has grown to over 350,000 users, though this figure may be inflated by anonymous accounts. The FBI infiltrated the forum in 2020, purchasing stolen data and attending cybercrime training. Khodyrev and Kublitskii, who reportedly did not have legitimate employment, were arrested in Miami after applying for asylum in 2022. Despite the arrests, however, the forum continues to operate, with accounts linked to the men deleted to maintain trust.
