Police busted a phishing rental platform and a nine-year-old virus found on computers in Ukraine.
Welcome to Cybersecurity Today. It's Friday, April 19, 2024. I'm Howard Solomon.
Europol European Police Cooperative One of the largest phishing-as-a-service platforms says it has suffered a severe outage. This week, law enforcement agencies in 19 countries, including the UK, US, and Canada, shut down LabHost's IT infrastructure. They also arrested 37 suspects. The site sold access to things like phishing kits and infrastructure for hosting fake web pages for a monthly subscription. An estimated 10,000 criminals worldwide have used its services. Singapore-based cybersecurity firm Group IB says LabHost had a Canadian side. The service was actively promoted by three of his users on the channel of his Telegram messaging service in Canada. One of these users owns LabHost Refunds, a service that only operates in Canada. This user was also selling Canadian profiles for creating credit cards and opening bank accounts. Europol said four of the 37 people arrested were based in the UK and are suspected of operating the site, including the alleged original developer.
The virus remains undetected According to Cisco Systems researchers, it has been used on some Windows systems in Ukraine since 2015. As part of our regular threat hunt in open source repositories of infected documents, Cisco has discovered more than 100 infected documents that may contain sensitive information regarding government and police activities in Ukraine. This document can only be spread by sharing via removable media, such as a USB stick. It is unknown who created the virus.
I have cyber insurance. But is it enough? Probably not, says CYE, a company that measures cyber risk for organizations. CYE examined a dataset of 101 data breaches and found that 80% of people with insurance did not have enough insurance to pay the full cost of a data breach. Masu. On average, three-quarters of insurance costs were not covered.
finally, Attackers are targeting governments in the Middle East with new ways to hide malware internationally. According to researchers at Kaspersky Lab. Organizations in the United States, Canada, Japan, the Netherlands, Luxembourg, and South Korea have submitted examples of the malware to virus scanning services, saying IT personnel in those countries may have encountered the malware. Kaspersky is calling this campaign his Dune Quixote. The goal is to install a memory-only backdoor using a regular dropper or a modified installer file of a legitimate tool called Total Commander. What is unique is the use of Spanish poetry excerpts within the code to avoid detection by anti-malware tools.
That's it for now. However, the Week in Review podcast will be available later today. My guest is Jen Ellis, a member of the Ransomware Task Force, who will be speaking about a recent report on steps governments should take before passing laws that prohibit organizations from paying ransoms.
Follow Cyber Security Today on Apple Podcasts, Spotify, or add us to Flash Briefing on your smart speaker.
