Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more.

Welcome to Cyber Security Today. It’s Friday, April 19th, 2024. I’m Howard Solomon.

 

The Europol European police co-operative says one of the largest phishing-as-a-service platforms has been severely disrupted. This week law enforcement agencies from 19 countries including the U.K., the United States and Canada shut the IT infrastructure of LabHost. They also arrested 37 suspects. For a monthly subscription the site sold access to phishing kits, infrastructure for hosting phony web pages and more. An estimated 10,000 crooks around the world used its services. Singapore-based cybersecurity firm Group-IB says there was a Canadian angle to LabHost. The service was actively promoted in a Canadian channel on the Telegram messaging service by three users. One of those users owns the service LabHost Refunds, which only operates in Canada. This user also sold profiles of Canadians for creating credit cards or opening bank accounts. Europol said four of the 37 people arrested were in the U.K. and allegedly ran the site, including the alleged original developer.

A virus has been sitting undetected since 2015 on some Windows systems in Ukraine, say researchers at Cisco Systems. As part of a regular threat hunting in open-source repositories for infected documents, Cisco found over 100 infected documents with potentially confidential information about government and police activities in Ukraine. The documents could only be spread by being shared through removable media like USB memory sticks. It isn’t known who created the virus.

So you’ve got cyber insurance. But do you have enough? Maybe not, says CYE, a company that measures cyber risk of organizations. Looking at a dataset of 101 data breaches, CYE says 80 per cent of those with insurance didn’t have sufficient coverage to pay for their full data breach costs. On average three-quarters of insurable costs weren’t covered.

Finally, a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international. That’s according to researchers at Kaspersky. It says organizations in the U.S., Canada, Japan, the Netherlands, Luxembourg and South Korea have submitted examples of the malware to a virus scanning service, suggesting IT people in those countries have come across it. Kaspersky calls this campaign DuneQuixote. The goal is to install a memory-only backdoor using either a regular dropper or tampered installer files for a legitimate tool called Total Commander. What’s unique is the use of snippets from Spanish poems in the code to help evade detection by anti-malware tools.

That’s it for now. But later today the Week in Review podcast will be available. My guest will be Jen Ellis, a member of the Ransomware Task Force, who will talk about its recent report on steps governments should take before passing laws forbidding organizations from paying ransoms.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.