A fairly quiet week as vendors prepare for Infosecurity London this week. However, the week finished with several interesting pieces of news. The first was the takedown of a major dropper network by law enforcement in 13 countries. The second was a pair of major breaches that will have significant ramifications for those affected.
The first was a breach of Bank Santander by a group calling themselves ShinyHunters. The group claims to have acquired 30 million people’s bank account details, 6 million account numbers and balances, 28 million credit card numbers and the HR information for staff.
The same group claims to have breached Live Nation, the owner of Ticketmaster. In that breach the company says it has stolen the personal details of 560 million customers. It is demanding US $500,000 to prevent the details from being sold or made public.
Thirdly, Logpoint has named Mikkel Drucker as its new CEO.
Europol
Europol coordinated Operation Endgame, which went after a major dropper operation. It targeted droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The impact of the operation was felt globally, and the expectation is that it will reduce the hit global dropper operation.
13 different countries were involved in the operation led by France, Germany and the Netherlands. While 4 arrests were made in Albania and Ukraine, eight suspects are still at large and are being sought by Germany. They have been added to Euopol’s Most Wanted list.
In addition to the arrests, there were 16 location searches (1 in Armenia, 1 in the Netherlands, 3 in Portugal and 11 in Ukraine). It led to over 100 servers being taken down or disrupted in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, the United States and Ukraine. Just as importantly, over 2000 domains have been seized.
Forescout
Forescout has released an eyeExtend integration for Tanium. One of the goals is to deliver comprehensive asset intelligence between the two vendors’ platforms. It will automate the aggregation of telemetry from hosts and network endpoints to give greater insight into cybersecurity risk.
Robert McNutt, SVP of Network Security, Forescout, said, “Hybrid workforces are here to stay creating uncertain, expansive attack surfaces for organizations. Collaboration and automation must be part of cybersecurity vendors’ value equation to meet the demands of this new normal and properly protect these organizations.
“It is these two elements that are the staples of this integration and broader partnership with Tanium that we know will benefit enterprises for years to come.”
US Department of Justice
Two Estonian nationals, Sergei Potapenko and Ivan Turõgin, arrested in November 2022, have appeared in a US Court in Seattle. They are charged with involvement in a massive multi-faceted cryptocurrency Ponzi scheme.
The two men persuaded victims to rent a percentage of a fake cryptomining operation run by HashFlare. It would allow the investors to mine their own virtual currencies which HashFlare would pay out to the investors. More than $550 million was spent on contracts issued by HashFlare.