Threat Briefing: August 25, 2023

Mitigating malicious cyber activity comes in different forms, ranging from identifying and removing malware or a malicious browser extension on your device, to policies requiring disclosures of software vulnerabilities, to interviewing stakeholders to assess cybersecurity posture, and international actions involving treaties and law enforcement. Those efforts can result in the arrest of cybercriminals, to disrupting infrastructure used by cybercriminals and degrading their ability to carry out cyber-attacks, all the way down to blocking malicious software or extensions, all in an effort to prevent the compromise of computer networks, and loss of sensitive data.

Browser Extensions Present Risk to Sensitive Company Data and User Credentials – A study of over 300,000 browser extensions found that 51% were high risk. The malicious extensions had the ability to run malicious JavaScript, collect banking and login credentials, and copy sensitive data. Dark Reading

Cuba Ransomware Group Exploits Vulnerability in Veeam’s Backup & Replication Software to Launch Ransomware Attacks – The vulnerability was initially disclosed in March 2023. The Cuba Ransomware group has frequently focused on critical infrastructure targets, to include those in the financial sector and typically steals data before encrypting victim systems. Bank Info Security

XLoader, A New Variant of Malware Targeting Apple’s macOS, Identified – The previous version of the macOS XLoader was originally identified in summer 2021. XLoader will target clipboard data and information in directories for Google Chrome and Firebox, however, Safari is not targeted by XLoader. The actors behind XLoader have made it available for rent for $299 for 3 months or $199 a month. The Hacker News

Operators of Tornado Cash Service, Used to Launder Over $1 Billion, Indicted by U.S. Government – Tornado Cash operated as an unlicensed money remitter and facilitated money laundering activity for North Korean cybercriminals to circumvent economic sanctions. Tornado cash presented itself as a way to engage in untraceable financial transactions and the operators of Tornado cash failed to implement anti-money laundering programs. U.S. Attorney’s Office, Southern District of New York

INTERPOL and AFRIPOL Team Up to Arrest 14 Individuals for Engaging in Cybercrime Spree Occurring in Africa – The suspects arrested were tied to malicious cyber activity impacting over 20,000 computers across 25 countries in Africa. The operation resulted in the arrest of two money mules as well as the disruption of two dark web sites. Dark Reading

Russian Cyber Actors Develop Toolkit to Support Fraud for Actors with Limited Technical Skills – The toolkit, called “Telekopye”, has been primarily used by actors in Russia and eastern Europe, and has allowed users to create phishing websites and send fake emails. The cyber actors have also been able to collect sensitive information, including financial information from victims. Bank Info Security

Proposed Legislation Would Require Federal Contractors to Implement Vulnerability Disclosure Policy – The legislation was developed in conjunction with a cybersecurity firm, and would require contractors to “have a vulnerability disclosure policy to help ensure that any software flaws are fixed before they can be exploited by hackers.” CISA, NIST and the National Cyber Director would be required by the legislation to review federal contract requirements. The Record

CISA Working to Increase On-Site Cybersecurity Reviews for K-12 Schools During Upcoming School Year – The on-site visits build on other government initiatives to support school districts combat cyber threats. School districts remain an attractive target for cyber actors and a variety of new government and private sector programs were recently announced to help increase security for school districts. NextGov

UN Members Working to Finalize Negotiations for UN Cybercrime Treaty – The new treaty would be voted on by the UN General Assembly in 2024. The treaty will support cooperation between law enforcement agencies in member countries, and UN diplomats have worked to draft a treaty to obtain consensus from member countries. The Record