DoJ seizes PopeyeTools, IGT suffers cyberattack, Windows update blocked - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines – November 25, 2024

Host: Steve Prentice, CISO Series
Podcast: Cyber Security Headlines
Release Date: November 25, 2024

In this episode of Cyber Security Headlines, host Steve Prentice delves into the most pressing cybersecurity developments of the day, offering in-depth analysis and expert insights. From major law enforcement actions against cybercriminal marketplaces to significant cyberattacks on global enterprises, this episode covers a broad spectrum of issues impacting the information security landscape.

1. Department of Justice Seizes PopeyeTools Marketplace

Steve Prentice opens the discussion with the recent Department of Justice (DoJ) operation targeting PopeyeTools, a notorious dark web marketplace.

Steve Prentice [00:30]: "Popeye Tools, specialized in selling stolen credit cards and cybercrime tools since 2016, was taken down by DoJ agents last week."

The seizure involved not only the website but also its hosting services, effectively crippling the platform’s operations. Three key operators are now facing fraud-related charges.

Prentice [00:45]: "According to court documents, Popeye Tools offered unauthorized payment card data, PII for live-marked cards, stolen bank account logs, email spam lists, scam pages, and even guides and tutorials for cybercriminal activities."

This crackdown marks a significant victory in the ongoing battle against cyber-enabled financial crimes, disrupting the supply chain of illicit goods on the dark web.

2. IGT Suffers Cyberattack – Possible Ransomware Incident

Next, Prentice discusses a cyberattack on International Game Technology (IGT), a major player in the gambling technology sector.

Prentice [02:15]: "IGT, headquartered in London and known for manufacturing slot machines and other gambling technologies, detected a cyberattack on November 17th."

In response, IGT proactively took some of their systems offline to mitigate potential damage. While the full extent of the attack remains unclear, industry observers speculate that it might be a ransomware attack based on the company's reaction.

Prentice [02:35]: "The company's swift response is indicative of a ransomware attack, aiming to contain any potential data encryption or theft."

This incident underscores the vulnerability of critical infrastructure within the gaming and gambling industries to sophisticated cyber threats.

3. Windows Update Blocked for Ubisoft Games Due to Compatibility Issues

The episode then shifts focus to a recent issue affecting gamers and the broader Windows user community.

Prentice [04:00]: "Windows Update 1124H2 has been blocked on PCs running Assassin's Creed, Star Wars Outlaws, and Frontiers of Pandora— all developed by Ubisoft."

These games experienced crashes, freezing, and audio issues post-update, prompting Microsoft to halt the rollout to prevent further disruptions.

Prentice [04:20]: "Affected gamers are advised to terminate the frozen processes via Task Manager and refrain from manually updating the OS until Microsoft resolves the compatibility problems."

This highlights the delicate balance between maintaining system security through updates and ensuring compatibility with popular software applications.

4. Microsoft Seizes Egypt-Based DIY Phishing Kit Websites

Prentice highlights another significant action by Microsoft against cybercriminal infrastructure.

Prentice [05:10]: "Last week, Microsoft secured a court order to seize 240 websites linked to an Egypt-based seller of DIY phishing kits operating under the alias MrXcoder or MrXc0der."

These kits, branded as ONNX—a trademarked name owned by the Linux Foundation—included tools designed to bypass multifactor authentication, a critical security measure.

Prentice [05:35]: "With Linux acting as a co-plaintiff in the civil court order, the seizure disrupts the operations of MrXcoder, who targeted individuals seeking to conduct sophisticated phishing attacks."

This move significantly hampers the availability of advanced phishing tools, thereby enhancing overall cybersecurity defenses.

5. North Korean Front Companies Impersonate US IT Firms for Military Funding

The podcast also sheds light on an ongoing campaign by North Korean threat actors targeting the U.S. and global IT sectors.

Prentice [06:50]: "Researchers at SentinelOne and Palo Alto Networks report that North Korean-linked actors continue to impersonate US-based software and technology consulting firms in a campaign named 'Wage Mole.'"

These threat actors establish front companies through registrars like Namecheap, presenting themselves as legitimate development, outsourcing, consulting, and software businesses.

Prentice [07:10]: "Their strategy involves copying content from legitimate companies to gain employment, after which most of their salaries are funneled back to North Korea."

This sophisticated approach not only facilitates financial transfers to the regime but also potentially integrates malicious actors into critical IT roles within reputable organizations.

6. UK Drinking Water Supplies Disrupted by Record Cyber Incidents

Prentice revisits a critical infrastructure vulnerability previously discussed, focusing on the United Kingdom's drinking water systems.

Prentice [08:30]: "According to Recorded Future News, the UK has reported more cyber incidents affecting drinking water infrastructure this year than ever before, with at least six such incidents between January and October."

These incidents, reported to the Department for Environment, Food and Rural Affairs (DEFRA), involved either cyberattacks or operational failures that threatened the production and delivery of safe drinking water.

7. DEFCON’s Franklin Project Enhances US Water Infrastructure Security

Building on the concerns about water infrastructure, Prentice introduces DEFCON's Franklin Project, an initiative aimed at bolstering US resilience against cyber threats.

Prentice [09:10]: "The Franklin Project, launched at this year's DEFCON, leverages top hacker talent to strengthen US water infrastructure against online attacks."

Partnering with the Harris School of Public Policy at the University of Chicago and the National Rural Water Association, the project involves hackers assessing water facilities in states like Utah, Vermont, Indiana, and Oregon to identify and remediate vulnerabilities.

Prentice [09:35]: "Their efforts are documented in an annual Hackers Almanac, providing valuable knowledge for enhancing water security nationwide."

This collaborative approach not only mitigates immediate threats but also fosters a culture of continuous improvement and knowledge sharing within the cybersecurity community.

Conclusion

Steve Prentice wraps up the episode by emphasizing the importance of staying informed and proactive in the face of evolving cyber threats. From law enforcement actions against dark web marketplaces to safeguarding critical infrastructure, the discussions underscore the multifaceted nature of cybersecurity challenges in today's digital landscape.

For a comprehensive understanding of these stories and more, listeners are encouraged to visit CISOseries.com for in-depth articles and resources.

Note: This summary excludes advertisements, intros, outros, and non-content sections to focus solely on the core information presented in the episode.

Loading summary

Transcript1 lines

[00:00]
Steve Prentice
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Monday, November 25, 2024. I'm Steve Prentice. Department of Justice Seizes Credit Card Marketplace Popeye Tools this dark web marketplace that specialized in selling stolen credit cards along with cybercrime tools and which has been in business since 2016, was taken down by Agen agents of the DOJ last week. With three of its key operators now facing fraud related charges. The websites and hosting services have also been seized. According to court documents, the Popeye Tools marketplace offered services such as unauthorized payment card data and PII for cards that were marked as live, as well as logs of stolen bank account information, email spam lists, scam pages and guides and tutorials. Gambling giant IGT suffers Cyberattack, the London headquartered manufacturer of slot machines and other gambling technologies for casinos and other enterprises worldwide, detected the attack on Sunday, November 17th and took some of their systems offline in response. The full scope of this attack has not yet been determined, however, observers say the company's response is indicative of a ransomware attack. Windows Update blocked on PCs that have Assassin's Creed or Star Wars Outlaws this blockage of the Windows 1124H2 update relates to the aforementioned games as well as Frontiers of Pandora, all of which are developed by Ubisoft and which are suffering crashes, freezing or audio issues after having received the Windows Update. Affected gamers are advised to end the frozen process through the Task Manager, but to not manually update the operating system until this issue is resolved. Microsoft seizes websites tied to Egypt based DIY fishing kit maker Another illicit website seizure Last week Microsoft obtained a court order that allowed it to seize 240 websites allegedly belonging to an Egypt based seller of do it Yourself phishing kits which included tools for bypassing multifactor authentication authentication. The kit maker is known online as MrXcoder, that is MrXc0der who sold the kits under the brand name ONNX. ONNX is a trademarked name owned by the Linux foundation and Linux acted as a co plaintiff in the civil court order that led to the seizure. Thanks to Today's episode's sponsor, ThreatLocker. Do zero day exploits and supply chain attacks keep you up at night? Well, worry no more. You can harden your security with threat locker. ThreatLocker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware. Visit Threat Locker that is T H R E A T L O c k e r.com North Korean front companies impersonate US IT firms for military funding According to researchers at Sentinel One, as well as a report from Palo Alto Networks, threat actors connected to North Korea continue to impersonate US Based software and technology consulting businesses in a global campaign, which Palo Alto Networks unit 42 is tracking as Wage Mole. The actors use forged identities to get hired at companies in the US and elsewhere, sending most of their salary back to their home country. This most recent chapter in this ongoing story identifies some front companies by Name analyzed by Sentinel 1, all of which were registered through Namecheap and claimed to be development, outsourcing, consulting and software businesses while copying their content from legitimate companies. The list is available in the show Notes to this episode UK Drinking water supplies disrupted by record number of undisclosed cyber incidents following up on our discussion on last Friday's Week in Review show dealing with the vulnerability of drinking water facilities and infrastructure in general, Two stories of interest this week. First, according to Recorded Future News, there have been more incidents reported this year in the UK than ever before, with transport and drinking water sectors the most impacted. This includes at least six incidents affecting drinking water infrastructure, according to data collected by Recorded Future News using the Freedom of Information Act. In previous years, there was no more than two. These six incidents were reported to the UK Government's Department for Environment, Food and Rural affairs and occurred between January 1st and October 21st of this year. The reports referred to either a cyberattack or an operational failure that directly impacts on the production and delivery of wholesome water, irrespective of whether or not customers are directly affected. Volunteer DEFCON hackers take on US Water infrastructure concerns so continuing with the water security theme, the Franklin Project, launched at this year's defcon, is intended to employ the skills of top hackers to not only strengthen US Resilience to online attacks, but also to chronicle what is being done in a yearly Hackers Almanac so that others can learn the essential skills. The program is being partnered with the Harris School of Public Policy's Cyber Policy Initiative at the University of Chicago as well as the National Rural Water Association. Together, they are using the coders talents to investigate water companies in Utah, Vermont, Indiana and Oregon to fix any issues they find and then pass the knowledge on. Remember, we're taking this Friday off from our CISO series Live Streams for the long Thanksgiving weekend in the US but that means you'll have plenty of time to subscribe to the CISO series on YouTube. We post original content, product demos, podcast clips and much more. So head over to YouTube and subscribe to the CISO series. I'm Steve Prentice reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to CISOseries.com for the full stories behind the headlines.