Threat Briefing: January 5, 2024

2023 was a year of major cybersecurity threats for entities around the world, particularly with many more ransomware attacks identified in 2023 compared to past years, an increase in malware developed to target the macOS system, and cyber attacks occurring significant losses for financial technology companies. While there was significant cyber attacks affecting organizations around the world, private sector companies and government entities worked together to disrupt cyber actors, collaborate on policies to strength cybersecurity, and provide funding for organizations to enhance their cybersecurity posture. The cyber attacks that occurred in 2023 are a strong reminder of why it’s important to prioritize cybersecurity, to collaboration on sharing information on emerging threats, and to promote good cyber hygiene in an effort to keep your organization and customers safe from cyberattacks.

Over 2,200 Schools, Government Entities, and Hospitals Impacted by Ransomware in 2023 – The average ransom payment from these ransomware attacks was estimated at $1.5 million. During 2023, 108 school districts were impacted with ransomware, an increase from 45 districts in 2022, directly impacting approximately 1,900 school facilities. At least 77 school districts reported stolen data as a result of the ransomware attacks. The healthcare market was also impacted, as 46 hospital systems were disrupted by ransomware, with 32 believed to have experienced a data theft. Also, 95 government entities were hit with ransomware to include city and county government agencies as well as the federal government’s U.S. Marshals Service. Emsisoft

21 New Malware Variants Targeting macOS Systems Identified in 2023 – This represents a 50% increase from 2022. The most common type of malware targeting macOS systems was information stealers such as MetaStealer and AtomicStealer. A macOS version of the LockBit ransomware was also identified in 2023. State-sponsored cyber actors were also involved in developing malware targeting macOS with both Iran and North Korea linked to malware variants. Security Week

Cybercriminals Compromising “Gold” Accounts on Social Media Platform X and Selling Access to Accounts – Prices for accounts have gone for as high as $2,000. “Gold” accounts are those as independently-verified by X and associated with a high-profile organization. Cyber actors have brute-forced passwords and used stolen credentials to access Gold X accounts and compromise dormant X accounts in order to upgrade them to Gold status to resell them. Dark Reading

Nigerian National Suspected of Participating in Scheme to Defraud Charitable Organizations of $7.5 Million Indicted by U.S. Government – Olusegun Samson Adejorin was also previously arrested by law enforcement in Ghana in December 2023. Adejorin compromised email accounts at two different charitable organizations in the U.S. and had also purchased a credential harvesting tool to email credentials. U.S. Attorney’s Office, District of Maryland

Pro-Russia Hacktivist Group NoName057(16) Compensating Members for Conducting Distributed Denial-of-Service (DDoS) Attacks – The group is one of the most active groups, having conducted over 1,174 attacks in over 30 countries. The group includes approximately 60,000 subscribers as part of its Telegram channel and uses volunteers to download and install a bot used to carry out DDoS attacks. In November 2023, the group announced it created its own cryptocurrency, DCoin, which can be withdrawn, converted, and sent to members to cryptocurrency wallets. CSO Online

Blockchain Company Orbit Chain Losses $86 Million in Cryptocurrency on December 31st – The compromise resulted in a loss of Ether, Dai, Tether and USD Coin cryptocurrency. Orbit Bridge also indicated there are X (formerly Twitter) accounts being used to promote phishing sites to scam victims into connecting their cryptocurrency wallets. Bleeping Computer

Proposed Program by the Federal Communications Commission (FCC) Would Provide Up to $200 Million for Cybersecurity Programs for Schools and Libraries – The three-year pilot program would provide the funding for rural and low-income communities. The FCC is currently evaluating what schools and libraries would be eligible for the program. As part of the program, the FCC would be able to gather data to better understand how to support schools and libraries from cyber attacks. StateScoop

European Central Bank (ECB) Requiring Over 100 Banks to Participate in Cyber Stress Test -The rest will require banks to conduct incident response evaluations and vulnerability assessments by mid-2024. As part of the stress test, banks will face a simulated cyber attack causing a disruption to business operations. Approximately a quarter of the banks will also participate in enhanced testing. Furthermore, the ECB will also conduct a review of requirements for third-party service providers of the selected banks. Bank Info Security

Chinese Government Arrests Four Individuals Suspected of Using ChatGPT to Create Ransomware Used in Attack on China-based Company – The individuals involved stated they utilized ChatGPT to help conduct network scans, infiltrate the victims system, and use ChatGPT to optimize the code for the ransomware variant. Two of the individuals were in Inner Mongolia and the other two were based in the Beijing area. MSN