Cyber Threat Update

July 29, 2022by Christine Becker

Unfortunately, cybercriminals aren’t taking any time off this summer. Here’s a round up of a few recent attacks to keep in mind:

Cryptocurrency Scams

The New Jersey Cybersecurity & Communications Integration cell has received reports of stolen cryptocurrency. The FBI also issued a notification alerting financial institutions and investors that cybercriminals are creating fraudulent cryptocurrency investment apps. 

The cybercriminals were using tactics such as social engineering to contact investors and convince them to download the apps and visit associated fake websites which seemingly had legitimate business names, logos, and other information. 

At least 244 victims were identified, resulting in $42.7 million in losses. 

H0lyGh0st Ransomware

Microsoft Threat Intelligence Center (MSTIC) researchers identified that a North Korea-based hacker group called DEV-0530 has been using something called H0lyGh0st ransomware to target small and medium-sized businesses since June 2021. 

So far, victims have included banks, schools, manufacturers, and event/meeting planning companies. Notably, MSTIC found that some of the infrastructure overlaps with PLUTONIUM, another North Korean threat actor group. 

Skimming Attacks

NJCCIC also reported that two active Magecart campaigns are targeting restaurants using MenuDrive, Habortouch, and InTouchPOS online ordering systems. At least 50,000 credit cards have been compromised. These cards were listed for sale on the dark web – impacting over 300 small businesses. 

Magecart attacks are web-based credit card skimming operations in which malicious JavaScript code is sent into payment portals to steal card data as customers check out. 

Cybersecurity Giant Targeted

Cybersecurity giant Entrust confirmed it was hit by a cyberattack last month. The Minneapolis-based firm, which describes itself as a global leader in identities, payments, and data protection, told TechCrunch that an “unauthorized party” accessed parts of its system used for internal operations. 

A cybersecurity researcher named Dominic Alvieri obtained and released a July 6 notice sent to Entrust customers which cited the company CEO saying that “some files were taken from our internal systems.