Spain arrests hacker, FCC Robocallers, Ransoms decrease 35%
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Spain arrests hacker of U.S. and Spanish military agencies
Spanish police arrested a suspect for allegedly conducting 40 cyberattacks targeting critical organizations and universities. The police said the suspect accessed internal data and personal info of employees and customers and used BreachForums to sell and leak the data. Leaks for NATO, the U.S. military, and Spain’s Guardia Civil and Ministry of Defence were listed as most successfully sold. During a raid of the suspect’s residence, police found and seized multiple computers, electronic devices, and 50 cryptocurrency accounts. The hacker could face a maximum sentence of 20 years in prison under Spanish law.
Robocallers called the FCC pretending to be from the FCC?
The Federal Communications Commission (FCC) has voted to propose fining VoIP telco, Telnyx, $4,492,500 after scammers took advantage of their service. The FCC was alerted to the issue on February 6 of last year after several staff, and their family members, received robocalls to their work or personal numbers with a message claiming to be from an imaginary FCC Fraud Prevention Team. The calls went on for a day before being shut down. FCC head Brendan Carr said he was pleased with the bi-partisan support for the fine and added, “Cracking down on illegal robocalls will be a top priority at the FCC.” Telnyx has appealed the proposed fine and said it acted responsibly by stopping the robocalls as soon as it was alerted.
Ransomware payments decreased 35% year-over-year?
According to a new report from Chainalysis, in 2024, ransomware attackers racked up $813.55 million in victim payments, a 35% decrease from 2023’s record-setting year of $1.25 billion. The drop is attributed to increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay. The report highlighted ransomware gang disruption including the LockBit takedown in February 2024 and BlackCat’s apparent ‘exit scam’ following its attack on Change Healthcare. While LockBit has rebranded and made a comeback, payments to the group fell by around 79% in H2 2024 compared to H1. Chainalysis observed many attackers shifting tactics, with new ransomware strains and also getting quicker with ransom negotiations, often beginning within hours of data exfiltration.?
Thailand cuts power supply to Myanmar scam hubs
On Wednesday, Thailand cut off the supply of fuel, internet and electricity to three cities in Myanmar, where criminal syndicates have set up hubs devoted to online fraud. Last week, Chinese authorities called on the Thai government to do more to stop scamming activity in Myanmar. The Chinese Foreign Ministry said Wednesday that China “attaches great importance” to combatting “the recent string of cross-border telecom fraud and other vicious cases along the Thailand-Myanmar border.” China and Thailand have reportedly pledged to set up a coordination center in Bangkok this month to combat cyber scams.?
领英推荐
Huge thanks to our sponsor, ThreatLocker
Mobile apps found using OCR to steal crypto?
Researchers at Kaspersky have identified a new campaign, called “SparkCat” infecting Android and iOS apps on Google and Apple app stores. An SDK on infected apps utilizes a malicious Java component called “Spark,” disguised as an analytics module. The malicious components load different OCR models (depending on the language of the system) that attempt to locate and extract victim recovery phrases that can be used by attackers to load crypto wallets on their devices without knowing the password. According to Kaspersky, there are 28 infected Android and iOS apps, with many still available in their respective app stores. The infected apps were downloaded over 242,000 times on Google Play alone.? Kaspersky said users should delete these apps from their phone and should avoid storing recovery phrases in screenshots. Instead, users should store the phrases in encrypted offline storage devices or password managers.
Attackers target education sector to hijack Microsoft accounts
Researchers from Abnormal Security discovered the campaign, which is targeting about 150 organizations, mostly in the education sector, that rely on Microsoft Active Directory Federation Services (ADFS) to authenticate across on-premises and cloud-based systems. The campaign uses spoofed phishing emails that appear to be from the organization’s IT help desk telling the recipient that an important update that requires immediate attention. Links direct victims to fake Microsoft ADFS log-in pages, which are personalized for the particular MFA setup used by the target. Once a victim enters credentials and an MFA code, attackers take over the accounts and are able to pivot to other services through the SSO function. Experts say this risk can be mitigated by moving away from legacy AFDS to modern identity platforms and upgrading to phishing-resistant MFA.
Man sentenced to 7 years for role in $50M internet scam
59-year-old Californian, Allen Giltman, pleaded guilty to building a network of fraudulent websites. According to a US Department of Justice (DOJ), between 2012 and October 2020, Giltman and others created at least 150 bogus websites posing as real financial institutions. Unwitting victims came across the fraudulent sites via internet search advertisements. Lured by promises of high-return investment opportunities, victims contacted Giltman using the phone number or email provided. Giltman would impersonate real FINRA broker-dealers to set up fake investment transactions and then moved his victims’ swindled funds to bank accounts around the world. Collectively, Giltman scammed over 70 people out of roughly $50 million. Many victims were older adults investing their retirement savings. Giltman has been sentenced to 87 months in prison and has been ordered to forfeit around $100,000.
(Tripwire)
Abandoned AWS cloud storage is a major cyber risk
Researchers from watchTowr discovered around 150 Amazon Web Services S3 buckets that were formerly used by organizations for software deployment and updates but were then abandoned. The researchers registered the unused buckets using their original names for a total of around $400, and enabled logging on them to see what requests might flow into them. In a two-month period, the S3 buckets received a staggering 8 million file requests including those from government agencies in the U.S., the UK, Australia, Fortune 100 companies, banking institutions, and cybersecurity companies.? Had the researchers been threat actors, they could have responded to any of these requests with malicious software updates allowing them access to the requesting organization’s AWS environment or virtual machine. AWS quickly sinkholed the S3 buckets that watchTowr identified but the broader risk posed by abandoned cloud services still persists.