Threat Briefing: December 22, 2023

In the past year, cyber attackers have consistently taken advantage of recently discovered vulnerabilities to infiltrate systems and exploited longstanding vulnerabilities that organizations could have addressed using existing patches. Proactively addressing vulnerabilities as soon as they are identified diminishes the risk of cyber threat actors exploiting unpatched vulnerabilities in the future. The identification of these vulnerabilities, coupled with collaboration across various teams plays a crucial role in mitigating these risks and safeguarding your organization’s computer systems and customer information.

Over 40 Financial Institutions Around the World Targeted with Credential-Stealing Malware, Affecting over 50,000 Users – Launched in March 2023, the campaign involved acquiring credentials and one-time passwords from victims who entered their information, only to receive an error message from the financial institution. Subsequently, cyber actors used the captured credentials to gain unauthorized access to bank accounts. The targeted financial institutions are located across North America, South America, Europe, and Japan. The Hacker News

Rhadamanthys Information-Stealing Malware Gets Enhanced Capabilities – Launched in August 2022, Rhadamanthys has been distributed via emails, malvertising, and YouTube videos. The upgraded version of Rhadamanthys enables cyber actors to tailor their targets based on specific objectives. This malware is capable of pilfering information from a range of cryptocurrency applications, VPN products, and web browsers. Bleeping Computer

PikaBot Malware Distributed Through Malvertising Campaign – PikaBot acts as a downloader for other malware payloads. Cyber attackers distributing PikaBot relied on ads promoting legitimate software, such as AnyDesk, to direct victims to fake web pages hosting the installer for PikaBot. The cyber actors fingerprint the web request made to ensure requests do not originate from virtual machines. The Hacker News

Global Law Enforcement Operation Results in 3,400 Individuals Arrested For Participating in Multiple Crimes to Include Phishing and Business Email Compromises – The operation lasted six months and resulted in the arrest of individuals in 34 countries and the seizure of $300 million, including over $100 million in virtual currency. The Hacker News

U.S. Citizen Pleads Guilty for Computer Attack Against Two Different Cryptocurrency Exchanges, Resulting in the Loss of $12 Million – The attack was initiated by exploiting a vulnerability in a smart contract and was used to steal $9 million from one cryptocurrency exchange. The stolen funds were laundered through a variety of cryptocurrency platforms and mixers. The individual was the first person to be charged with the compromise of a smart contract in the U.S. U.S. Attorney’s Office, Southern District of New York

Supply Chain Attack Against Ledger dApp Results in Theft from Crypto Wallets – Ledger has warned malicious code in its Connect Kit could allow a wallet drainer to steal cryptocurrency and NFTS from wallets connected to Ledger’s app. Approximately $680,000 in cryptocurrency has been stolen from Ledger users due to the malicious code. Bleeping Computer

U.S. Government’s Financial Stability Oversight Council Identifies Artificial Intelligence (AI) Risks to Financial Sector – The council released a report that identified AI as an “emerging vulnerability.” While the council did indicate AI could help financial institutions to gain more efficiency, AI can pose a cybersecurity and risk challenge to financial institutions that “could hamper financial stability.” Bank Info Security

Chinese Government Introduces Draft Proposal of New Rating System for Disclosing Data Security Incidents, – The rating system classifies events as Level 1 (“especially significant”) through Level IV (“general”). When a company identifies an incident, they are required to report it to a local office of China’s Ministry of Industry and Information Technology (MIIT). Incidents considered to be a major data security incident are required to be reported by phone within 10 minutes to the MIIT. The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) Plans to Enhance Information Sharing Capabilities with Private Sector Starting in 2024 – As part of the plan, CISA will modernize its information sharing platform. A new threat intelligence sharing platform called Threat Intelligence Enterprise Services will help to share information between federal agencies and private sector partners. Bank Info Security