Kosovo’s Illicit Marketplace ‘Rydox’ Closed Down

ISMG provides a weekly roundup of global cybersecurity incidents and breaches. This week’s highlights include the closure of a Kosovar illegal online marketplace, a security report revealing inadequate defenses within a German government network, and an investigative effort by Spanish authorities into the theft of mobile account data affecting billions of users. Furthermore, Operation PowerOFF successfully dismantled DDoS platforms as the holiday season approaches, while Google released a crucial patch for Chrome and European law enforcement uncovered an Airbnb-related phishing ring. Additional incidents involved a data breach at a Peruvian university and disruptions at a U.S. medical device manufacturer linked to data theft. Researchers also disclosed Android spyware utilized by Chinese authorities.

See Also: 57 Tips to Secure Your Organization

An international law enforcement operation spearheaded by the United States has resulted in the shutdown of a notorious online criminal marketplace run by alleged Kosovar cybercriminals. The U.S. Department of Justice has unsealed an indictment against Ardit Kutleshi, 26, and Jetmir Kutleshi, 28, alongside a third accomplice, Shpend Sokoli, highlighting their alleged roles in operating the “Rydox” marketplace.

Following their arrest by Kosovo police, both Kutleshis are awaiting extradition to the United States, while Albanian authorities have taken custody of Sokoli, who faces charges in his home country. The Malaysian police have also confiscated servers located in Kuala Lumpur that were utilized by Rydox.

According to prosecutors, Rydox marketed over 321,372 cybercrime-related products to more than 18,000 users, including stolen personal data, account credentials, and various cybercrime tools. The operations reportedly generated over $230,000 since its inception in early 2016, with alleged registration fees paid in cryptocurrency. The charges against the Kutleshis include multiple counts of identity theft and money laundering, potentially resulting in prison sentences totaling up to 55 years if convicted.

In its December update, Microsoft has resolved 71 security vulnerabilities, including a critical zero-day flaw designated as CVE-2024-49138. This vulnerability, affecting the Windows Common Log File System driver, was being actively exploited prior to the patch’s release, allowing attackers to gain elevated privileges that could enable arbitrary code execution.

This update addresses 16 critical vulnerabilities, primarily centering on remote code execution risks, as part of a broader initiative to secure user environments against sophisticated cyber threats.

A recent investigative report from Germany’s Bundesrechnungshof, the federal audit office, has highlighted significant cybersecurity gaps within the German Interior Ministry. Their analysis revealed that 52 organizations connected to the ministry’s secure communication network failed to meet critical security protocols, potentially leaving them vulnerable to cyberattacks.

Notably, 45 of these organizations did not implement a transport layer security proxy, a crucial encryption method introduced in 2019 designed to protect sensitive communication traffic. This deficiency in adherence to security protocols underscores the importance of maintaining rigorous cybersecurity measures across government agencies.

In Spain, authorities are investigating a significant data breach involving the exfiltration of two billion mobile phone subscriber records from the national market competition authority. The National Court reported that hackers accessed approximately 240 gigabytes of sensitive account information, raising concerns regarding the security protocols in place to protect user data.

Law enforcement agencies in 15 countries have collectively dismantled 27 online platforms associated with distributed denial-of-service (DDoS) attacks during an operation termed “Operation PowerOFF.” This preemptive action is critical in mitigating potential threats during the heightened risk period around the holidays, when cybercriminals typically escalate their activities.

Google has initiated the rollout of a Chrome update to rectify three high-severity vulnerabilities that could have significant impacts on user security. These vulnerabilities include a type confusion flaw that may lead to arbitrary code execution, as well as issues within browser functionalities that could facilitate exploitation. Details on the exact nature of the third flaw have been withheld to limit the potential for malicious activities before users can apply the update.

Authorities in Belgium and the Netherlands have successfully dismantled an international cybercrime ring that utilized Airbnb rentals for conducting phishing scams. Europol has coordinated this operation, resulting in multiple arrests and the seizure of various assets linked to fraudulent activities, highlighting the evolving tactics employed by cybercriminals.

The Peruvian University of Applied Sciences is currently investigating a data breach that resulted in the theft of student information, including names and emai addresses. Public disclosures indicate that the breach encompassed more than 25 gigabytes of sensitive data, emphasizing the need for improved cybersecurity measures within educational institutions.

U.S.-based medical device manufacturer Artivion has reported a cybersecurity incident that disrupted several operational functions due to data encryption and theft. While the organization has indicated that the incident has not severely impacted its financial standing, ongoing assessments are being conducted to fully understand the implications of the breach.

Lookout has identified a Chinese surveillance tool named EagleMsgSpy that employs malware techniques to harvest user data from Android devices. This tool, part of broader monitoring efforts by Chinese authorities, facilitates extensive data collection, raising significant privacy and cybersecurity concerns.

Latest Developments in Cybersecurity

This report features contributions from Information Security Media Group’s Marianne Kolbasuk McGee, Akshaya Asokan, and David Perera.