Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more.

Welcome to Cyber Security Today. It’s Friday, April 19th, 2024. I’m Howard Solomon.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

The Europol European police co-operative says one of the largest phishing-as-a-service platforms has been severely disrupted. This week law enforcement agencies from 19 countries including the U.K., the United States and Canada shut the IT infrastructure of LabHost. They also arrested 37 suspects. For a monthly subscription the site sold access to phishing kits, infrastructure for hosting phony web pages and more. An estimated 10,000 crooks around the world used its services. Singapore-based cybersecurity firm Group-IB says there was a Canadian angle to LabHost. The service was actively promoted in a Canadian channel on the Telegram messaging service by three users. One of those users owns the service LabHost Refunds, which only operates in Canada. This user also sold profiles of Canadians for creating credit cards or opening bank accounts. Europol said four of the 37 people arrested were in the U.K. and allegedly ran the site, including the alleged original developer.

A virus has been sitting undetected since 2015 on some Windows systems in Ukraine, say researchers at Cisco Systems. As part of a regular threat hunting in open-source repositories for infected documents, Cisco found over 100 infected documents with potentially confidential information about government and police activities in Ukraine. The documents could only be spread by being shared through removable media like USB memory sticks. It isn’t known who created the virus.

So you’ve got cyber insurance. But do you have enough? Maybe not, says CYE, a company that measures cyber risk of organizations. Looking at a dataset of 101 data breaches, CYE says 80 per cent of those with insurance didn’t have sufficient coverage to pay for their full data breach costs. On average three-quarters of insurable costs weren’t covered.

Finally, a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international. That’s according to researchers at Kaspersky. It says organizations in the U.S., Canada, Japan, the Netherlands, Luxembourg and South Korea have submitted examples of the malware to a virus scanning service, suggesting IT people in those countries have come across it. Kaspersky calls this campaign DuneQuixote. The goal is to install a memory-only backdoor using either a regular dropper or tampered installer files for a legitimate tool called Total Commander. What’s unique is the use of snippets from Spanish poems in the code to help evade detection by anti-malware tools.

That’s it for now. But later today the Week in Review podcast will be available. My guest will be Jen Ellis, a member of the Ransomware Task Force, who will talk about its recent report on steps governments should take before passing laws forbidding organizations from paying ransoms.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast