Cybercrime

Increased Truebot Malware infection identified by threat intelligence research group CISCO

CISCO identified an increased infection of Truebot malware, with a high possibility of its association with the Evil Corp threat actor. CISCO also found that attackers shifted their malicious delivery methods among various techniques. In October 2022, many infections used Raspberry Robin, a recent malware spread through USB drives, as a delivery vector. One of these attacks had a fully featured custom data exfiltration tool named Teleport, which was used to steal information. So far, two Truebot botnets have been identified. The first is distributed online, focusing on Mexico, Pakistan, and Brazil. In contrast, the second mainly focuses on the USA and is almost exclusively composed of Windows servers.

Amnesty International Canada target of sophisticated cyberattack

In October 2022, Amnesty International Canada detected and investigated a sophisticated digital security breach. The organisation announced that, according to forensic experts at the cybersecurity firm Secureworks, the attack was likely orchestrated by ‘a threat group sponsored or tasked by the Chinese state’. The conclusion was based ‘on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups’. China’s embassy in Ottawa denied the allegations

Ransomware attack forces French hospital to transfer patients

A ransomware attack affecting phone and computer systems of the André-Mignot teaching hospital in the suburbs of Paris forced the institution to shut down. While a ransom of an unspecified amount has been demanded, a spokesperson for the hospital had stated that they have no intention of paying it. The attack has caused the hospital to cancel operations and transfer six patients from its neonatal and intensive care units to other health facilities. The attack is currently being investigated by the French National Authority for Security and Defense of Information Systems (ANSSI).

Cybercrime-as-a-service, ransomware still on the rise

Cybercrime-as-a-service is expanding, given its lucrative business model that requires basic technical skills. This is among the key findings highlighted in the 2023 Threat Report issued by cybersecurity company Sophos.

The report also notes that, in addition to the usual malware, scamming and phishing kits, cybercriminals are now selling tools and capabilities that were once reserved for the most skilled and sophisticated attackers. Ransomware-as-a-service has gotten particularly popular among threat actors, leading to a lower entry barrier for would-be criminals. As a mitigation tool, IT managers are looking at Managed Detection and Response (MDR) services to spearhead early detection and interception of attacks.

New guidance note by Council of Europe’s Cybercrime Convention Committee (T-CY) on ransomware

The Council of Europe’s Cybercrime Convention Committee (T-CY) has adopted a guidance note (GN) on ransomware, which outlines how the Budapest Convention and its Second Additional Protocol could be used to criminalise, investigate, and prosecute ransomware-related offences. The GN follows statements from the Convention’s Parties and Observers regarding the surge of major ransomware attacks in recent months.

Belgian police faced with major data leak

The RagnarLocker ransomware has been linked to an incident in which a ransomware organisation began leaking highly sensitive data stolen from a Belgian police force in Antwerp, in what is being characterised as one of the country’s largest breaches.
‘This is a case of human error, and this is how crime reports and fine notices, but also photographs of child abuse have been leaked’, stated Chief Commissioner of Police Zwijndrecht, Marc Snels.
The number of citizens affected by the breach is unknown, but they include victims, perpetrators, witnesses, and those under surveillance, with potentially serious implications if their identities are revealed.

Spoofing services website causing worldwide loss has been taken down

In an internationally coordinated action led by the UK and supported by Europol and Eurojust, 142 suspects have been arrested for allegedly running a website that offered spoofing services. These services allowed cybercriminals to impersonate trusted corporations such as banks, retail companies, and government institutions and then access sensitive information. Evidence shows that the estimated worldwide loss has been more than EUR 115 million. National authorities from the EU, Australia, and Canada supported the investigation. At the same time, Europol’s European Cybercrime Centre (EC3) provided a secure platform and was thus able to identify additional users of spoofing services.

Killnet hits EU Parliament website with DDoS attack

The European Parliament website has been taken down by a DDoS attack claimed by Anonymous Russia, a member of the pro-Russian hacktivist group Killnet.

The President of the European Parliament confirmed the event, saying that the Parliament’s ‘IT experts are pushing back against it and protecting our systems’.

The attack occurred after the European Parliament designated Russia a state sponsor of terrorism and members advocated that Russia be more isolated internationally.

Study conducted in Australia shows strong links between data breaches and cybercrime victimisation

An extensive survey conducted in Australia in 2021 revealed that one in ten respondents had been notified of a data breach within the previous twelve months, with roughly 28% of those respondents reporting that they had been a victim of identity theft. Data breaches were mainly due to data custodians being targeted by malicious actors, or to information held by these custodians being released due to human error. Significant relationships were also discovered between data breaches and online scams and fraud, and ransomware.