Friday Five: FCC Combating Malware and Cybercrime, Mac Malware, & More
Despite the recent dismantling of a ransomware gang, malware remains on the rise and the FCC is making moves to combat cybercrime. Catch up on the latest in this week's Friday Five!
RANSOMWARE GANG BROKEN UP IN UKRAINE AS A RESULT OF INTERNATIONAL OPERATION BY AJ VICENS
Ukrainian authorities have arrested five individuals, including the alleged leader, in connection with an international investigation into ransomware attacks. The arrests were part of a probe that began in 2019 and involved personnel from seven countries, including the U.S. Secret Service and the FBI. The attackers targeted victims in 71 countries, using ransomware variants such as LockerGoga, MegaCortex, HIVE, and Dharma. The group successfully encrypted over 250 servers belonging to large corporations, resulting in losses exceeding several hundred million euros. The arrests are part of ongoing efforts by international law enforcement to disrupt ransomware activities.
USB WORM UNLEASHED BY RUSSIAN STATE HACKERS SPREADS WORLDWIDE BY DAN GOODIN
The Russian state-sponsored hacking group known as Gamaredon, Primitive Bear, or ACTINIUM, has extended its reach beyond Ukraine by allowing USB-based espionage malware to infect organizations in other countries. Tracked as LitterDrifter, the malware is designed to spread from USB drive to USB drive and permanently infect devices connecting to such drives. Gamaredon, which is known for targeting Ukrainian entities, has been active since at least 2014. Researchers have observed indications of possible infections in the US, Vietnam, Chile, Poland, Germany, and Hong Kong. LitterDrifter is a self-propagating worm that can spread rapidly across networks.
FCC WANTS TO IMPROVE CYBER PROTECTIONS FOR SCHOOLS, LIBRARIES BY CHRIS TEALE
Ransomware attacks and cybersecurity threats against schools are rising, with the Los Angeles Unified School District being one of the highest-profile victims. A recent global study revealed that 80% of schools experienced ransomware attacks in 2022, up from 56% in 2021. In response to the escalating threats, the Federal Communications Commission (FCC) announced a three-year, $200 million Schools and Libraries Cybersecurity Pilot Program to help K-12 schools enhance their cybersecurity defenses. However, some advocates have expressed concerns about the three-year timeline, urging the FCC to expedite the initiative to address the urgent need for cybersecurity protections. The pilot program aims to collect data from participating schools to identify effective cybersecurity measures and provide funding to support their implementation.
FCC ADOPTS NEW RULES TO PROTECT CONSUMERS FROM SIM-SWAPPING ATTACKS BY SERGIU GATLAN
The Federal Communications Commission (FCC) has introduced new rules to protect consumers from SIM swapping attacks and port-out fraud. These scams involve criminals redirecting wireless services or transferring phone numbers to different carriers without the device owner's consent, leading to significant financial losses and identity theft. The updated regulations mandate that wireless service providers implement secure authentication procedures before transferring a customer's phone number, notify customers promptly of SIM changes or port-out requests, and take additional precautions to prevent such attempts. The move is a response to the increasing wave of consumer complaints and escalating incidents of SIM swapping attacks. The FBI had already warned about criminals using SIM swap attacks to steal millions by hijacking victims' phone numbers.
ATOMIC STEALER DISTRIBUTED TO MAC USERS VIA FAKE BROWSER UPDATES BY JÉRÔME SEGURA
The AMOS (Atomic Stealer) malware, previously known for targeting Windows users, is now being delivered to Mac users through a fake browser update chain called 'ClearFake.' ClearFake leverages compromised websites to distribute fake browser updates and has become a prevalent and dangerous social engineering scheme. The threat actors behind ClearFake use compromised sites to reach a wider audience and steal credentials and files of interest that can be monetized or repurposed for additional attacks. Mac users are advised to be cautious and leverage web protection tools to block the associated malicious infrastructure.