We’d like to open this episode of “Byte Sized News” by thanking you, the reader. Thank you for the endless support of PlexTrac, whether you’re a long-time user of the platform or simply someone who stumbled onto our site to get cybersecurity news. We appreciate all of you.
With that being said, we have a great installment of “Byte Sized News” for all of you this week. Some very interesting developments happened in the cybersecurity sphere this week, and we can’t wait to share a few of the top stories with all of you! A good chunk of the relevant news articles this week relate to cybercrime groups and nefarious outlaw hackers. This is both exciting to hear about, but also terrifying to talk about as a security professional. I guess that’s why you get paid the big bucks, right? As always, this series isn’t intended to provide readers with details on every story and topic, but rather to fill busy professionals in on the most compelling developments in the field.
Without further ado, let’s get to this week’s top news stories!
Our first article from the week comes from Threatpost. This article discusses notorious hacker “Fxmsp.” Fxmsp, a Kazakh native, made headlines last year when he hacked McAfee, Symantec, and Trend Micro. Fxmsp has reportedly been outed as a male named Andrey Turchin. Turchin is facing charges dating back to 2018. Documents relating to these charges were unsealed by the Western District of Washington after a security firm named Group-IB publicly unmasked the hacker in an analysis in June of 2020. According to the Feds’ allegations, Turchin is a part of “a prolific, financially motivated cybercriminal group composed of foreign actors that hacks the computer networks of a broad array of corporate entities, educational institutions and governments around the world including the United States and sells such unauthorized access to its victims’ protected systems.”
Our next article from the week also comes from Threatpost. This article discusses the Cerberus malware and its release on the Google Play marketplace. Cerberus is a form of malware that can steal banking credentials, bypass security measures and access text messages. According to this report a malicious Android app has been uncovered on the Google Play store that is distributing the banking trojan, Cerberus. The app currently has 10,000 downloads on the platform. Researchers say that the trojan was found within the last few days, as it was being spread via a Spanish currency converter app called “Calculator de Moneda.” The app has been available to Android users since March of 2020. “It uses Android’s accessibility function, as well as the overlay attack mechanism, which is typical for banking trojans, so when a user opens their regular banking app, an overlay screen is created, and the user’s login details collected,” Ondrej David from Avast said earlier this week.
Our next story this week, one from Microsoft’s blog, is an uplifting one. It is common knowledge in the InfoSec community that COVID 19 has created more and more opportunity for bad actors to take advantage of a bad situation and make it worse by stealing valuable data. Today, the U.S. District Court for the Eastern District of Virginia unsealed documents detailing Microsoft’s work to disrupt these cybercriminals that were taking advantage of the pandemic in an attempt to defraud customers in 61 countries. The civil case has resulted in a court order allowing Microsoft to seize control of the key nefarious domains in the criminals’ infrastructure so that they can no longer be used to execute cyberattacks. These cybercriminals designed phishing emails to look like they originated from an employer or another truster source and would use the templates to target business leaders across a variety of industries. Now these attacks are dead in the water, as the criminals no longer have control of their attack domains.
Our last story from the week comes from Wired. This article goes in-depth on the Russian hacking group dubbed “Cosmic Lynx,” who use surprisingly sophisticated methods and target big fish in the InfoSec industry. A newly discovered “business email compromise” campaign allegedly has come directly from Moscow in Russia. This is the work of Cosmic Lynx, a group who has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari. These BEC campaigns mainly targeted senior executives at large organizations and companies in 46 countries. Cosmic Lynx specialized in very specific and relevant scams mostly related to mergers and acquisitions. The group typically ends up requesting hundreds of thousands of dollars, if not millions, as a part of its hustles. These researchers, who have worked extensively on tracking Nigerian BEC scammers, say they don’t have a good grasp on how often Cosmic Lynx succeeds at obtaining a payout. Considering the group hasn’t lowered its asking prices in the year they’ve been around suggests that Cosmic Lynx must be raking in a hefty amount of money.