Monday, December 2, 2024
Latest:
The Register 

Interpol nabs thousands, seizes millions in global cybercrime-busting op

TH Author

Infosec in brief Interpol and its financial supporters in the South Korean government are back with another round of anti-cybercrime arrests via the fifth iteration of Operation HAECHI, this time nabbing more than 5,500 people suspected of scamming and seizing hundreds of millions in digital and fiat currencies. 

HAECHI V, an operation which ran from July to November of this year, was funded by South Korea but involved cooperation with law enforcement in 40 countries. The op targeted seven types of cyber-enabled crime: Romance scams, online sextortion, investment fraud, illegal online gambling, business email compromise, e-commerce fraud, and voice phishing.  

Along with thousands of arrests, HAECHI V led to the seizure of more than $400 million, part of which came from a joint operation between officials in Korea and China, who teamed up to dismantle a massive voice phishing syndicate responsible for more than $1.1 billion in losses from more than 1,900 victims. 

As was the case after the 2023 HAECHI IV operation, Interpol’s actions helped law enforcement better understand the modus operandi of global cybercriminals, leading to the issuing of another “purple notice” to help potential victims keep abreast of the latest trends.

This year, HAECHI V helped police understand an emerging trend involving the theft of stablecoins, a variety of cryptocurrencies tied to an external source of value like fiat currency. In this case, Interpol identified a scam involving Tether, which is tied to the US Dollar. 

While the target token may be new, the method isn’t, however: It’s a plain old romance scam that tricks users into buying Tether and then handing their wallet information to a scammer via a phishing link. 

Repetitive methods aside, Interpol’s Seoul-backed campaign shows no signs of slowing down after five years of operations.

“The borderless nature of cybercrime means international police cooperation is essential, and the success of this operation supported by Interpol shows what results can be achieved when countries work together,” Interpol Secretary General Valdecy Urquiza said of this year’s results. “It’s only through united efforts that we can make the real and digital worlds safer.”

Critical vulnerabilities of the week

With the US holiday this week, it’s been a quiet one on the critical vulns front, though not for owners of Array Networks AG Series and vxAG ArrayOS virtual secure gateway products.

Those two devices, when running on software version 9.4.0.481 and earlier, contain an improper authentication vulnerability (CVSS 9.8 – CVE-2023-28461) that can be abused by an attacker – and now is, according to CISA – to execute remote code and browse the entire filesystem of an affected system.

If you’re using one of those devices, best get updated beyond the aforementioned version. 

Not so funny: Russian RomCom hackers targeting new zero days

Security researchers at ESET have discovered a pair of previously unknown vulnerabilities in Firefox and Windows that they say are already being exploited by the Russia-aligned group of cybercriminals known as “RomCom.” 

“This is at least the second time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild, after the abuse of CVE-2023-36884 via Microsoft Word in June 2023,” ESET said

This time around, the attack involves a CVSS 9.8 vulnerability in Firefox (CVE-2024-9680) that exists in Firefox, Firefox ESR, Thunderbird, and even the Tor Browser that exploits a use-after-free vulnerability to execute code. Chained with a CVSS 8.8 Windows vulnerability (CVE-2024-49039) described by NIST as a “Windows Task Schedule elevation of privilege” vuln, RomCom has managed to build itself a way to run arbitrary code without user interaction with as little as a visit to a malicious URL. 

Both vulnerabilities have been patched in new software releases. 

Script kiddies: Annoying, but still a threat

Script kiddies are characterized by a lack of technical know-how, which they fill in with publicly-available scripts that do the hard work for them. They can be obnoxious blow-hards, but that doesn’t mean they aren’t dangerous. 

Take the latest campaign detected by Aqua Security, who said this week that they’ve spotted a new DDoS campaign being operated by someone with the oh-so kiddie name of “Matrix” whose methods appear simple, publicly known and brute in nature – but they’re still effective. 

The Matrix DDoS campaign uses accessible tools and scripts to brute-force access to your typical internet-connected devices with the aim of building a botnet that the suspected single individual behind Matrix is selling access to on Telegram.

“The campaign is characterized by its large-scale use of publicly available scripts, highlighting the growing threat posed by so-called script kiddies who can integrate and operate these tools for meaningful attacks,” Aqua said. 

5 years, £44B lost to cyberattacks for UK firms

Cyberattacks have cost UK businesses £44 billion ($55 billion) in the past five years, insurance group Howden has estimated in a new report. 

The number is based on findings that 52 percent of UK businesses have experienced at least one cyber attack in the past five years, so the actual number could be lower – or considerably higher. 

The most common attacks that UK businesses reported were email compromise, data theft, and supplier compromise. Despite those threats and a growing concern with cyber crime among business leaders surveyed for the study, common cybersecurity measures are still lacking. 

According to the study, only 61 percent of firms are actively using antivirus software, while only 55 percent have a network firewall protecting their network. That, Howden said, highlights “a critical cybersecurity knowledge gap within UK businesses.” 

The insurance firm estimates that if UK businesses bothered to implement “even the most basic cyber security measures,” they could reduce the cost of an attack by up to 75 percent. 

Tornado Cash sanctions overturned

An appeals court has overturned the 2022 sanctions by US officials against the cryptocurrency mixer Tornado Cash for its use by North Korean cybercriminals. The court ruled that the Treasury Department overstepped its authority by banning US residents and businesses from using the service. 

Mixers like Tornado Cash put all the crypto users’ deposits into one big heap, allowing the withdrawal of coins not linked to the depositor’s blockchain records, thereby anonymizing a particular coin’s potential illicit use.

A Fifth Circuit panel of judges decided that the open source smart contracts used by Tornado Cash to mix crypto doesn’t rise to the level of ownership of the services it provides, thus rendering it not liable for potential illegal use. 

“Tornado Cash as an ‘entity’ does not own the immutable smart contracts, separate and apart from any rights or benefits of the services performed by the immutable smart contracts,” the judges wrote.

The case will now head back to a federal court in Texas for additional proceedings. ®

READ MORE HERE