Kicking off the new year, we look back on the cyberattacks, justice, and fintech news that played a crucial role within the digital space.
As we concluded 2023, users were warned to stay vigilant during their holiday shopping, what with cybercriminals exploiting various vulnerabilities and carrying out numerous types of phishing campaigns.
Some of the biggest attacks that took place in the cybersecurity world included the:
- phishing attack against MongoDB;
- ransomware attack on video game developers, Insomniac;
- cyberattack on the Albanian parliament.
On the justice front, a disruption campaign against BlackCat/AlphV was able to produce a decryptor key. Meanwhile, operation HAECHI IV seized +$300 million and arrested 3,500 suspects. Lapsus$ gang teen, who perpetrated the 2022 attacks against Uber and Rockstar Games, is sentenced.
Read on to discover more about the latest key updates for the cybersecurity space in December.
Cybercrime Breaking News
Microsoft Threat Intelligence disables the ms-appinstaller URI scheme, as it has seen more and more threat actors (including financially motivated ones) misusing the app installer to disperse malware. In an official statement, they noted, “Threat actors have likely chosen the ms-appinstaller protocol handler vector because it can bypass mechanisms designed to help keep users safe from malware…”
Microsoft warns that threat actors have misused OAuth, token-based authentication and authorization applications.
The Cybersecurity and Infrastructure Security Agency’s (CISA) added two Qlik Sense (data analytics tool) bugs to its catalog: CVE-2023-41265 and CVE-2023-41266.
Hackers could exploit a Bluetooth vulnerability to take control of Android, Linux, macOS and iOS devices. The security flaw is tracked as CVE-2023-45866.
The FBI, CISA, and the Australian Signals Directorate’s Australian Cyber Security Centre released a joint advisory titled “#StopRansomware: Play Ransomware”. The idea of the advisory is to spread information about the Play ransomware group’s tactics, techniques, and procedures, as well as indicators of compromise.
MongoDB, the software giant, investigated suspicious activity on corporate customer support applications. An unauthorized third party aimed to gain access via a phishing attack.
Insomniac, the studio behind the PlayStation Spider-Man 2 video game, was hit by a cyberattack, with hackers demanding a $2m ransom.
Accounting software provider, Tiplati, investigated a cyberattack, claimed to be carried out by Black Cat/ AlphV.
Xfinity, a cable TV and internet service provider, filed a notification in which it’s noted that nearly 36 million of its users may have been affected by a data breach due to the “Citrix Bleed” vulnerability.
Cyberwar between Russia and Ukraine: Updates
Kyivstar (Ukraine’s main mobile network with over 24 million mobile customers and a million home internet users) was targeted by a ‘powerful hacker attack’, leaving users without phone or internet access. The attack is still under investigation.
Cybersecurity Justice
The Justice Department announced a disruption campaign against BlackCat/AlphV, during which the FBI developed a decryptor that helped +500 affected victims restore their systems. During the campaign, the FBI was also able to gain access to the ransomware group’s computer network and seize several of BlackCat’s websites. “In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa O. Monaco.
A global police operation, HAECHI IV (carried out between July-December 2023), has seized over $300 million and arrested 3,500 suspects, linked with seven types of cyber-enabled scams. The criminal activities include voice phishing, online sextortion, investment fraud, money laundering associated with illegal online gambling, business email compromise fraud, and e-commerce fraud.
Europol and the European Union Agency for Cybersecurity (ENISA) join forces with law enforcement authorities from 17 countries, as well as private sector partners, to fight digital skimming attacks. These types of fraud schemes are when cybercriminals steal credit or payment card information during customers’ digital checkout, without anyone noticing the suspicious actions. So far, the joint efforts have notified 443 online merchants, whose customer data has been compromised.
Microsoft gets a court order to seize the infrastructures of cybercriminal websites (e.g. Hotmailbox.me, etc.) that have been selling access to about 750 million fraudulent Microsoft-branded accounts used ‘to bypass the confirmation of use and account setup by a real person’.
Teen, as part of the Lapsus$ gang, who perpetrated the 2022 cyberattacks against Uber, Nvidia, and Rockstar Games, is sentenced to an indefinite hospital order.
An alleged hacker faces new charges with three counts of extortion, three counts of unauthorized computer use, and failure to comply with a release order. Earlier this year, he was also accused of having ties to the LockBit ransomware group.
A cyber perpetrator pleads guilty to developing and deploying the Trickbot malware, which was used to carry out ransomware attacks against American hospitals, schools and businesses.
FinTech Updates
Four individuals, behind the ‘Pig Butchering’ cryptocurrency laundering scheme, are charged by the Justice Department. The scam, where the cybercriminal contacts a victim, aiming to push them to make a ‘business investment’ in cryptocurrency, has resulted in $80 million in losses.
Ledger, the cryptocurrency hardware wallet maker, published a new version of its connect kit npm module after hackers stole over $600,000 in digital assets.
The founder of Bitzlato, a cryptocurrency exchange, pleaded guilty to “operating a money transmitting business that transmitted illicit funds”.
An individual pleaded guilty to hacking two decentralized cryptocurrency exchanges, one of which was Nirvana Finance.
Cybersecurity News Across The Globe
- Hackers targeted the Assembly of the Republic of Albania and One Albania, a telecommunications company, via a cyberattack.
- NASA released the Space Security Best Practices Guide, which is set to improve the cybersecurity of space missions.
- Defense and commercial vessel manufacturer – Austal’s US counterpart – notified the FBI and Naval Criminal Investigative Service (NCIS) of a cyber incident, which had ‘no impact on operations’.
Stay up to date with the latest cybersecurity news, while having a look through some of our most-read articles through 2023:
- Data Protection: How to Decide Which Types of Data to Secure
- The new reality of ChatGPT – does it hide an unexpected threat to cyber security?
- 4 Things Your CISO and Board Should Be Talking More About
- Cybersecurity Interview: 9 Questions with AMATAS Cybersecurity Expert
AMATAS will continue to monitor this space and deliver salient information regularly.
Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.
As always – be vigilant, stay alert, and think twice.