Threat Briefing: September 13, 2024

The cost and impact of cybercrime and computer-enabled fraud continues to escalate. A new report released this week revealed that over $5.6 billion was lost in 2023 due to cryptocurrency fraud, including more than $420 million lost to tech support fraud schemes. Data breaches provide valuable information to cybercriminals, enabling not only network intrusions but also various fraud schemes.

This week, the U.S. government indicted two individuals who operated a dark web marketplace selling stolen information used for cybercrime, although the marketplace remains operational. Information stolen in cyberattacks can be sold and reused by multiple threat actors, making it critical to ensure that the data your organization holds on its customers and staff is protected from being stolen and resold on such platforms.

• Payment Processing Slim CD Suffers Data-Breach Affecting 1.7 Million People – The breach occurred in mid-June, though the specifics of the breach have yet to be disclosed. An investigation by Slim CD revealed that the cyber threat actor had access to the company’s systems since August 2023. As a result, the attacker may have gained access to sensitive customer information, including names, addresses, credit card numbers, and expiration dates of Slim CD customers. The Record
• New Features in TrickMo Banking Trojan Helps Improve Functionality – The new features of TrickMo enhance its ability to evade detection and analysis. First observed in 2019, TrickMo has primarily targeted Android devices. Key capabilities of the malware include logging keystrokes, capturing screen activity, and remotely controlling infected devices to facilitate fraudulent activities. The Hacker News
• U.S. Government Indicts Two Foreign Nationals For Role in Operating Dark Web Marketplace – The WWH-Club marketplace was used to sell stolen credit card data and offer classes on cybercrime. Two individuals were arrested in Miami in August 2024 for their involvement in operating WWH-Club and other related websites. By 2023, WWH-Club had over 350,000 users worldwide and was described as “a cross between eBay and Reddit.” The marketplace offered a range of illicit goods, including bank account information, passwords, Social Security Numbers, and PayPal account details. The Record
• Cryptocurrency Scams Resulted in $5.6 Billion in Losses in 2023 – According to the FBI’s Internet Crime Complaint Center, based on over 69,000 complaints received in 2023, the majority of fraud stemmed from investment scams, with most victims being over the age of 60. Financial losses from cryptocurrency scams surged by 45% compared to the previous year. Additionally, more than 5,500 complaints involved the use of cryptocurrency kiosks, leading to over $189 million in financial losses. Bank Info Security
• NoName Ransomware Group Begins to Deploy RansomHub Ransomware – NoName has been previously associated with the deployment of ScRansom ransomware and has also been linked to the use of LockBit 3.0, having created a similar data leak site that mimicked LockBit’s operations. In June, NoName was observed using a tool called EDRKiller, developed by RansomHub, to achieve privilege escalation before deploying RansomHub ransomware in an attack. Bleeping Computer