Operation Cookie Monster: A Global Success
A multinational law enforcement effort, dubbed Operation Cookie Monster, has successfully dismantled the illegal online marketplace Genesis Market. Specializing in the sale of stolen credentials for email, bank accounts, and social media, the operation involved authorities from 17 countries, resulting in 119 arrests and 208 property searches across 13 nations. Genesis Market has been operational since March 2018 and has provided access to data stolen from over 1.5 million computers worldwide, totaling more than 80 million credentials. The takedown of Genesis Market is expected to cause disruption within the cybercriminal underground as they seek alternatives, such as the STYX platform.
Spanish Hacker Mastermind Arrested
In a major victory for Spanish authorities, José Luis Huertas, known by the alias Alcaseca, has been arrested. Huertas is believed to be responsible for multiple high-profile cyberattacks in Spain and created the Udyat search engine used for selling stolen personal information. The investigation began in November, following a network breach at Spain’s national council of the judiciary that compromised data on over half a million taxpayers. Huertas now faces charges of impersonating a media executive and money laundering.
UK’s National Cyber Force Reveals Principles
The UK’s National Cyber Force (NCF) has outlined the principles it adheres to when conducting covert offensive cyber operations. The three key principles include accountability, precision, and calibration. The NCF has stated that it would rarely intervene if a more effective government response was available. The document also attempts to demonstrate how the NCF assesses targets for escalation and de-escalation within the existing UK legal framework.
IRS-Authorized eFile Service Delivers Malware
Bleeping Computer has confirmed that the IRS-authorized e-file software service provider eFile.com delivered a malicious JavaScript file since at least April 1st. Researchers at MalwareHunterTeam discovered that the payload contained a Windows backdoor capable of enrolling the infected machine into a botnet. The malware has since been removed from the site and did not impact the IRS’ e-file infrastructure.
OT Security Risks Continue to Plague Organizations
A recent survey by OTORIO and ServiceNow revealed that 58% of C-level executives consider their OT cybersecurity risk to be high or critical. Despite this, only 47% of organizations have implemented an OT cybersecurity solution, with 81% still managing OT risks manually. Half of the respondents have established a team to develop an OT strategy, indicating that many organizations have yet to create one.
Germany Takes Action Against Twitter
Germany’s Federal Justice Office has initiated proceedings against Twitter under the country’s Network Enforcement Act, which requires prompt response to user reports of illegal content. If found guilty, Twitter could face fines of up to 50 million euros.
HP Announces Critical Printer Bug Patch
HP has issued a security bulletin regarding a critical-severity vulnerability impacting approximately 50 HP LaserJet and Managed Printer models. The bug allows attackers to access data transmitted between the printers and other devices on the network. HP plans to release a firmware update within 90 days to address the issue.
ChatGPT: A Double-Edged Sword
Forcepoint solutions architect Aaron Mulgrew demonstrated how ChatGPT, an AI chatbot, can be used to create malware without writing any code. Although not a new malware approach, Mulgrew’s experiment highlights how ChatGPT can minimize the footprint of malware to avoid detection by current tools.
Oakland Data Breach Takes a Dark Turn
The city of Oakland has confirmed that the Play ransomware group has leaked a second batch of stolen data, amounting to 600GB, including confidential Oakland Police Department files. Some of these files contain sensitive information, such as disciplinary records and medical histories. The initial data leak in early March was a comparatively smaller 10GB. The city has not disclosed any ransomware demands from the Play group, but the second data leak suggests that the city has not met their demands, if any.
Estonian Man Indicted for Selling Metasploit
Andrey Shevlyakov, an Estonian man, has been arrested for violating US export regulations by allegedly selling a license for penetration testing software to a Russian party. Federal prosecutors have charged Shevlyakov with 18 counts of criminal behavior, including money laundering. Shevlyakov faces extradition and a possible jail sentence for procuring electronic components used in avionics, missiles, and electronic warfare systems for Russian end users. The US Department of Justice launched Task Force KleptoCapture in March 2022 to enforce export restrictions, sanctions, and economic countermeasures following Moscow’s attempt to conquer Ukraine. US federal agencies have also recently warned companies to be cautious of attempts to evade export controls using third parties.
That wraps up todays cybersecurity brief. As always stay safe, stay vigilant, and we’ll see you tomorrow with another update!