Skip to main content

Friday Five: Data-Stealing Malware, Ransomware Groups Casting a Wide Net, & More

by Robbie Araiza on Friday September 13, 2024

Contact Us
Free Demo
Chat

Ransomware groups continue to target organizations across multiple industries. Meanwhile, government entities are urged to be vigilant of data-stealing malware, law enforcement continues to punch back against cybercrime groups, and more. Get up to speed in this week's Friday Five.

SOCIALLY SAVVY SCATTERED SPIDER TRAPS CLOUD ADMINS IN WEB BY ELIZABETH MONTALBANO

The ransomware group Scattered Spider has been using advanced social engineering techniques, including SMS and voice phishing (smishing and vishing), to target financial and insurance companies. The group impersonates employees and uses fake login portals to gain access to application management and identity access policy platforms and bypass MFA, aiming to steal high-level permissions to cloud-based environments for ransomware delivery. Furthermore, they are also said to be exploiting legitimate cloud-based services by closely mimicking single sign-on (SSO) portals, delivered via advanced social engineering attacks, to "remotely execute commands, transfer data, and maintain persistence while avoiding detection," according to a recent analysis. Researchers emphasize stronger cloud security and monitoring to mitigate risks from phishing attacks.

Read more

CHINESE HACKERS USE NEW DATA THEFT MALWARE IN GOVT ATTACKS BY BILL TOULAS

Mustang Panda, a China-based cyber-espionage group, has shifted to new tactics and malware, specifically FDMTP and PTSOCKET, to breach networks and steal data. The group is spreading malware via removable drives, using a variant of the HIUPAN worm to deliver the PUBLOAD stager, which establishes persistence and conducts reconnaissance, along with a secondary control tool dubbed PTSOCKET. Mustang Panda is evolving its strategies to carry out highly targeted, time-sensitive cyber operations to target government and non-government organizations, mainly in Asia-Pacific, using spear-phishing and sophisticated tools to exfiltrate sensitive files.

Read more

RANSOMWARE ATTACKS ARE DRIVING UP COSTS TO MILLIONS OF DOLLARS FOR SCHOOLS AND EDUCATIONAL INSTITUTIONS BY NAVEEN GOUD

Educational institutions are facing a growing threat from ransomware attacks, with notable spikes in IT costs and vulnerability. A recent report highlights that 44% of schools in 14 states have faced ransom demands over $5 million, with some paying as much as $6.6 million. Moreover, despite attack frequency slightly decreasing in 2024, recovery times have worsened due to disruptions in backup systems. The report attributes these attacks to network vulnerabilities and phishing schemes, warning that AI-driven ransomware could escalate risks. Institutions are urged to strengthen cybersecurity measures, invest in resources, and hire specialized talent to safeguard against future attacks.

Read more

SINGAPORE POLICE ARREST SIX HACKERS LINKED TO GLOBAL CYBERCRIME SYNDICATE BY RAVIE LAKSHMANAN

The Singapore Police Force arrested five Chinese nationals and one Singaporean man for involvement in a global cybercrime syndicate following a raid this past Monday, September 9, 2024. The suspects, aged 32 to 42, were found with laptops, hacking tools, malware control software, personal data from foreign internet providers, and substantial amounts of cash and cryptocurrency. They are accused of unauthorized access to computer systems and retaining personal information and malicious software. The Singaporean man allegedly aided the group, whose members now face charges under the Computer Misuse Act.

Read more

RUSSIAN, KAZAKHSTANI MEN LIVING IN MIAMI INDICTED OVER CYBERCRIME TRAINING SERVICE BY AJ VICENS

Two men, Alex Khodyrev and Pavel Kublitskii, were indicted for their roles as administrators of WWH Club, a Russian-language cybercrime forum that facilitates illegal activities. WWH Club, active since 2014, has grown to over 350,000 users, though this figure may be inflated by anonymous accounts. The FBI infiltrated the forum in 2020, purchasing stolen data and attending cybercrime training. Khodyrev and Kublitskii, who reportedly did not have legitimate employment, were arrested in Miami after applying for asylum in 2022. Despite the arrests, however, the forum continues to operate, with accounts linked to the men deleted to maintain trust.

Read more

Tags:  Cybercrime Malware Ransomware State Hackers

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.

Get the latest security insights
delivered to your inbox each week.