Briefly about the main events of the past week, for the period from November 25 to December 1, 2019

The beginning of the past week was marked by the next accusation of the Russian Federation in cyber espionage. In particular, the Security and Information Service of the Czech Republic published a report according to which, last year, Russian and Chinese cybercriminals regularly carried out cyber attacks on the Czech Republic. For example, the department suspected the Russian Federation of attacks on the unclassified computer network of the Czech Ministry of Foreign Affairs, as well as by e-mail of the Armed Forces of the country.

Cryptocurrency continues to be a tidbit for cybercriminals, and they use various methods in trying to get virtual currency. In particular, last week, the largest exchange in South Korea, Upbit, became a victim of cybercriminals, from whose cold wallet “ethers” worth about $ 50 million were stolen. At about the same time, Microsoft experts warned of attacks by the cryptocurrency miner Dexphot, which managed to infect more than 80 thousand computers around the world. The main feature of Dexphot malware is the use of a number of sophisticated techniques to evade detection.

Ransomware operators are also on the alert. On November 27, the Spanish information security company Prosegur announced the infection of its systems with Ryuk ransomware. To prevent the spread of malware in the network of its customers, the company disconnected from them. As a result, the entire Prosegur network was disconnected, and employees were sent home.

A rare week goes without data leaks, but the past was no exception. This time, a leak was reported by Adobe. The incident affected her Magento Marketplace to buy, sell and download themes and plugins for online stores based on Magento software. Using the vulnerability on the site, the attacker was able to gain access to some data from both users and software developers.

Kaspersky Lab discovered two cybercriminal groups targeting the hotel business. Attackers use different methods of social engineering during the attacks, posing as representatives of state organizations or private companies who want to book rooms for a large number of people. More than 20 hotels in South America and Europe have already become victims of attacks.

At the end of last week, law enforcement officers reported the neutralization of two cybercriminal networks at once. In particular, during a joint operation, police officers from different countries managed to liquidate the cybercriminal network behind the distribution of the Imminent Monitor RAT remote access Trojan, as well as arrest 13 customers who were most actively using this malicious tool in cyber attacks.

The Security Service of Ukraine announced the neutralization of an international cybercriminal group, which was engaged in the theft of funds from the accounts of users of electronic payment systems in the United States and Europe. The group has been operating since 2010, its annual turnover was $ 500 thousand – $ 700 thousand.

  • ru
  • en