Back

Blogs

Ireland's Elections: What's next for climate pledges?

View All

Case Studies

Supporting BrainDrip LLC's Entry into the Hydrogen Market

View All

Upcoming Events

Webinars

System hacked warning alert on Laptop.System hacked warning alert on Laptop.

Thoughts

Gemserv’s cyber threat roundup – February

23rd Feb, 2024

Three cyber threats have dominated the news this week including the LockBit ransomware, Gold Pickaxe and Lumma Stealer. Ian Hirst, Partner Cyber Threat Services, digs deep into the threats with his recommendations and top tips for businesses to stay informed, safe and secure.

Breaking News: Major Hit on LockBit Ransomware by International Law Enforcement

In a monumental crackdown dubbed “Operation Cronos,” law enforcement agencies from 11 countries have delivered a significant blow to the notorious LockBit ransomware group. The operation led to the seizure of LockBit’s data-leak site (DLS) by the UK National Crime Agency (NCA), marking a pivotal moment in the battle against cybercrime.

While several domains remain active, the heart of LockBit’s operation has been compromised, with the NCA uncovering a treasure trove of intelligence—including source code, victim details, and internal communications. The group’s DLS now hosts messages from the NCA, including press releases, indictments, and essential recovery tools for victims.

As the operation unfolds, it’s anticipated that more domains will fall. This setback for LockBit, a Russian-speaking ransomware-as-a-service titan known for its high-profile attacks, signals a crucial victory for cybersecurity. However, the battle is far from over. With the potential for affiliates to regroup or join other RaaS networks, vigilance remains paramount.

For victims of LockBit, the seizure brings a glimmer of hope, with decryption keys and recovery tools now available to mitigate the damage. Amidst these developments, the cyber community remains abuzz, speculating on the future of ransomware operations and the resilience of cybercriminal networks.

Stay tuned as we continue to monitor this developing story, a testament to the power of global cooperation in dismantling cyber threats.

Gold Pickaxe malware harvesting face scans for identity fraud

A new menace has emerged in the cyber threat landscape – the Gold Pickaxe banking Trojan, masterminded by the notorious GoldFactory threat group. This sophisticated malware is on a mission to steal your most personal data, including face scans and identity documents, right from under your nose.

Here’s how it works: Victims are lured into phishing traps, often disguised as communications from local government authorities or services, urging you to download a malicious app onto your Android or iOS device. But it doesn’t stop there. Using cunning social engineering tactics, the Trojan then persuades you to scan your face and upload pictures of your identity documents, like your driving license, opening the door to potential bank fraud.

Gold Pickaxe operates under the radar, carrying out its deceitful activities in the background and establishing a link with a command and control server for sneaky data theft. And if it thinks it’s about to get caught? It can vanish into thin air with a self-destruct command.

Our insight: The brains behind Gold Pickaxe are not your average cybercriminals. Their ability to craft country-specific malware and exploit social engineering shows an alarming level of expertise. This group knows exactly how to play on human psychology to achieve their fraudulent goals.

What This Means for You:

The rise of mobile malware represents a significant threat, particularly for those seeking quick financial wins. This campaign is alarmingly still in play.

Stay Safe Tip: Always download apps from trusted sources, particularly banking apps. Venturing beyond legitimate stores could inadvertently invite these digital predators into your life.

Stay informed, stay sceptical, and protect your digital life from the Gold Pickaxe Trojan and others like it.

Beware of Malware in the Most Unexpected Places!

In a shocking revelation, an adult toy has become the latest conduit for cyber threats, specifically targeting unsuspecting users with the Lumma stealer malware. Here’s what happened: A user plugged the USB-rechargeable toy into their computer to charge, only to have their security system flag and block a malicious payload trying to sneak in.

What is the Lumma Stealer?

The Lumma stealer, designed to siphon off personal data via a USB connection, was thwarted in this instance but remains a significant risk. The device harboured hidden XML files and an MSI installer, which together launched a two-pronged attack: an XML bomb to crash web applications and a stealthy MSI execution to install the Lumma payload.

Why You Should Care

This incident shines a light on the malware-as-a-service (MaaS) model thriving in darknet markets, allowing even low-skill threat actors to deploy sophisticated malware easily. It also underscores an innovative yet alarming method of using everyday devices, far beyond the usual USB sticks, as vehicles for malware distribution.

How to Protect Yourself

Power Safety: Always charge new or unknown devices using a power outlet, not your computer.

Data Blockers: Invest in USB data blockers that allow charging without data transfer, keeping your devices safe.

Stay Informed: Awareness and caution are your best defences against these unconventional attack vectors.

The retailer is currently investigating, highlighting the importance of vigilance even in the purchase of seemingly harmless gadgets. Stay safe and charge wisely!

To protect your business, Gemserv provides advance warning of threats, accompanied by actionable facts. Contact us to find out more.

 

Authors

Ian Hirst

Partner, Cyber Threat Services

Read Bio