Cyber Security Headlines – November 25, 2024

Host: Steve Prentice, CISO Series
Podcast: Cyber Security Headlines
Release Date: November 25, 2024

In this episode of Cyber Security Headlines, host Steve Prentice delves into the most pressing cybersecurity developments of the day, offering in-depth analysis and expert insights. From major law enforcement actions against cybercriminal marketplaces to significant cyberattacks on global enterprises, this episode covers a broad spectrum of issues impacting the information security landscape.

1. Department of Justice Seizes PopeyeTools Marketplace

Steve Prentice opens the discussion with the recent Department of Justice (DoJ) operation targeting PopeyeTools, a notorious dark web marketplace.

Steve Prentice [00:30]: "Popeye Tools, specialized in selling stolen credit cards and cybercrime tools since 2016, was taken down by DoJ agents last week."

The seizure involved not only the website but also its hosting services, effectively crippling the platform’s operations. Three key operators are now facing fraud-related charges.

Prentice [00:45]: "According to court documents, Popeye Tools offered unauthorized payment card data, PII for live-marked cards, stolen bank account logs, email spam lists, scam pages, and even guides and tutorials for cybercriminal activities."

This crackdown marks a significant victory in the ongoing battle against cyber-enabled financial crimes, disrupting the supply chain of illicit goods on the dark web.

2. IGT Suffers Cyberattack – Possible Ransomware Incident

Next, Prentice discusses a cyberattack on International Game Technology (IGT), a major player in the gambling technology sector.

Prentice [02:15]: "IGT, headquartered in London and known for manufacturing slot machines and other gambling technologies, detected a cyberattack on November 17th."

In response, IGT proactively took some of their systems offline to mitigate potential damage. While the full extent of the attack remains unclear, industry observers speculate that it might be a ransomware attack based on the company's reaction.

Prentice [02:35]: "The company's swift response is indicative of a ransomware attack, aiming to contain any potential data encryption or theft."

This incident underscores the vulnerability of critical infrastructure within the gaming and gambling industries to sophisticated cyber threats.

3. Windows Update Blocked for Ubisoft Games Due to Compatibility Issues

The episode then shifts focus to a recent issue affecting gamers and the broader Windows user community.

Prentice [04:00]: "Windows Update 1124H2 has been blocked on PCs running Assassin's Creed, Star Wars Outlaws, and Frontiers of Pandora— all developed by Ubisoft."

These games experienced crashes, freezing, and audio issues post-update, prompting Microsoft to halt the rollout to prevent further disruptions.

Prentice [04:20]: "Affected gamers are advised to terminate the frozen processes via Task Manager and refrain from manually updating the OS until Microsoft resolves the compatibility problems."

This highlights the delicate balance between maintaining system security through updates and ensuring compatibility with popular software applications.

4. Microsoft Seizes Egypt-Based DIY Phishing Kit Websites

Prentice highlights another significant action by Microsoft against cybercriminal infrastructure.

Prentice [05:10]: "Last week, Microsoft secured a court order to seize 240 websites linked to an Egypt-based seller of DIY phishing kits operating under the alias MrXcoder or MrXc0der."

These kits, branded as ONNX—a trademarked name owned by the Linux Foundation—included tools designed to bypass multifactor authentication, a critical security measure.

Prentice [05:35]: "With Linux acting as a co-plaintiff in the civil court order, the seizure disrupts the operations of MrXcoder, who targeted individuals seeking to conduct sophisticated phishing attacks."

This move significantly hampers the availability of advanced phishing tools, thereby enhancing overall cybersecurity defenses.

5. North Korean Front Companies Impersonate US IT Firms for Military Funding

The podcast also sheds light on an ongoing campaign by North Korean threat actors targeting the U.S. and global IT sectors.

Prentice [06:50]: "Researchers at SentinelOne and Palo Alto Networks report that North Korean-linked actors continue to impersonate US-based software and technology consulting firms in a campaign named 'Wage Mole.'"

These threat actors establish front companies through registrars like Namecheap, presenting themselves as legitimate development, outsourcing, consulting, and software businesses.

Prentice [07:10]: "Their strategy involves copying content from legitimate companies to gain employment, after which most of their salaries are funneled back to North Korea."

This sophisticated approach not only facilitates financial transfers to the regime but also potentially integrates malicious actors into critical IT roles within reputable organizations.

6. UK Drinking Water Supplies Disrupted by Record Cyber Incidents

Prentice revisits a critical infrastructure vulnerability previously discussed, focusing on the United Kingdom's drinking water systems.

Prentice [08:30]: "According to Recorded Future News, the UK has reported more cyber incidents affecting drinking water infrastructure this year than ever before, with at least six such incidents between January and October."

These incidents, reported to the Department for Environment, Food and Rural Affairs (DEFRA), involved either cyberattacks or operational failures that threatened the production and delivery of safe drinking water.

7. DEFCON’s Franklin Project Enhances US Water Infrastructure Security

Building on the concerns about water infrastructure, Prentice introduces DEFCON's Franklin Project, an initiative aimed at bolstering US resilience against cyber threats.

Prentice [09:10]: "The Franklin Project, launched at this year's DEFCON, leverages top hacker talent to strengthen US water infrastructure against online attacks."

Partnering with the Harris School of Public Policy at the University of Chicago and the National Rural Water Association, the project involves hackers assessing water facilities in states like Utah, Vermont, Indiana, and Oregon to identify and remediate vulnerabilities.

Prentice [09:35]: "Their efforts are documented in an annual Hackers Almanac, providing valuable knowledge for enhancing water security nationwide."

This collaborative approach not only mitigates immediate threats but also fosters a culture of continuous improvement and knowledge sharing within the cybersecurity community.

Conclusion

Steve Prentice wraps up the episode by emphasizing the importance of staying informed and proactive in the face of evolving cyber threats. From law enforcement actions against dark web marketplaces to safeguarding critical infrastructure, the discussions underscore the multifaceted nature of cybersecurity challenges in today's digital landscape.

For a comprehensive understanding of these stories and more, listeners are encouraged to visit CISOseries.com for in-depth articles and resources.

Note: This summary excludes advertisements, intros, outros, and non-content sections to focus solely on the core information presented in the episode.