Cyber News Rundown Week of Feb 25th

  • 25 February 2022
  • 2 replies
Cyber News Rundown Week of Feb 25th
Userlevel 7
Badge +6

Cyber News Rundown: Arrests made in phishing campaign targeting Ukrainian citizens

Multiple computers, bank cards and thousands of dollars in cash were seized in connection with the arrests of 8 people accused of running a phishing campaign targeting Ukrainian citizens. In other cyber security news, close to 50,000 Android devices were infected with a banking malware named Xenomorph.

Conti ransomware targets global cookware distributor

The Meyer Corporation, one of the largest cookware makers and distributors in the world, released the findings of an investigation following a ransomware attack. The cyberattack began on October 25, with Conti posting a list of the stolen information on their own leak site about two weeks later. Amongst the stolen data is a significant amount of highly sensitive information on thousands of employees across all of Meyer’s subsidiaries and holding companies. The company is offering up to a year of credit and identity monitoring for those affected.

Major arrest of Ukrainian phishing group

The actors behind 40 phishing sites were taken into custody after a series of campaigns allowed them to drain the banking accounts of nearly 70,000 Ukrainian citizens. This group took a unique approach to phishing – they payed for social media and marketing to push out their initial hook, instead of a mass email campaign. Following the arrests of the five individuals, police confiscated multiple computers, bank cards and thousands of dollars in cash.

Expeditors International suffers security incident

Expeditors International shut down their systems after identifying a cyberattack in progress, hoping to limit the overall impact. While the company hasn’t confirmed if the attack was ransomware or just an intrusion into their systems, they have revealed that they are working on putting their backup protocols into effect. Customers are still unable to access the full extent of Expeditors International’s online services, as the company resecures their networks. 

Xenomorph Android malware focusing on banking data

Upwards of 50,000 Android devices fell victim to a new banking malware floating through the Google Play Store named Xenomorph. This new mobile malware specifically targets 56 banking and financial institutions across multiple countries in Europe, including Spain, Italy and Belgium. Researchers believe that this is a successor to the Alien banking trojan and uses some of the same code to perform similar operations, while disguising itself as a performance-boosting application to avoid detection.

Lawsuit filed against Sea Mar for 2021 data breach

A lawsuit was filed against a Seattle-based healthcare provider named Sea Mar that suffered a data breach in June of 2021 and exposed sensitive information on nearly 700,000 patients. Nearly 3TB of the stolen data was later posted on the Marketo group’s leak page, with information going back to 2020. The info includes social security numbers and HIPAA protected information. The lawsuit claims that Sea Mar was negligent with the data they collected and stored, and they exposed thousands of patients to the possibility of identity and credit fraud through their neglect.

2 replies

Userlevel 7
Badge +8

A very interesting read, but what always goes through my mind is… What protection have they all been using, as whatever it is… clearly hasn’t helped, and that in turn… is another worry!

Userlevel 7
Badge +25

Always a good read. Often makes me angry that such scum exist in the world, but there will always be bad actors I guess. The new style of phishing really surprised me, as did the Ukrainian government actually being able to catch them during such a hard time for the country. 

Webroot has to keep getting smarter to even stay even it seems.