Threat Briefing: January 19, 2024

We spotlight stories that reveal the diverse tactics employed by cyber actors to facilitate their illicit activities. This includes experimenting with various technologies, funneling funds through casinos, and even resorting to human trafficking to support fraudulent operations. The impact of malicious cyber activities transcends all industries, prompting cyber actors to constantly seek ways to capitalize on their access, introduce layers of obfuscation to their actions, and safeguard their operations from interference.

As cyber actors explore novel avenues of attack, government agencies are actively working to disrupt their activities. Their goal is to ensure the proper protection of data and systems, preventing cyber actors from compromising resources that could be exploited for conducting attacks.

Russian Cyber Group COLDRIVER Expanding from Credential Phishing to Malware Distribution – COLDRIVER, also known as Star Blizzard or Callisto, has primarily targeted NATO governments, military officials and non-governmental organizations, and academic institutions with credential phishing campaigns. The group has recently expanded to delivering a malware variant called SPICA via malicious PDF documents, and is used to obtain system information, cookies from web browsers and exfiltrating data. Google Threat Analysis Group

Cyber Threat Actors Abusing Free Cloud Services to Conduct Botnet Operations – Cyber threat actors have leveraged the capability to establish low-cost accounts, including free or trial accounts, as a cost-cutting measure and a means of introducing a layer of obfuscation to their operations. In early January 2024, around 1.3 million IP addresses engaged in scanning activity, originating from the U.S., Russia, and Asia. Security Week

Ransomware Attacks Drop Slightly in December Compared to November 2023, However, Overall Ransomware Levels Higher than 2022 – Ransomware gangs posted 356 victims on their extortion site in December 2023, compared to 241 in December 2022. Ransomware attacks against school districts dropped in December compared to November 2023, while the potential schools impacted stayed approximately the same. The Record

Ukrainian National Arrested for Role in Establishing 1 Million Virtual Servers Used to Mine $2 Million in Cryptocurrency – The illicitly gained proceeds were subsequently laundered through the TON cryptocurrency. The arrested individual is suspected to have engaged in such activities since 2021 and is connected to a campaign involving the brute force of accounts belonging to a major e-commerce company. The compromised credentials were exploited to establish virtual computers, utilized for the purpose of cryptocurrency mining. Bleeping Computer

Casino Industry in Southeastern Asia Supporting Cyber Fraud Industry Through Money Laundering Activity – The proceeds from pig-butchering cryptocurrency scams and other online fraud scams have been laundered through casinos near Laos and Myanmar. There are also several compounds facilitating cyber scams which are operated by individuals who have been trafficked throughout South Asia. Several cybercriminal groups have utilized Telegram channels to coordinate the development of money laundering teams, advertising the exchange of USDT for Singaporean dollars, and advertising cybercrime-as-a-service. The Record

U.S. Law Enforcement Disrupts Fake Antivirus Scam Through Phishing Emails – Victims received emails falsely claiming that their antivirus subscription required renewal, accompanied by a phone number for cancellation. Those affected were coerced into installing remote access software, leading to malware infection and the unwitting disclosure of credentials on a phishing page. A law enforcement operation resulted in the recovery of $34,000 from a bank account that had received funds from the fraudulent renewal scheme. Bleeping Computer

Investigation and Fine by New York Department of Financial Services (DFS) Leads Cryptocurrency Trading Company to Shut Down – Genesis Global Trading paid an $8 million fine and surrendered its license to operate following an investigation finding the company had failed to properly conduct a cybersecurity assessment. Genesis Global Trading also did not properly follow anti-money laundering policies to include filing suspicious activity reports. The Record

European Regulation Authorities Issued $1.9 Billion in Fines in 2023 for Organizations Violating European Union General Data Protection Regulations – The fines represent a 14% increase in fines issued in the previous years. The Irish Data Protection Commission serves as one of the leaders in issuing fines, and has issued seven of the 10 largest fines since 2018. Approximately 335 breach notifications were sent to European Union regulators during 2023, representing a slight increase from 328 in 2022. Bank Info Security

Study Shows Countries with Stronger Economies Likely Have Stronger Cybersecurity Capabilities – Countries with better cybersecurity capabilities were located in North America, Australia, New Zealand, and much of Europe. Several countries in the Middle East had better cybersecurity capabilities than countries with similar economies in East Asia and Southern Europe, while several countries in Africa were in a stronger position than countries in Central and South Asia. Dark Reading