New sophisticated Phishing attack uses advanced Infostealer malware to target sensitive data

A new sophisticated phishing attack has been uncovered, featuring an infostealer malware that exfiltrates a broad range of sensitive data. This malware targets not only saved passwords but also session cookies, credit card information, Bitcoin-related extensions, and browsing history. The stolen data is sent as a zipped attachment to a remote email account, marking a significant advancement in infostealer capabilities.

The attack begins with a phishing email disguised as a purchase order, containing an ISO disc image file. This file hides an HTA (HTML Application) file, which, when executed, downloads and runs a Python-based infostealer malware. The malware collects data from browsers like Chrome, Edge, and Brave, including session cookies, passwords, and credit card information, before deleting itself to avoid detection.

Barracuda Networks warns that this attack represents a new level of data exfiltration threat, urging businesses to adopt robust security measures and employee education to combat such risks.

Luxembourg based chemical manufacturing company loses $60 million in sophisticated Business Email Compromise Scam

Orion, a chemical manufacturing company based in Luxembourg, has reported a $60 million loss due to a business email compromise (BEC) scam. In a filing to the US Securities and Exchange Commission (SEC), the Luxembourg-based firm disclosed that a non-executive employee was deceived into transferring funds to third-party accounts.

According to Orion’s statement, the fraud was discovered on August 10, 2024, and involved multiple unauthorised wire transfers. The company is collaborating with law enforcement to recover the lost funds and is exploring insurance coverage options.

There is no evidence of further fraudulent activity or unauthorised access to Orion’s systems or data.

BEC attacks, where fraudsters impersonate senior executives to trick employees into transferring funds, have become increasingly costly. In 2023 alone, such attacks cost US businesses $2.9 billion. The growing use of deepfake technology and generative AI tools has made these scams even more sophisticated and challenging to detect.

Microsoft's August 2024 Patch Tuesday fixes 89 vulnerabilities, including 6 actively exploited Zero-Days

In Microsoft's August 2024 Patch Tuesday, the company released security updates addressing 89 vulnerabilities, including six actively exploited zero-days and three publicly disclosed zero-day flaws. Notably, Microsoft is still developing a fix for a tenth publicly disclosed zero-day. The update also remedied eight critical vulnerabilities spanning elevation of privilege, remote code execution, and information disclosure.

The breakdown of vulnerabilities includes 36 elevation of privilege, 28 remote code execution, 8 information disclosure, 6 denial of service, and 7 spoofing flaws. The updates did not cover flaws in Microsoft Edge disclosed earlier.

Among the six actively exploited zero-days, notable vulnerabilities include CVE-2024-38178 in the Scripting Engine and CVE-2024-38193 affecting the Windows Ancillary Function Driver for WinSock. Microsoft is working with security researchers and has advised users to install updates promptly to mitigate risks from these critical security threats.

Russian national sentenced to 40 months for selling 300,000 stolen logins

Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace for stolen logins until its seizure in June 2021. The U.S. Department of Justice revealed that Kavzharadze, known by aliases such as TeRorPP and PlutuSS, sold vast amounts of financial and personally identifying information (PII) on the illegal marketplace from July 2016 to May 2021.

Kavzharadze listed over 626,100 stolen login credentials, leading to approximately $1.2 million in fraudulent transactions. His Slilpp account alone had 240,495 login credentials for sale in May 2021. Payments were accepted exclusively in Bitcoin. Extradited to the U.S., he pleaded guilty to conspiracy to commit bank and wire fraud. The takedown of Slilpp was part of a coordinated international effort, marking a significant blow to cybercrime operations worldwide.

Enzo Biochem to pay $4.5 million settlement after Cyberattack exposes 2.4 million patients' data

Enzo Biochem has agreed to pay $4.5 million to settle regulatory charges stemming from an April 2023 cyberattack that exposed Social Security numbers, health histories, and other personal information of approximately 2.4 million patients. The settlement with New York, New Jersey, and Connecticut addresses claims that Enzo failed to adequately protect patients' data. Attackers exploited shared login credentials, including one unchanged for a decade, to install malware on the company's systems, which went undetected for several days. Enzo is now enhancing its security measures, including stronger passwords, two-factor authentication, and improved monitoring. New York will receive $2.8 million from the settlement.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.