Global Cyber Pulse:  03 October, 2024

October 3, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

The last couple of days have seen significant developments in global fraud campaigns, ransomware takedowns, and major data breaches. 

From fake trading apps deceiving investors to international crackdowns on ransomware groups, these stories highlight the challenges of digital security in today’s interconnected world. 

Here, we provide a roundup of the latest incidents impacting global cybersecurity.

Global Fraud Campaign Exploits Fake Trading Apps on Major Platforms

Group-IB has uncovered a large-scale fraud campaign using fake trading apps on the Apple App Store and Google Play Store, alongside phishing sites, to deceive victims. This campaign is part of a broader consumer investment fraud scheme, commonly referred to as “pig butchering.” Here, victims are coaxed into investing in cryptocurrencies or other financial products after gaining their trust under the pretense of a romantic relationship or as a financial advisor.

The fraud typically results in victims losing their funds, with some targeted further for additional fees and payments. The Singapore-based company confirmed that the campaign has a global reach, affecting victims in the Asia-Pacific, Europe, Middle East, and Africa. The fraudulent apps, created using the UniApp Framework, have been labeled “UniShadowTrade.”

International Law Enforcement Targets LockBit Ransomware Group

A coordinated law enforcement operation has led to four arrests and the dismantling of nine servers tied to the LockBit ransomware group, also known as Bitwise Spider. This crackdown targets a group that was once among the most financially motivated cybercriminal organizations.

Among those arrested were a suspected LockBit developer in France, two individuals in the U.K. allegedly supporting an affiliate, and a Spanish administrator of a bulletproof hosting service used by the ransomware group, according to Europol. Authorities have also exposed a Russian national, Aleksandr Ryzhenkov, believed to be a key member of Evil Corp, while linking him to LockBit. Sanctions have been placed on seven individuals and two entities tied to the e-crime syndicate.

TIAA Confirms Data Breach Impacting Nearly 9,000 Customers

TIAA, a major retirement service provider for university professors and non-profits, has reported a data breach involving clients’ private information. According to the Maine Attorney General’s office, the breach impacted 8,977 customers, including 81 Maine residents. TIAA manages $1.2 trillion in client assets.

The breach occurred on October 29, 2023, and was reported four days later. It was described as an “external system breach” or hacking incident on the Maine Attorney General’s data breach notification site.

Hackers Pose as Royal Mail to Deploy Destructive Prince Ransomware

Cybersecurity researchers have uncovered a new campaign where hackers impersonated Royal Mail to distribute Prince ransomware, targeting victims in the U.S. and the U.K. The attacks occurred in mid-September and affected a limited number of organizations, as noted by cybersecurity firm Proofpoint.

Prince is a ransomware variant available on GitHub, developed entirely in the Go programming language. It is designed to make files unrecoverable using traditional tools, ensuring only the designated decryptor can restore them. Unlike typical ransomware attacks, this campaign appeared to have a destructive aim, as it lacked any decryption or data exfiltration mechanism.