Cybersecurity Update March 16th 2023: ViLE Criminals, Zero Days & Scams Galore

Two Men Charged in DEA Portal Hack

Prosecutors have charged two US men with illegally accessing an online portal for the US Drug Enforcement Agency, part of the larger ViLE criminal organization. This group uses faked emergency data requests to dox victims and extort them for money or access to social network accounts.

Americans Lose Billions to Online Scams

The FBI reported that American citizens lost over $10 billion to online scammers in 2022. With over 800,000 scam complaints, phishing activity accounted for 37.5% of complaints, while crypto investment fraud saw a massive increase of 185% on the year to $2.57 billion.

Humans Beat AI in Phishing (For Now)

A HoxHunt research paper revealed that a professional red team outperformed ChatGPT in phishing click rates (4.2% versus 2.9%). However, researchers caution that the GPT-4 model could offer substantial improvement in effectiveness.

US Marshals Service Data for Sale

Hundreds of gigabytes of data, allegedly stolen from the US Marshals Service, have been listed for sale on a Russian-speaking forum. The data includes information on the witness protection program, aerial footage of military bases, and wiretapping operation details.

Dero Cryptojacking Campaign

Researchers at Crowdstrike observed the first cryptojacking campaign using the Dero cryptocurrency. Threat actors targeted exposed Kubernetes clusters with misconfigured authentication to deploy a Docker image, starting the miner across all Kubernetes nodes.

Federal Agency Data at Risk

Telerik Bug Exploited for Data Theft

CISA warned that multiple threat groups were able to breach a federal agency and steal data by exploiting a Telerik vulnerability in an unpatched Microsoft IIS Web server. Teams running Telerik UI for ASP.NET Ajax builds from earlier than 2020 are urged to take immediate action.

Adobe ColdFusion Bug Exploited as a Zero-Day

CISA added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild. Administrators are advised to install the security updates as soon as possible and apply security configuration settings outlined in the lockdown guides.

Crypto Laundering Schemes and Cyber Attacks

ChipMixer Crypto Laundering Platform Shut Down

Authorities across Europe and the U.S. dismantled ChipMixer, an unlicensed cryptocurrency mixer responsible for laundering $3.75 billion worth of digital assets. The operation led to the seizure of $47.5 million in Bitcoin and 7 TB of data.

Russian Hackers Planning Cyber Attack on Ukraine

Microsoft released a report suggesting that Russian hackers are planning a new ransomware-style attack on Ukraine, targeting organizations that serve the country’s supply lines. The hacking team “Sandworm” is believed to be responsible for several attacks on Ukrainian organizations.