CyberCrime - W/E - 11/1/19
Anti-Doping, Sporting Organizations Attacked by Strontium/Fancy Bear (10/29/2019)
Microsoft tracked new attacks linked to the Strontium (also known as Sofacy, Fancy Bear, and APT28) threat entity that focused on anti-doping authorities and sporting organizations around the world. At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16. The methods used in the attacks are similar to the those previously used by Strontium: spear phishing, password spray, exploiting Internet-connected devices, and the use of both open-source and custom malware.
Microsoft tracked new attacks linked to the Strontium (also known as Sofacy, Fancy Bear, and APT28) threat entity that focused on anti-doping authorities and sporting organizations around the world. At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16. The methods used in the attacks are similar to the those previously used by Strontium: spear phishing, password spray, exploiting Internet-connected devices, and the use of both open-source and custom malware.
Massive Data Dump of Indian Bank Cards Discovered in Joker's Stash (10/29/2019)
Group-IB uncovered a database holding more than 1.3 million credit and debit card records of mostly Indian banks' customers that was uploaded to Joker's Stash on October 28. The underground market value of the database is estimated at more than $130 million USD. Joker's Stash is an underground credit card shop. This particular dump, in which 98% of the cards belong to Indian banks, can be used to produce cloned cards for further cashouts.
Group-IB uncovered a database holding more than 1.3 million credit and debit card records of mostly Indian banks' customers that was uploaded to Joker's Stash on October 28. The underground market value of the database is estimated at more than $130 million USD. Joker's Stash is an underground credit card shop. This particular dump, in which 98% of the cards belong to Indian banks, can be used to produce cloned cards for further cashouts.
Ongoing Phishing Attack Targeting UN and Humanitarian Organizations (10/29/2019)
Lookout has detected a mobile-aware phishing campaign targeting non-governmental organizations around the world, including a variety of United Nations humanitarian organizations, such as UNICEF. Lookout has contacted law enforcement and the targeted organizations, but the attack is still ongoing. The infrastructure connected to this attack has been live since March. Two domains have been hosting phishing content, session-services[.]com and service-ssl-check[.]com, which resolved to two IPs over the course of this campaign, which is using keylogging and a mobile-aware functionality.
Lookout has detected a mobile-aware phishing campaign targeting non-governmental organizations around the world, including a variety of United Nations humanitarian organizations, such as UNICEF. Lookout has contacted law enforcement and the targeted organizations, but the attack is still ongoing. The infrastructure connected to this attack has been live since March. Two domains have been hosting phishing content, session-services[.]com and service-ssl-check[.]com, which resolved to two IPs over the course of this campaign, which is using keylogging and a mobile-aware functionality.
Researchers Dive into Hacking Forum to Learn More about Rig EK (10/29/2019)
While researching a malware sample spread by the Rig exploit kit (EK), the researchers at Check Point Software were led to the HackForums underground market where they learned about the hacking community and the EK itself in some detail. The scientists discovered that a new hacker can easily start up a business after joining an underground forum and buying different cyber attack products. Additionally, Rig EK miscreants are actively reselling the exploitation service to different customers on different "flows" and providing them with a Rig public statistics link. This allows customers to re-resell this service to their own customers and distribute whatever variant they have.
While researching a malware sample spread by the Rig exploit kit (EK), the researchers at Check Point Software were led to the HackForums underground market where they learned about the hacking community and the EK itself in some detail. The scientists discovered that a new hacker can easily start up a business after joining an underground forum and buying different cyber attack products. Additionally, Rig EK miscreants are actively reselling the exploitation service to different customers on different "flows" and providing them with a Rig public statistics link. This allows customers to re-resell this service to their own customers and distribute whatever variant they have.
Steam Gamers Victimized by Fake, Yet Legitimate Looking Online Stores (10/29/2019)
A phishing scam targeting users of the Steam online gaming platform has spiked since June, the researchers at Kaspersky say. Attackers lure users to sites that mimic or copy online stores linked to Steam that sell in-game items. The fake resources are high-quality, making it difficult to distinguish them from the real thing.
A phishing scam targeting users of the Steam online gaming platform has spiked since June, the researchers at Kaspersky say. Attackers lure users to sites that mimic or copy online stores linked to Steam that sell in-game items. The fake resources are high-quality, making it difficult to distinguish them from the real thing.