ARTICLES & INSIGHTS

The Week In Review 05/04 – 09/04

Traditionally, cartels are notorious for their reach, fear factor, and ability to circumvent the law in pursuit of profits. So it is quite a fearful thought when four of the biggest cyber criminal groups in the world announce that they have decided to work together, effectively forming the world’s first ransomware cartel. The cyber criminal groups Twisted Spider, Viking Spider, Wizard Spider, and the Lockbit Gang announced over summer 2020 that they intended to join forces. After an extensive National Security Report into the claim was published it was determined that they did not operate like a traditional cartel does, however, it was noted that it was extremely concerning that they are reinvesting profits from their malicious activities back into improving and refining their respective operations. This is not a story we expect to die down any time soon. Another eye catching story this week was one that we think not too many people would have expected. The COVID-19 pandemic has seen a surge in cyber crime, some obvious and some not so much. It seems that the cyber criminals have taken full advantage of the lockdown with people staying at home and enjoying more than the usual amount of red from the comfort of their own home. Wine related cyber crime has surged in recent months, with Area 1 Security citing the increase in ‘virtual happy hours’ with friends over skype as correlating with the increase in malicious domains being registered in relation to wine. The domains primarily targeted users of their sites through malicious email marketing, which often contained ransomware or other malware that infected devices upon being opened.

Cryptocurrency users were under attack, again, recently from a malicious app impersonating the global wallet solutions provider Trezor. The app itself was available on both the Google Play Store and iOS App Store and claimed to be from SatoshiLabs the wallet’s creator. The app worked by asking users to input their pass phrase, granting the malicious actors access to their personal wallets and quickly draining them. In total the scam has made over $1m in crypto assets, and with the current bull market trend that could very quickly be worth multiple millions. A platform also popular with crypto investors and enthusiasts, Discord, has also been targeted by cyber criminals, along with the well known messaging service Slack. By exploiting Slack and Discord links, criminals are sending malware to users of the services, encouraging them to view or download files on the platforms. The links can be sent externally or internally and with the huge uptake in both services since Covid began, the likelihood of people clicking on them is also increasing. Security firm Zscaler noted that they have seen as many as two dozen malware variants per day appearing through malicious Discord links.

Another notable mention for the recently plagued WhatsApp in this weeks news. Cyber security researchers have discovered another piece of wormable Android malware capable of propagating in WhatsApp messages. Under the guise of a rogue Netflix app ‘FlixOnline’, the cyber criminals were able to respond to incoming WhatsApp messages with a malicious payload, as well as creating fake Login screens for other apps with the objective to steal users credentials.

Ensure your company is equipped to deal quickly and effectively with any breach. Dionach provide industry leading Cyber Security Incident Response (CSIR) for organisations globally. 

Read about all of this and more below:

Cisco fixes bug allowing remote code execution
(bleepingcomputer.com)

Wine scams spike during COVID-19 lockdown
(cyberscoop.com)

Is there a new cyber criminal cartel?
(darkreading.com)

Fake Trezor wallet steals over $1m in crypto
(malwarebytes.com)

Gigaset Android smartphones infected with malware after supply chain attack
(securityaffairs.co)

99% of security professionals concerned about their IoT and IIoT security
(helpnetsecurity.com)

Coca-Cola trade secret theft highlights importance of insider threat early detection
(csoonline.com)