Friday Five: Data-Stealing Malware, Ransomware Groups Casting a Wide Net, & More

SOCIALLY SAVVY SCATTERED SPIDER TRAPS CLOUD ADMINS IN WEB BY ELIZABETH MONTALBANO

The ransomware group Scattered Spider has been using advanced social engineering techniques, including SMS and voice phishing (smishing and vishing), to target financial and insurance companies. The group impersonates employees and uses fake login portals to gain access to application management and identity access policy platforms and bypass MFA, aiming to steal high-level permissions to cloud-based environments for ransomware delivery. Furthermore, they are also said to be exploiting legitimate cloud-based services by closely mimicking single sign-on (SSO) portals, delivered via advanced social engineering attacks, to "remotely execute commands, transfer data, and maintain persistence while avoiding detection," according to a recent analysis. Researchers emphasize stronger cloud security and monitoring to mitigate risks from phishing attacks.

Read more

CHINESE HACKERS USE NEW DATA THEFT MALWARE IN GOVT ATTACKS BY BILL TOULAS

Mustang Panda, a China-based cyber-espionage group, has shifted to new tactics and malware, specifically FDMTP and PTSOCKET, to breach networks and steal data. The group is spreading malware via removable drives, using a variant of the HIUPAN worm to deliver the PUBLOAD stager, which establishes persistence and conducts reconnaissance, along with a secondary control tool dubbed PTSOCKET. Mustang Panda is evolving its strategies to carry out highly targeted, time-sensitive cyber operations to target government and non-government organizations, mainly in Asia-Pacific, using spear-phishing and sophisticated tools to exfiltrate sensitive files.

Read more

RANSOMWARE ATTACKS ARE DRIVING UP COSTS TO MILLIONS OF DOLLARS FOR SCHOOLS AND EDUCATIONAL INSTITUTIONS BY NAVEEN GOUD

Educational institutions are facing a growing threat from ransomware attacks, with notable spikes in IT costs and vulnerability. A recent report highlights that 44% of schools in 14 states have faced ransom demands over $5 million, with some paying as much as $6.6 million. Moreover, despite attack frequency slightly decreasing in 2024, recovery times have worsened due to disruptions in backup systems. The report attributes these attacks to network vulnerabilities and phishing schemes, warning that AI-driven ransomware could escalate risks. Institutions are urged to strengthen cybersecurity measures, invest in resources, and hire specialized talent to safeguard against future attacks.

Read more

SINGAPORE POLICE ARREST SIX HACKERS LINKED TO GLOBAL CYBERCRIME SYNDICATE BY RAVIE LAKSHMANAN

The Singapore Police Force arrested five Chinese nationals and one Singaporean man for involvement in a global cybercrime syndicate following a raid this past Monday, September 9, 2024. The suspects, aged 32 to 42, were found with laptops, hacking tools, malware control software, personal data from foreign internet providers, and substantial amounts of cash and cryptocurrency. They are accused of unauthorized access to computer systems and retaining personal information and malicious software. The Singaporean man allegedly aided the group, whose members now face charges under the Computer Misuse Act.

Read more

RUSSIAN, KAZAKHSTANI MEN LIVING IN MIAMI INDICTED OVER CYBERCRIME TRAINING SERVICE BY AJ VICENS

Two men, Alex Khodyrev and Pavel Kublitskii, were indicted for their roles as administrators of WWH Club, a Russian-language cybercrime forum that facilitates illegal activities. WWH Club, active since 2014, has grown to over 350,000 users, though this figure may be inflated by anonymous accounts. The FBI infiltrated the forum in 2020, purchasing stolen data and attending cybercrime training. Khodyrev and Kublitskii, who reportedly did not have legitimate employment, were arrested in Miami after applying for asylum in 2022. Despite the arrests, however, the forum continues to operate, with accounts linked to the men deleted to maintain trust.

Read more