Admin of Suspected XSS Cybercrime Forum Taken into Custody

Information Security Media Group provides a weekly summary of cyber incidents globally. This week, authorities arrested the suspected admin of the XSS cybercrime forum in Ukraine. Clorox has initiated legal action against Cognizant after a breach, while Lumma Stealer malware has resurfaced. New York is enacting water system regulations, maritime cyber rules are now in effect, and a new variant of the Coyote banking Trojan is in circulation. Furthermore, hackers compromised sensitive details related to Mexico City’s auxiliary police, and cyberattacks are escalating in Latin America. Additionally, World Leaks has stolen synthetic data from Dell.

Ukrainian authorities have detained the alleged administrator of the XSS cybercrime forum, a platform linked to Russian-speaking cybercriminals. Europol announced the arrest occurred following an investigation launched by French authorities in July 2021. The XSS forum, operational since 2013, had over 50,000 registered users, facilitating the exchange of stolen data and malicious software.

The detained individual, an unidentified man from Kyiv, is also accused of managing a private messaging service for cybercriminals. According to Europol, he was not merely an administrator but an active participant in illicit activities on the forum, brokering disputes and ensuring transaction legitimacy. The forum reportedly generated over €7 million in advertising revenue.

The growing intensity of law enforcement’s crackdown on cybercrime forums, including past actions against platforms like Cracked and Nulled, exemplifies the increasing risks associated with running such networks. While server seizures and arrests may disrupt operations, they often lead to the emergence of new groups, infusing uncertainty into the landscape and fostering distrust among participants.

In a significant legal move, Clorox has filed a $380 million lawsuit against Cognizant, a prominent IT service provider, alleging negligence that facilitated a major cyber incident in August 2023. The suit, filed in California, claims that Cognizant’s service desk staff improperly verified a cybercriminal impersonating a Clorox employee, thereby granting access to critical corporate systems.

The lawsuit details over $380 million in damages, highlighting more than $49 million in direct remediation costs incurred due to Cognizant’s alleged mishandling of established security protocols. The incident has been linked to the ‘Scattered Spider’ cybercrime group, known for utilizing social engineering to compromise corporate networks.

Cognizant’s spokesperson defended the firm’s role, attributing the incident to Clorox’s internal security failures. The suite claims the attacker accessed Clorox’s multi-factor authentication systems and reset crucial credentials without proper alerts to management, leading to major operational disruptions.

Following a coordinated takedown led by U.S. federal law enforcement in May, indications reveal that Lumma Stealer malware has re-emerged. Cybersecurity firm Trend Micro reported that operations related to Lumma appear to have resumed rapidly, now utilizing more discreet distribution channels and improved evasion techniques.

Lumma Stealer is commonly employed by cybercriminals, serving as a precursor to larger ransomware attacks. Observations indicate rapid recovery efforts by Lumma’s operators, who have reinstated command and control capabilities, utilizing hosting services less likely to cooperate with authorities.

New York State has proposed new cybersecurity regulations aimed at safeguarding water and wastewater systems from escalating cyber threats. Governor Kathy Hochul announced the regulations, which are currently open for public comment and target community water systems serving over 3,300 residents, necessitating vulnerability assessments and incident reporting protocols.

These regulations follow previous federal attempts to enforce cybersecurity assessments in water systems, which were halted by judicial intervention. By demanding increased cybersecurity measures in this critical infrastructure sector, New York seeks to bolster defenses against growing cyber threats.

The U.S. Coast Guard’s cybersecurity rules for the maritime sector have now come into full effect. Applicable to all U.S.-flagged vessels and related facilities, these regulations require the establishment and maintenance of comprehensive cybersecurity plans, ensuring accountability through designated officers.

Mandatory cybersecurity training will be compulsory by January 12, 2026, with full compliance regarding risk assessments and plan submissions required by mid-2027. This regulatory framework aims to address vulnerabilities in maritime cybersecurity, significantly enhancing industry preparedness.

A new strain of the Coyote banking Trojan has emerged, leveraging the Windows UI Automation framework to pilfer banking and cryptocurrency credentials from users. Targeting victims across 75 different financial institutions in Brazil, this malware represents a notable evolution in how attackers exploit system functionalities for stealthy operations.

Once installed, Coyote gathers critical system information and continuously scans for financial activities, employing sophisticated methods to operate undetected. This persistent threat exhibits an ability to resume operations even in offline conditions, emphasizing the adaptability of modern banking Trojans.

A hacker has exposed sensitive data disclosing the real-time locations of auxiliary police officers in Mexico City. The breach reportedly comprises geographic coordinates, full names, patrol schedules, and personnel photos. Identified as “Fantom Security,” the hacker has publicized a sample of the information and claimed access to a database containing over 20,000 records.

Cybercrime has escalated in Latin America during the first half of the year, with government and healthcare sectors being the most affected. Recent findings indicate the public sector suffered a significant volume of cyberattacks, with attackers employing ransomware, data breaches, and denial-of-service tactics to disrupt essential services.

As digital transformation accelerates without commensurate cybersecurity investments, agencies find themselves increasingly vulnerable. The surge in attacks across Brazil, Mexico, Colombia, and Argentina underscores the pressing need for increased security measures in critical infrastructure.

A cyber extortion group operating under the name “World Leaks” has breached Dell’s Customer Solution Centers, which are utilized for product demonstrations. This group has initiated attempts to extort the company following the breach. Dell confirmed the unauthorized access, stating the impacted platform is isolated from core networks and primarily contains non-sensitive synthetic data.

The attackers, however, mistakenly believed they acquired valuable information; the breach primarily yielded outdated contact lists and mock datasets. While the details surrounding the breach’s execution remain unclear, Dell has stated that an investigation is ongoing.

Other Stories From Last Week

Reporting contributed by Information Security Media Group’s Gregory Sirico and David Perera.