Cyber Security Today, Jan. 14, 2022 – More alleged cybercrooks arrested in Ukraine, a warning to law and accounting firms, and the latest phone scam

More alleged cybercrooks arrested in Ukraine, a warning to law and accounting firms, and the latest phone scam.

Welcome to Cyber Security Today. It’s Friday, January 14th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Police in Ukraine continue to crack down on cyber crooks. With the help of law enforcement agencies in the U.S. and Britain, a group believed to be affiliated with a ransomware gang was arrested this week. Police allege this group was responsible for attacks on more than 50 companies in Europe and the United States that pulled in more than $1 million. In addition to hacking, the group allegedly changed victims’ IP addresses so other threat actors could compromise systems. The group also stole bank card numbers from victims to buy and resell products. Ukrainian authorities also arrested ransomware gang suspects last October.

Law and accounting firms are being warned that a hacker group is targeting them. The alert comes from researchers at eSentire, who said the GootLoader gang has been caught trying to get into three law firms and an accounting firm. The GootLoader malware is spread by setting up content pages on legitimate sites running WordPress that they have compromised. The content includes references to things business people might search the web for, like free legal and financial contract templates. Using search engine optimization tricks, the gang make sure the results of searches for these agreements appear at the top of Google searches. Anyone who downloads the promised file has their computer compromised with malware. Organizations have to educate their employees of the dangers of downloading Microsoft Word text files and Excel spreadsheets from unapproved websites.

Two dark websites that sell stolen credit and debit cards are shutting. The operators of the UniCC site, believed to be the largest carding site on the dark web, and its partner LuxSocks, have decided they’ve had enough, according to the Bleeping Computer news service. A posting on the UniCC site says the operators are not young and their health doesn’t allow them to work hard anymore. A security firm estimates the UniCC operation pulled in over $385 million in cryptocurrency payments for stolen card numbers.

There’s no shortage of new telephone scams. A friend of mine, a woman, received one this week. At the other end of the line was a woman sobbing. “Mom,” she said, “I’m at the police station. I had a glass of wine for lunch and then was in a car accident. They want to charge me. I need you to send bail. They’ll call you back. They need a credit card number.” My friend couldn’t quite tell through the sobbing, but it sounded like her daughter. Fortunately, my friend was able to confirm her daughter was at home and realized this was a con. One lesson: Like all scams, this one tries to pressure victims to act fast. Watch for that in phone calls. Here’s something else: My friend is a senior. Was she targeted? Maybe. How else did the crooks know she had a daughter? Or was that just chance?

Remember later today my Week in Review podcast will be out. This week’s guest is Jim Love, IT World Canada’s CIO. We’ll discuss the controversy in the open-source software community.

Links to details about podcast stories are in the text version at ITWorldCanada.com.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today