Operation Cookie Monster Takes Down Genesis Market
A successful FBI-led operation on Tuesday resulted in the seizure of Genesis Market, a major online platform where criminals sold stolen credentials and tools to weaponize data. Linked to millions of cyber incidents worldwide, the market played a significant role in various forms of cybercrime, including fraud and ransomware attacks. As part of Operation Cookie Monster, a splash page announcing the takedown replaced the login pages for Genesis Market’s websites. Numerous related arrests are anticipated globally.
Rorschach: The New Ransomware Speed Demon
Check Point researchers have identified a new ransomware strain called Rorschach, which is not connected to any known ransomware groups. Boasting an impressive average encryption time of 4 minutes and 30 seconds, Rorschach outpaces the 7-minute average of LockBit v.3. Its speed is achieved by adjusting the number of encryption threads via the command line argument. Rorschach also features high customizability, self-replicating capabilities, direct syscall leveraging, and the ability to clear system logs.
Tax Season Temptation: eFile.com Serves Malware
Online tax filing service eFile.com, an IRS-authorized platform, has been discovered distributing malicious JavaScript files on its website during tax season. The file ‘popper.js’ delivers an error message with a link that downloads a Windows-based Trojan. Although the malware was active on the site until recently, it has since been removed.
Ransomware Exploits Veritas Backup Exec Vulnerabilities
An ALPHV/BlackCat ransomware affiliate has been found exploiting three high-severity vulnerabilities in the Veritas Backup product to gain initial access to target networks. Mandiant researchers first observed the exploitation in October, and more than 8,500 IP addresses still advertise the vulnerable service.
Twitter’s Algorithm Exposes Platform to Manipulation and Bot Attacks
After Twitter released part of its recommendation algorithm’s source code, a security researcher discovered that attackers could manipulate it to target specific accounts. Mitre Corporation assigned common vulnerabilities and exposure tags to portions of Twitter’s code due to the potential denial of service imposed on victim accounts. Elon Musk acknowledged the potential embarrassment from releasing the code but promised to address any identified bugs promptly.
Smart Garage Doors at Risk: Remote Control by Hackers
A series of security bugs in wi-fi enabled Nexx garage door openers allows hackers to take control and remotely open doors. The vulnerability lies in the smartphone app, which exposes information from other users’ devices. The researcher who discovered the flaw reported that Nexx did not respond to attempts to report the vulnerabilities responsibly.
Typhon Reborn Stealer Malware Returns with Advanced Evasion Tactics
The information-stealing malware Typhon Reborn has resurfaced with an updated version featuring enhanced detection evasion and analysis resistance capabilities. Available for sale on the criminal underground, the malware harvests sensitive data and uses the Telegram API to send the stolen information to attackers. Typhon Reborn’s resurgence coincides with the disclosure of Creal, a Python-based stealer malware that targets cryptocurrency users via phishing sites.
Florida Hospital Breach Notification Following Cyber Attack
Tallahassee Memorial HealthCare has alerted approximately 20,000 patients about a breach that occurred in February. The unauthorized access resulted in the theft of files containing sensitive patient information. The healthcare system has been working closely with law enforcement and other agencies to investigate and recover from the incident.
Pirated Software Leads to Ukrainian Utility Company Compromise
A Ukrainian utility company experienced cyberattacks after an employee downloaded and installed an unlicensed version of Microsoft Office from a torrent website. The pirated software infected the company’s system with two remote access Trojans for two months. These Trojans granted unauthorized third-party access to the company’s network from January 19 to March 22. Cybersecurity experts attribute the Trojans to the UAC-0145 group, which has previously linked DarkCrystal RAT usage to the Sandworm group. As Russian state hackers have targeted Ukraine for nearly a decade, torrented software remains a common avenue for such cyberattacks.
Pig Butchering Scams: US DOJ Seizes $112 Million in Digital Assets
In a significant crackdown on “pig butchering” scams, the U.S. Department of Justice seized digital assets worth $112 million. Six cryptocurrency wallets were identified as being connected to the laundering of illicit funds from these cryptocurrency investment scams. Cybercriminals used multiple accounts to transfer funds from the fraudulent schemes to their own accounts, defrauding investors in the process.
Scammers typically targeted victims through social media, dating sites, and “misdialed” calls or texts, luring them into investing in fake cryptocurrency trading platforms. To enhance the scams’ credibility, the perpetrators even created fake websites and mobile apps displaying bogus investment portfolios filled with high returns. Sometimes, victims were tricked into downloading malicious smart contracts on their phones, granting the scammers access to their digital wallets.
The term “pig butchering” originates from its Chinese name, Sha Zhu Pan, with the “pig” representing the victims. Cryptocurrency fraud, including pig butchering, accounted for the majority of the $3.3 billion investment fraud scams recorded by the FBI’s Internet Crimes Complaint Center in 2022. In the U.S alone, fraudulent losses surged 183% from $1.44 billion in 2021 to $2.57 billion in 2022. The use of digital currency to commit fraud presents new challenges for both victims and law enforcement attempting to recover potentially billions of dollars in lost funds.
That wraps up todays cybersecurity brief. As always, stay safe, stay vigilant, and we’ll see you tomorrow with another update!