• The Endless Struggle Against APT10: Insights from LODEINFO v0.6.6 - v0.7.3 Analysis - LODEINFO is a fileless malware that has been observed in campaigns that start with spear-phishing emails since December 2019. The infection is known to occur when a user opens a malicious Word file (hereafter Maldoc) attached to the spear-phishing email. (Excel files were also abused in the early days.)
  According to information released by security vendors, APT campaigns using LODEINFO target Japanese media, diplomacy, public institutions, defense industries, and think tanks. It is also suggested that the infamous APT group called APT10 is involved given the similarities in their methods and malwares.

• Nigerian 'Yahoo Boys' Behind Social Media Sextortion Surge in the US - Teenagers from Western English-speaking countries are increasingly targeted by financial sextortion attacks conducted by Nigeria-based cybercriminals, the Network Contagion Research Institute (NCRI) has found.

  A majority of these happen on social media platforms like TikTok, Snapchat, Instagram, and Wizz.

  Financial sextortion, the illegal act of adults manipulating minors, or other adults, into sharing sexually suggestive content online to extort their money, is the most rapidly growing crime targeting children in the US, Canada, and Australia, a new NCRI report said.

• Trusted Domain, Hidden Danger: Deceptive URL Redirections in Email Phishing Attacks - In this ever-evolving landscape of cyberthreats, email has become a prime target for phishing attacks. Cybercriminals continue to adapt and employ more sophisticated methods to effectively deceive users and bypass detection measures. One of the most prevalent tactics nowadays involves exploiting legitimate platforms for redirection through deceptive links. In this blog post, we'll explore how trusted platforms are increasingly being exploited as redirectors, highlighting the risks and the latest trends that users and businesses alike should be aware of.
  Abuse of trusted platforms for redirection involves the use of legitimate websites that are cleverly designed to redirect unsuspecting users to unwanted URL destinations.

  ---

Insight

North Korean Hackers Launch Stealthy RokRAT Backdoor Attack via Duplicitous Research Documents

North Korean Hackers Launch Stealthy RokRAT Backdoor Attack via Duplicitous Research Documents

In the latest cyber espionage saga, North Korean hackers, identified as ScarCruft, have weaponized what masquerades as technical threat research to compromise media organizations and experts engaged in North Korean affairs. This December 2023 campaign marks a chilling evolution in the group's modus operandi, as reported by SentinelOne researchers Aleksandar Milenkoski and Tom Hegel. 

The deployment of a faux research report as a decoy underscores a cunning strategy targeting the intellectually curious—specifically cybersecurity professionals who consume threat intelligence. This nefarious tactic has led to the discreet delivery of the RokRAT backdoor, enabling unauthorized access and control over the compromised systems. 

The technical sophistication and strategic execution of these attacks not only reveal the expanding capabilities of ScarCruft but also signify an unsettling trend of state-sponsored cyber operations. The group's relentless pursuit of confidential information continues to pose a significant threat to global digital security, particularly for those with a focus on the enigmatic hermit kingdom. 

As the cyber community grapples with these revelations, the imperative for heightened vigilance and robust defense mechanisms against such disguised assaults has never been greater. The unfolding narrative of ScarCruft's activities serves as a stark reminder of the complex and shadowy nature of digital warfare in the modern era. 

The emergence of ScarCruft's latest campaign is a stark reminder of the constant and evolving cyber threats posed by state-sponsored actors. Organizations and individuals, especially those dealing with sensitive information on North Korean affairs, must elevate their cyber defenses and remain ever-vigilant. Verify sources meticulously, be wary of unsolicited research reports, and maintain robust security practices. 

If you find yourself targeted, act swiftly to secure your networks and seek assistance from cybersecurity experts. It's imperative to report any suspicious activities to the appropriate authorities to aid in the collective effort against such cyber espionage. By staying alert, educating ourselves and our colleagues, and reinforcing our cyber defenses, we can safeguard our critical information and systems from the sophisticated tactics of groups like ScarCruft. 

Scammers Corner

The $6m Dollar Scam: Bling Watches, Broken Hearts, and the Curious Tale of “Classic Baggie”

A long time ago, I met Geoff White when he was Technology Editor for the prestigious UK news programme “Channel 4 News”. Back then, we explored how many webcams in the UK were actually open to the world, and even ended up writing a little web application to show all these open feeds. It didn’t make it to air as some of the webcam content was a little surprising (my memory of the morgue cam still lingers to this day!) Now, Geoff is working as an excellent and incisive investigative reporter with an accent on cybercrime and fraud.

In his compelling article, he delves into the life of Mike Hermann, a luxury watch seller who found himself enmeshed in a fraudulent network after selling a watch to African celebrity Davido. This sale, while seemingly a breakthrough, led to his involvement with Classic Baggie, a figure linked to large-scale romance frauds and financial crimes. The story explores the depths of international fraud, following money trails from unsuspecting victims to sophisticated laundering operations, illustrating the dark underbelly of online scams and the tragic human cost involved. For an in-depth understanding of this complex web of deceit, Geoff's full article on LinkedIn provides a detailed narrative. Read more below:

Bling Watches, Broken Hearts, and the Curious Tale of “Classic Baggie”

The Deep Dive

Breaking the Chains: Why Traditional Cybersecurity Training Fails, and How Behavioral Analysis is the Game-Changer

Introduction

In the digital arena where cyber threats evolve at lightning speed, the traditional cybersecurity awareness programs stand like ancient sentinels — outdated and increasingly ineffective. For CISOs and end-users alike, these archaic programs have become a source of deep frustration. This essay dives into the heart of this growing discontent and illuminates how the dynamic field of applied behavioral analysis (ABA) could be the silver bullet in reshaping cybersecurity training.

The Achilles' Heel of Knowledge-Based Programs

Traditional cybersecurity training, with its rigid, knowledge-heavy approach, is faltering under the weight of its own limitations:

1. Engagement Drought: These programs often fail to captivate, turning critical learning into a forgettable tick-box exercise, leaving users disengaged and unprepared.
2. A Misfit Model: The cookie-cutter nature of these programs clashes with the diverse technological landscapes and learning styles of users, leading to a disconnect.
3. Battle Against Evolving Threats: In a world where cyber threats metamorphose overnight, the static, unyielding structure of traditional training is like bringing a knife to a gunfight.
4. Surface-Level Compliance: Prioritizing compliance over deep understanding, these programs often miss the forest for the trees, leading to a fragile facade of cybersecurity awareness.

The Dual Frustration of CISOs and Users

CISOs are caught in a Sisyphean struggle, constantly pushing the boulder of cybersecurity awareness uphill, only to watch it roll back down in the face of evolving threats. End-users, on the other hand, are mired in the monotony of irrelevant and uninspiring training, making them unwittingly vulnerable in the cyber battleground.

The Rise of Applied Behavioral Analysis

Enter ABA, a strategy that zooms in on behavior rather than rote learning. It's a paradigm shift, transforming the way cybersecurity awareness is approached:

1. Tailored Learning Journeys: ABA personalizes the learning experience, acknowledging the unique behavioral patterns of each user.
2. Instant Feedback, Instant Growth: With its emphasis on immediate feedback, ABA reinforces good cyber habits and quickly course-corrects risky behaviors.
3. Beyond the Scoreboard: ABA looks at behavioral change as the true north of cybersecurity efficacy, not just test scores.
4. Ahead of the Threat Curve: The adaptive nature of ABA ensures that users are not just reacting to threats but anticipating them, staying one step ahead.

Crafting the ABA Cybersecurity Blueprint

To harness the power of ABA in cybersecurity, organizations need to:

• Conduct deep behavioral dives to decode the existing cybersecurity posture of users.
• Craft bespoke training that speaks directly to the specific behavioral needs.
• Embrace gamification and real-world simulations for sticky learning experiences.
• Provide continuous, real-time feedback as both a rudder and an anchor for positive cyber behaviors.
• Keep the training alive and kicking with regular updates mirroring the latest cyber threats.

Conclusion

The pivot from knowledge-based to behavior-centric cybersecurity training is more than a change; it's a revolution. In this new era, ABA doesn't just teach cybersecurity; it ingrains it as a reflex, an instinct. For CISOs and end-users, it's a pathway out of frustration and into empowerment. As we stand on the brink of this exciting shift, the message is clear: in the cyber warfare of tomorrow, it's not just what you know, but what you do that counts. ABA is not just changing the game; it's redefining it.

And Finally ….

This week in the realm of cybercrime, espionage, and extortion, several important developments have emerged:

1. International Cybercrime Treaty Negotiations: At the United Nations headquarters in New York, the final negotiating session of an international cybercrime treaty is taking place. This treaty aims to set a global standard for combating cybercrime. The U.S. is pushing for stricter mandates against hacking and data tampering, emphasizing international cooperation and human rights.
2. Rising Threat of AI in Cybercrime: The UK's National Cyber Security Centre has warned that artificial intelligence (AI) is making it easier for amateur cyber scammers to conduct sophisticated phishing attacks using fake emails that appear genuine. This highlights the growing need for advanced cybersecurity measures in the face of AI-driven threats.
3. Disinformation Campaigns and Cyberattacks in Taiwan: Taiwan successfully countered a Chinese disinformation campaign during its recent election. The government, media, and civil society collaborated to quickly debunk rumors and false narratives. Additionally, cyberattacks designed to crash networks in Taiwan saw a significant spike in the final quarter of 2023, emphasizing the growing intensity of cyber threats.

These developments indicate a rapidly evolving cyber threat landscape, where international cooperation, advanced technologies, and comprehensive societal responses are becoming increasingly crucial in the fight against cybercrime and espionage​.

Join us next week when we’ll be examining some interesting and thorny topics, including the FBI investigation of tech support exploiting senior citizens, the malevolent extortion threats from deepfake porn, and the malicious and stealthy Drainer-as-a-Service attack on cryptocurrencies.

Thanks for reading Cyberwarfare, Espionage & Extortion! Subscribe for free to receive new posts and support my work.

Follow My Socials

- Computercrime on LinkedIn
- X (formerly Twitter)
- That Fraud Guy on Mastodon
- Read my stuff on Dark Reading