Tuesday 26th November 2024

Good morning! Thank you for joining me for the latest instalment of Cyber Daily. In today's edition, we’re channeling a little hacker energy—with a twist. While bad actors like PopeyeTools are getting caught, ethical hackers are helping secure our water systems and critical infrastructure. Meanwhile, cyber spies are turning the office next door into their playground, and the fight against ransomware is spreading to Linux and VMware systems. It’s a wild world out there, but rest assured: innovation and enforcement are fighting back.

Nearest Neighbour Cyberespionage

Your neighbour’s Wi-Fi could be your next cybersecurity headache. Volexity uncovered a crafty "nearest neighbour attack" by APT28, a Russian state-backed group, exploiting physical proximity to compromise a client’s network. They started with password-spraying web portals for login credentials. Multi-factor authentication (MFA) protected most systems—except the Wi-Fi network.

APT28 breached neighboring offices, commandeered devices with dual network adapters, and hopped onto the target’s Wi-Fi to exfiltrate data. Volexity’s advice? Secure all networks with MFA and isolate guest Wi-Fi to prevent crossover risks.

Hackers Step Up to Secure US Water Systems

Hackers aren’t just breaking into systems—they’re shoring them up. The Franklin Project, launched at DEF CON, has kicked off with six US water companies signing on to let top coders probe their systems for vulnerabilities and fix them. The initiative, led by DEF CON founder Jeff Moss, aims to strengthen critical infrastructure and compile learnings in an annual "Hacker's Almanack."

Partnering with the University of Chicago’s Cyber Policy Initiative and the National Rural Water Association, the project targets small water systems, which make up 91% of the nation’s 50,000 suppliers. Volunteers, ranging from students to seasoned pros, will help harden IT systems against threats from cyber-savvy adversaries like China, Russia, and Iran.

Cyberattacks on water systems could jeopardize public health. This grassroots approach ensures even rural communities get the tools they need to prepare and respond. Because clean, secure drinking water isn’t optional.

U.S. Takes Down PopeyeTools Carding Marketplace

The DOJ scored a major victory against cybercrime, taking down the dark web marketplace PopeyeTools and charging its operators. The site, operational since 2016, trafficked in stolen credit card information, bank account details, and tools for conducting fraud, generating $1.7 million in illicit revenue.

Authorities arrested Abdul Ghaffar (25) and Abdul Sami (35) from Pakistan and Javed Mirza (37) from Afghanistan. The trio faces charges including conspiracy to commit access device fraud and solicitation of access devices. If convicted, they could serve up to 10 years per charge.

US officials also seized PopeyeTools domains and $283,000 in cryptocurrency linked to the scheme. The site offered services like refund guarantees on invalid cards and validity checks for stolen data, facilitating fraud on a massive scale.

It’s another win for the DOJ’s multi-pronged approach to fighting cybercrime, combining legal charges, asset seizures, and international cooperation to dismantle illicit online marketplaces.