Feb 16 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter with more left turns than a Nascar race.
Today’s hottest cyber security stories:
Strap in for this one, and if you never played Mortal Kombat then, well, our condolences to your evidently misspent childhood.
The ransomware problem seems to be getting worse and worse. That’s probably because, frankly, they keep working.
Criminals lock victims out of their computers and demand ransom money to let them back in. Simple. Effective. Diabolical.
The latest occurrence would have Scorpion himself hissing ‘toasty’ (those who know, know).
Unsuspecting organisations, small businesses, and even individuals receive a tasty looking phish in the form of an email containing a ZIP file but, if they are reeled in by the enticing entrée – oy vey! There’s a sting in the tail.
Don’t let Sub-zero freeze your bank account by luring you in with alluring crypto- themed email as is reportedly the elusive hacking collective’s favoured phishing rod.
As mentioned, the attacks focus primarily on individuals, small businesses, and large organisations, and have been detected by Cisco Talos intelligence group in the US, the UK (uh-oh!), Turkey, and the Philippines.
The clipper malware strain of the scam has been dubbed ‘Laplas’; this functions alongside the MortalKombat ransomware. Though, as we understand it, victims are ensnared by one or the other, not both.
What is MortalKombat?
MortalKombat ransomware encrypts system, application, backup, and virtual machine files in the compromised system. It further corrupts Windows Explorer, disables the Run command window, and removes applications and folders from Windows startup. ‘Flawless victory’, indeed.
Laplas, on the other hand is what’s known as a clipper virus…
Okay, so what’s a clipper virus?
Clipper is Malwarebytes’ generic detection name for a type of Trojan that tries to steal currencies from the affected system by stealing or manipulating the data on the Windows clipboard.
So yeah, think before you clink. I mean click.
This story will no-doubt have the far-right trolls of 4chan reaching for their tin foil hats. Time for another appearance on Alex Jones’ InfoWars eh, Kanye? Sorry: “Ye” 🙄
Kidding aside, an ex-Israeli special forces operative by the name of Tal Hanan has been exposed as a serial election meddler.
Trump was right, people! Although, Israel is fairly conservative, isn’t it? Maybe he was right, but the meddlers were on his side? That throws a spanner in the works. But who the hell knows.
Hanan goes by the pseudonym Jorge and leads a hacking group with the codename Team Jorge (egotistical much?).
He was unmasked by an international consortium of journalists, according to the Guardian. But is this a Watergate or a nothingburger?
It seems quite significant. Hanan of course has denied all wrongdoing. But the evidence against him and his merry band of election pirates is compelling.
Team Jorge launched fake social media campaigns in the UK, US, Canada, Germany, Switzerland, Mexico, Senegal, India and the United Arab Emirates (and more!).
Fake social media campaigns involve swathes of fake social media profile along with bots (computer generated avatars, essentially) pushing a certain narrative or causing disruption of some kind.
When executed effectively, they can muster up significant engagement from genuine profiles which can snowball to the point of poisoning the integrity of election results.
We’re living in a brave, new world. Chilling.
Scandinavian airline SAS (not that one) picked the wrong week to quit smoking (sorry kids, Airplane references galore) had its app compromised by a disruptive, though apparently not financially motivated, cyberattack.
Customers who tried to log into the SAS app were logged onto the wrong accounts and had access to personal details of other people. Norwegian newspaper Verdens Gang reported that this happened to Norwegian customers as well.
Reminds us of Tyler Durden nihilistically blowing up the credit company headquarters at the end of Fight Club or Heath Ledger’s Joker setting fire to the cash in Dark Knight.
“Some people just want to watch the world burn”, indeed.
A group called “Anonymous Sudan” had taken credit for the attack posting on Telegram that Swedish media would be attacked in response to Koran burnings in Sweden.
Geez, don’t piss off these guys. Some of them have a bit of a temper.
So long and thanks for reading all the phish!