Interpol Caught a Big Phish
A suspected head of a cybercrime gang was arrested in Nigeria. The Nigeria Police Force arrested a 37-year-old Nigerian man in an international operation spanning four continents. The suspect is alleged to have run a transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims.
Intel has it that the unnamed suspect has been active since 2015 and involved in the creation of over 240 domains, of which 50 were used to provide command-and-control for malware: compromising over 500,000 companies in more than 150 countries.
Recent campaigns targetting various architectures in May 2022 as observed by Microsoft are as follows:
- Android apps with millions of downloads have been discovered to have high-severity vulnerabilities, which allow an attacker to access system configuration and sensitive information.
- A new variant of the botnet, known for exploiting vulnerabilities in web apps and databases to install coin miners on both Windows and Linux systems has been observed in the wild. This Sysrv-K botnet has additional exploits and can gain control of web servers.
- More than 254% increase in Linux-based trojan “XorDdos” activities has been observed in the last 6months. This trojan propagates via SSH brute force attacks to gain remote control of devices, amassing botnets to perform distributed denial of service attacks.
Also, attacks associated with notorious ransomware affiliates…
The RAT Team Got Caught
The Economic and Financial Crimes Commission (EFCC) arrested three suspected global scammers, involved in malware-based attacks in an operation conducted simultaneously in a Lagos suburb called Ajegunle and in Benin City, 300 km to the East of the commercial capital. The men are thought to have used the RAT to reroute financial transactions, stealing confidential online connection details from corporate organizations, including oil and gas companies in Southeast Asia, the Middle East, and North Africa.
MS-Word has a Zero-day Vulnerability
A zero-day vulnerability has been detected and is currently being exploited by some threat actors. This affects Microsoft Word documents; the remote code execution vulnerability allows attackers to “install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. An initial workaround as released by Microsoft can be found here.
A new ransomware strain called “Goodwill” has been observed to compel victims into donating to social causes and providing financial assistance to people in need. These include donating new clothes and blankets to the homeless, taking any five underprivileged children to Domino’s Pizza, Pizza Hut, or KFC for a treat, and offering financial support to patients who need urgent medical attention but don’t have the financial means.