Threat Briefing: October 4, 2024

October marks National Cybersecurity Awareness Month, and this week, representatives from over 60 countries gathered in Washington, D.C. for the Counter Ransomware Initiative Summit. The week brought exciting developments, including disruptions to ransomware infrastructure, the arrest of cybercriminals, and sanctions against those supporting their activities.

In line with Cybersecurity Awareness Month, CISA is spotlighting key practices for staying safe online—one of the most important being the use of strong passwords. Cybercriminals are always on the lookout for legitimate login credentials, as they make it easier to infiltrate a victim’s system. This underscores the critical need to safeguard your passwords.

Check out our collection of articles, tips, and best practices as we celebrate Cybersecurity Awareness Month.

• U.K. National Indicted for Accessing Corporate Accounts to Obtain Information Used for Insider Trading Scheme – A U.K. national has been indicted for accessing corporate accounts to facilitate an insider trading scheme. Between January 2019 and May 2020, the individual illegally accessed Microsoft accounts belonging to five organizations and obtained sensitive financial information. By setting up email forwarding rules, the individual redirected company data to an email account under their control. This information was then used to buy and sell securities, resulting in profits exceeding $3 million. U.S. Attorney’s Office, District of New Jersey
• Former Senior Russian Intelligence Official Linked to Evil Corp Cybercrime Group – Eduard Benderskiy has been sanctioned by the U.S. Government for his role in supporting Evil Corp, a cybercriminal group whose members were previously indicted for operating a botnet and deploying banking trojans. Benderskiy is also the father-in-law of Maksim Yakubets, a key leader of Evil Corp. Allegedly, under Benderskiy’s influence and ties to the Russian government, Evil Corp was directed to carry out cyberattacks against NATO. The Record
• Law Enforcement Operation Disrupts More LockBit Infrastructure and Arrests Additional LockBit Actors – In a joint operation by the U.S., United Kingdom, and Europol, authorities arrested a LockBit developer in France. Additionally, an administrator of a bulletproof hosting service used by LockBit was apprehended in Spain, while two individuals connected to a LockBit affiliate were arrested in the U.K. Law enforcement also identified a LockBit affiliate linked to the Evil Corp cybercriminal group. This affiliate was subsequently indicted by the U.S. Government and sanctioned by the U.S., United Kingdom, and Australia. Security Week
• Eight Individuals Arrested in Africa by INTERPOL for Role in Phishing Scams – The arrests were part of Operation Tender 2.0, which targeted a phishing scam involving the use of QR codes. The individuals involved directed victims to malicious websites disguised as legitimate payment platforms, prompting them to enter their card information. The threat actors behind this scheme are responsible for approximately $1.9 million in financial losses. The Hacker News
• CISA’s Vulnerability Disclosure Policy Platform Remediated Nearly 1,000 Vulnerabilities in 2023 – Through the program, CISA triaged over 7,000 submissions, identifying approximately 250 critical vulnerabilities. The initiative also helped participating federal agencies save millions in potential remediation costs. The Record