Your kids are most likely back in school this week, either virtually or in-person. This has to mean you’ll finally have a chance to take a second and breathe, right? Wrong. The life of a cybersecurity professional never seems to slow down, despite constantly changing circumstances. This fact is why Byte Sized News is so vital for our audience. Stay up to date on a few of the most important stories from the industry, all in one place in our weekly series on the PlexTrac Blog.
While hackers are often stereotyped and misunderstood as a group, it is no secret that the majority of this week’s top stories are about the typical type of hoodie-wearing, mischief-causing hackers we see in pop culture. With that being said, the newest installment of Byte Sized News is sure to be an interesting one, highlighting hackers from all over the globe.
As always, this series isn’t intended to provide readers with details on every story and topic but rather to fill busy professionals in on the most compelling developments in the field.
Our first article from the week comes from Dark Reading and details a warning from the US about North Korean hacker group BeagleBoyz. The warning was sent from US law enforcement and government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the FBI, and the US Cyber Command. All of these agencies came together to release a joint statement concerning an ongoing campaign by the North Korean government in an attempt to rob US banks. These campaigns are being carried out via an ATM cash-out scheme, which has been dubbed “FASTCASH 2.0: North Korea’s Beagleboyz Robbing Banks.” The BeagleBoyz have attempted to steal at least $2 billion since 2015, and to make matters worse, frequently leave their victim’s banking systems damaged or inoperable.
Our next story from the week comes from the US Attorney’s Office from the District of Nevada and details the arrest of a Russian Nationalist for attempting to introduce malware into a computer network in the state of Nevada. This individual allegedly had a prominent role in attempting to recruit an employee from a Nevada-based company to introduce the malicious software into his company’s network, extract data from that network, and extort ransom money from the company. The employee of the company was offered $1 million dollars to help the Russian group carry out the plan but refused to do so. “As Nevada’s economy diversifies and evolves into a center for technological innovation, our office will continue to prioritize protecting trade secrets and other confidential information belonging to U.S. businesses,” said U.S. Attorney Trutanich. “Working with our law enforcement partners, we are committed to holding accountable anyone who plots to use malicious cyber tactics to harm American consumers and companies.” The FBI was able to intervene in the discussions between the hacker and the employee before any real damage was able to be done, and the individual was quickly apprehended. Egor Igorevich Kriuchkov, 27, a citizen of Russia, has since been charged in a complaint on one count of conspiracy to intentionally cause damage to a protected computer. Kriuchkov faces a maximum sentence of five years in prison and a $250,000 fine.
Moving on to a new article from Threatpost, we get details on a cyber-espionage attack via a flaw in Autodesk. Autodesk is a popular 3D computer graphics software which had a critical flaw in its system exploited. This flaw was then used against an international architectural and video production company. Researchers in this article claim that the attacks were carried out by a sophisticated, APT-style group that had a previous baseline of knowledge about the company’s security systems. The group then used a series of tactics to infiltrate the company’s security and exfiltrate data all while remaining undetected. The targeted company was not named in the research but allegedly has been involved in billion-dollar real estate contracts in areas like New York, London, Australia, and Oman. The bulk of this attack was carried out using a malicious plugin for the Autodesk 3ds Max application. Autodesk issued a statement on the flaw utilized earlier this month: “Autodesk recommends 3ds Max users download the latest version of Security Tools for Autodesk 3ds Max 2021-2015SP1 available in the Autodesk App Store to identify and remove the PhysXPluginMfx MAXScript malware.”
Our second to last story from the week comes from InfoSecurity Magazine, and details research published by Barracuda Networks, which claims that local government bodies are targeted by ransomware more than any other type of organization. This research looked at 71 global ransomware incidents that all took place over the past 12 months. Diving deeper into the statistics shows that 44% of the global ransomware attacks that have taken place so far in 2020 have been aimed at municipalities. This number lines up almost perfectly with the data from 2019, where municipalities made up 45% of attacks. The attack highlighted by Barracuda was the Redcar and Cleveland council’s computer system in the UK, which cost authorities more than £10m. Additionally, 15% of municipalities confirmed that they made payments on these ransomware attacks, which shows a sharp increase from 0% last year. You can view Barracuda’s findings from many other industries in the full article linked below.
Our last InfoSec article from the week also comes from InfoSecurity Magazine, and details a nefarious giveaway scam that has infected thousands of unknowing victims. This scam was put on by a family of Android-based apps which used the bait of free items to lure victims into a malware infection. Victims of the scam were told that they would receive a free gift by downloading the app, but the only gift they received was a malware infection that silently loads ads in the background of the victims smart devices. The ad fraud was discovered by research group White Ops’ Satori Threat Intelligence & Research Team. This team discovered that by the end of June 2020 more than 65,000 devices were hit with the malware over 5,000 spoofed apps, and more than 2 billion big requests had been generated. “What makes this unique is that the fraudsters were advanced in knowing how to pull off ad fraud verification plausibly,” said a White Ops spokesperson. “This means the ads were never being reported via the Google Play Store for showing ads, nor were users complaining of seeing unwanted ads. Instead, they were lying dormant, and the only ‘free product’ being delivered to users was a payload of ad fraud malware.” The gifts offered up to the victims included free boots, sneakers, tickets, coupons, and many more items. What made the attack worse was that reviews for the apps started very high, with unknowing victims praising the company for their giveaway idea. These reviews likely increased the attack’s credibility for future victims, only compounding the problem.