Admin of Suspected XSS Cybercrime Forum Arrested

Information Security Media Group reports on significant cybersecurity incidents each week. Recently, Ukrainian authorities arrested a suspected admin of the Russian-speaking cybercrime forum XSS, while Clorox filed a lawsuit against Cognizant following a major data breach. Additional developments include new regulations for New York’s water systems, fresh maritime cybersecurity standards, the emergence of the Coyote banking Trojan, and rising cyberattacks in Latin America. Notably, World Leaks has reportedly compromised Dell’s demo platform.

Ukrainian law enforcement recently apprehended a suspect believed to be running the XSS cybercrime forum, as confirmed by Europol. This forum has been operational since 2013, hosting over 50,000 users and facilitating the exchange of stolen data and malware.

An investigation initiated by French authorities in July 2021 culminated in the arrest of the unidentified individual from Kyiv. The suspect is implicated in managing a private messaging service designed for cybercriminals, actively participating in the forum’s activities, including resolving disputes and overseeing transactions. Reports indicate that his operations generated over 7 million euros in advertising revenue.

As law enforcement becomes increasingly effective in dismantling such platforms, the risks associated with running a cybercrime forum continue to grow. The apprehension of individuals associated with notorious forums reflects a broader effort to disrupt these networks.

In a significant legal move, Clorox has filed a lawsuit against its IT services provider, Cognizant, seeking $380 million in damages linked to a cyber incident in August 2023. The lawsuit accuses Cognizant of negligence for allegedly allowing a cybercriminal to impersonate a Clorox employee, leading to unauthorized access to sensitive systems.

The complaint details that Cognizant staff failed to implement necessary verification protocols, directly contributing to substantial operational disruption and financial loss for Clorox. Although the unauthorized access was resolved within hours, Clorox cites long-lasting impacts on operations, as manufacturing had to be halted, leading to product shortages.

In its defense, Cognizant contends that the cybercriminal employed straightforward social engineering techniques rather than sophisticated hacking tactics, emphasizing that Clorox should take responsibility for any internal cybersecurity shortcomings.

The Lumma Stealer malware has re-emerged with greater resilience following recent takedown efforts by U.S. federal law enforcement. Cybersecurity firm Trend Micro reports that within weeks of the seizure of leadership infrastructure, Lumma operations returned to normal, employing stealthier distribution methods to avoid detection.

This malware serves as an entry point for subsequent ransomware attacks, underscoring its ongoing utility among cybercriminals. Following the authorities’ actions, operators rapidly rebuilt their networks, utilizing less cooperative hosting services.

The New York State government has proposed advanced cybersecurity regulations specifically for water systems, aiming to bolster protection against increasing cyber threats. These regulations, which are open for public comment, target community water systems serving over 3,300 inhabitants and impose strict vulnerability assessments and prompt incident reporting requirements.

These measures come in response to federal attempts to standardize cybersecurity evaluations for water systems, although earlier initiatives faced legal hurdles. New York’s rules indicate a proactive approach to safeguarding essential services and critical infrastructure.

As part of enhancing maritime security, a U.S. Coast Guard regulation has taken effect that mandates comprehensive cybersecurity planning for all U.S.-flagged vessels and regulated facilities. These measures require operators to implement account security measures, appoint cybersecurity officers, and maintain robust incident response plans.

Compliance deadlines are set for the coming years, with full compliance required by mid-2027. This initiative reflects an urgent acknowledgment of cybersecurity’s critical role in maintaining operational integrity within the maritime sector.

A newly identified version of the Coyote banking Trojan exploits the Windows UI Automation framework to stealthily extract banking and cryptocurrency credentials from users in Latin America. This variant signifies a tactical evolution, utilizing legitimate operating system features to enhance its effectiveness and evade detection.

Once installed, the Trojan monitors system activities and searches for financial targets across a wide array of institutions, emphasizing the ongoing adaptability of cyber threats in exploiting technological capabilities for malicious ends.

A cyber extortion group known as “World Leaks” breached Dell’s Customer Solution Centers, primarily used for showcasing products to clients. Although Dell confirmed the breach, stating that the platform was isolated and contained largely non-sensitive data, the attackers aimed to extract value, believing they obtained sensitive information.

The breach raises concerns about the evolving landscape of cyber extortion, as attackers continuously adapt their tactics in pursuit of financial gain. While the specific entry method remains undisclosed, the incident highlights the importance of robust security measures even in seemingly low-risk environments.

Other Reports from Last Week

Reporting contributed by Information Security Media Group’s Gregory Sirico and David Perera.