Cyber Security Headlines - Episode Summary
Title: Cyber Security Headlines
Host: CISO Series
Episode: Spain arrests hacker, FCC Robocallers, Ransoms decrease 35%
Release Date: February 6, 2025
1. Spain Arrests Hacker Responsible for Cyber Attacks
Timestamp: [00:11 - 00:27]
Spanish military agencies, in collaboration with local police, apprehended a suspect accused of orchestrating 40 cyber attacks targeting critical organizations and universities across the United States and Spain. The hacker infiltrated internal systems to access and exfiltrate sensitive data, including personal information of employees and customers.
Notable Quote:
“The suspect accessed internal data and used Breach Forum to sell and leak the data,” – Sean Kelly [00:16]
During the raid, authorities seized multiple computers, electronic devices, and 50 cryptocurrency accounts. The compromised data included sensitive information from NATO, the US Military, Spain's Guardia Sevilla, and the Ministry of Defense. Under Spanish law, the hacker faces up to 20 years in prison.
2. FCC Addresses Illicit Robocalls Mimicking Its Operations
Timestamp: [00:27 - 02:25]
The Federal Communications Commission (FCC) has proposed a significant fine of nearly $4.5 million against voice over IP Telcos, including Telnex, for their role in enabling scammers to conduct robocalls impersonating FCC officials. These fraudulent calls targeted FCC staff and their families with messages from a fictitious FCC fraud prevention team.
Notable Quotes:
- “The FCC was alerted to the issue,” – Sean Kelly [01:10]
- “Illegal robocalls will be a top priority at the FCC,” – Brendan Carr, FCC Head [01:26]
The FCC’s initiative received bipartisan support, emphasizing the agency's commitment to cracking down on such scams. Telnex has appealed the fine, asserting that they acted promptly by ceasing the robocalls upon being notified.
3. Ransomware Payments Drop by 35% in 2024
Timestamp: [02:25 - 02:47]
According to a report by Chainalysis, ransomware payments saw a significant decline of 35% year-over-year in 2024, totaling $813.5 million compared to 2023's $1.25 billion. This reduction is attributed to enhanced law enforcement efforts, better international cooperation, and a growing trend of victims refusing to pay ransoms.
Notable Quote:
“The drop is attributed to increased law enforcement actions, improved international collaboration and growing refusal by victims to pay,” – Sean Kelly [02:19]
The report highlights the disruption of major ransomware gangs, including the Lockbit takedown and Black Cat’s exit scam. Additionally, there was a notable shift in attacker tactics, with the emergence of new ransomware strains and faster ransom negotiations, often commencing within hours of data exfiltration.
4. Thailand Restricts Resources to Curb Myanmar-Based Scams
Timestamp: [02:47 - 03:18]
In an effort to combat online fraud, Thailand has cut off the supply of fuel, internet, and electricity to three cities in Myanmar known for hosting criminal syndicates engaged in scamming activities. This decisive action follows appeals from Chinese authorities for more stringent measures against cross-border telecom fraud along the Thailand-Myanmar border.
Notable Quotes:
- “China attaches great importance to combating... vicious cases along the Thailand Myanmar border,” – Chinese Foreign Ministry [03:05]
- “China and Thailand have pledged to set up a coordination center in Bangkok this month to combat cyber scams,” – Sean Kelly [03:14]
The move aims to dismantle the infrastructure supporting large-scale online fraud operations, reflecting strengthened international cooperation to tackle cybercrime.
5. New Crypto-Stealing Campaign Targets Mobile Apps
Timestamp: [04:03 - 04:47]
Kaspersky researchers uncovered a new cyber campaign named Sparkcat, which infects Android and iOS applications available on Google and Apple app stores. The malicious software incorporates a deceptive SDK that masquerades as an analytics module but instead harbors a Java component designed to extract victim recovery phrases.
Notable Quotes:
“Attackers take over the accounts and are able to pivot to other services through SSO,” – Sean Kelly [05:42]
The Sparkcat malware leverages Optical Character Recognition (OCR) modules tailored to the system's language settings to locate and extract sensitive recovery phrases, enabling attackers to access and control victims' crypto wallets without needing their passwords. Kaspersky reported that 28 apps were infected, with over 242,000 downloads on Google Play alone. Users are advised to delete affected apps and securely store their recovery phrases.
6. Targeted Attacks on Microsoft Accounts in the Education Sector
Timestamp: [05:04 - 05:54]
Abnormal Security researchers identified a phishing campaign targeting approximately 150 organizations, predominantly within the education sector. These attacks exploit Microsoft Active Directory Federation Services (ADFS) to gain unauthorized access to both on-premise and cloud systems.
Notable Quotes:
“The campaign uses a spoofed phishing email that appears to be from the organization's IT help desk,” – Sean Kelly [05:23]
Victims receive emails requesting urgent updates, which direct them to counterfeit Microsoft ADFS login pages mimicking their specific Multi-Factor Authentication (MFA) setups. Once credentials and MFA codes are entered, attackers can commandeer accounts and extend their reach through Single Sign-On (SSO) integrations. Experts recommend transitioning to modern identity platforms and enhancing phishing-resistant MFA solutions to mitigate such risks.
7. Man Sentenced for $50 Million Internet Scam
Timestamp: [05:59 - 06:50]
Ellen Giltman, a 59-year-old Californian, was sentenced to seven years in prison for her role in a sophisticated internet scam that defrauded over 70 individuals out of approximately $50 million. Between 2012 and 2020, Giltman orchestrated a network of at least 150 fake websites impersonating legitimate financial institutions.
Notable Quotes:
“Victims were lured by the promise of high return investment opportunities,” – Sean Kelly [06:30]
Using search advertisements, victims encountered these fraudulent sites and were subsequently contacted via provided phone numbers or emails. Giltman posed as legitimate FINRA brokers, setting up fake investment transactions and transferring funds to various global bank accounts. Many victims were older adults misled into diverting their retirement savings. In addition to her prison sentence, Giltman has been ordered to forfeit around $100,000.
8. Abandoned AWS Cloud Storage Poses Significant Risks
Timestamp: [06:58 - 07:49]
Watchtower researchers discovered approximately 150 abandoned Amazon Web Services (AWS) S3 buckets that were previously utilized for software deployment and updates. These unused buckets attracted around eight million file requests over two months from entities in the US, UK, and Australia, including Fortune 100 companies, banking institutions, and cybersecurity firms.
Notable Quotes:
“If we had been threat actors, we could have responded to any of these requests with malicious software updates,” – Sean Kelly [07:33]
The researchers registered these unused buckets using their original names and enabled logging to monitor incoming requests. This influx of requests presents a significant security threat, as malicious actors could potentially distribute harmful software updates to gain unauthorized access to the requesting organizations' AWS environments or virtual machines. AWS swiftly sinkholed the identified S3 buckets, but the broader issue of abandoned cloud services remains a persistent cybersecurity risk.
Conclusion
This episode of Cyber Security Headlines provided an in-depth analysis of recent cybersecurity incidents and trends, highlighting the ongoing efforts to combat cybercrime through international cooperation, law enforcement actions, and advancements in security technologies. From high-profile arrests and significant fines to emerging threats in cloud security and mobile applications, the discussions underscored the dynamic and evolving nature of the cybersecurity landscape.
For more detailed coverage of these stories and additional cybersecurity news, visit CISOseries.com.