Threat Briefing: July 12, 2024

After over 12 years of diligent work by law enforcement, justice was finally served in Lincoln, Nebraska. A cybercriminal was sentenced to prison for distributing malware used to steal credentials, supporting ransomware attacks, and engaging in other malicious cyber activities that caused over $100 million in damages.

As part of the sentencing, the cybercriminal was ordered to pay nearly $73 million in restitution and fines. This significant victory highlights the challenges and time required to investigate and prosecute cybercriminals effectively.

To reduce the risk of cyber intrusions and damage, it’s crucial to patch vulnerabilities, remove end-of-life equipment, update passwords, and implement multi-factor authentication.

• U.S. Judge in Nebraska Sentences Ukrainian National to Nine Years in Jail for Engaging in Cybercrime as Member of Jabber Zeus Cyber Group – Vyacheslave Penchukov, known as “Tank,” pled guilty in February 2024 to two charges of conspiracy to commit wire fraud and racketeering and was ordered to pay more than $73 million in restitution and fines. As a member of the Jabber Zeus group, Penchukov helped organize the IcedID malware, which was used to support victim information and deploy ransomware. Penchukov had been indicted by the U.S. government in 2012 and was arrested in 2022 in Switzerland. Wired
• NATO to Establish New Integrated Cyber Defense Center in Belgium – The defense center will provide NATO military leaders with critical information on cyber threats. Announced during NATO’s 75th anniversary summit in Washington, D.C., the center will unite military and civilian personnel from NATO countries, allied nations, and private industry. The Record
• OpenAI Victim of Cyber Attack in Early 2023, Not Previously Disclosed – OpenAI did not publicly disclose the incident or alert law enforcement since no customer or partner data was compromised. The attack was revealed to OpenAI employees and its board of directors in Spring 2023. Information from an employee forum was stolen, but the attackers did not gain access to the systems supporting artificial intelligence. CSO Online
• Cyber Insurance Rates Decline as More Companies Offer Coverage – In 2023, rates dropped by 15% compared to 2022, following a significant increase from 2020 to 2022. Interest in cyber insurance surged due to the rise in ransomware attacks. Despite the decline in rates, the number of claims increased by 13% in 2023 compared to 2022. Dark Reading
• Cyber Actor CrystalRay Uses SSH-Snake Tool and Open Source Software for Credential Theft and Cryptomining Operations – SSH-Snake, a penetration testing tool, is employed for lateral network movement. CrystalRay leverages various tools to identify victims with open ports and known vulnerabilities, using proof-of-concept exploits to compromise targets. The group collects credentials for cloud and email platforms to resell and deploys two different cryptominers. Dark Reading