Security News > 2023 > February

In brief A Russian national has been hit with a five-count indictment alleging he smuggled hardware and software used for counterintelligence operations out of the US to the Russian Federal Security Service and North Korea. He's being charged with conspiracy to defraud the US, conspiracy to violate the International Emergency Economic Powers Act, two counts of conspiracy to violate the Export Control Reform Act and smuggling.

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games," AhnLab Security Emergency response Center said in a report last week.

Resecurity identified one of the largest investment fraud networks by size and volume of operations created to defraud Internet users from Australia, Canada, China, Colombia, European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, Mexico, the U.S. and other regions. Modus operandi of the group was focused on investment options in non-existing products and investment plans supposedly offered by the Fortune 100 corporations and state-owned entities.

Newly released Federal Trade Commission data shows that consumers reported losing nearly $8.8 billion to fraud in 2022, an increase of more than 30 percent over the previous year. Consumers reported losing more money to investment scams - more than $3.8 billion-than any other category in 2022.

Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control to deliver a secondary payload," Menlo Security researcher Abhay Yadav said.

The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy Tancio, Jed Valderama, and Catherine Loveria said in a report published last week.

The Dutch police announced the arrest of three individuals in connection with a "Large-scale" criminal operation involving data theft, extortion, and money laundering. The Politie said its cybercrime team started the investigation nearly two years ago, in March 2021, after a large Dutch company suffered a security breach.

As part of this, he listed a series of key questions that every organization should ask itself to properly understand the risks faced. Does the organization know what its "Crown jewels" are? Does the organization have a thoughtful security culture at all levels, or does everyone leave it to a security department that's off to one side, only to be contacted in an emergency? Has the organization put the right controls in place to assess the risks attached to its funding sources and partnerships, and to protect its supply chain? Does the organization have a strategic approach to managing the risks and have those risks been discussed at board level?

In this Help Net Security video, Caroline Wong, Chief Strategy Officer at Cobalt, offers valuable insight into what leaders can do to instill stronger cybersecurity practices from the bottom up...

Analyzing wiper malware data reveals a trend of cyber adversaries consistently using destructive attack techniques against their targets. Later in the year, wiper malware expanded into other countries, fueling a 53% increase in wiper activity from Q3 to Q4 alone.