Cyber Security Today, April 7, 2023 – Microsoft and Fortra go after Cobalt Strike abusers, a new online criminal marketplace, and more

Share post:

Microsoft and Fortra go after Cobalt Strike abusers, a new online criminal marketplace, and more.

Welcome to Cyber Security Today. It’s Friday, April 7th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Microsoft, Fortra and the Health sector information and sharing analysis centre (Health-ISAC) are going after a big tool used by threat actors: Cracked versions of Fortra’s Cobalt Strike software. Cobalt Strike is sold to legitimate penetration testers. But crooks have been copying and re-selling it so it can be used to orchestrate an attack on a vulnerable network. The three organizations said Thursday they have been granted a court order by an American judge allowing them to disrupt the IT infrastructure threat actors are using with Cobalt Strike. Disrupting cracked legacy copies of Cobalt Strike will hopefully slow its use in cyberattacks and ransomware.

A new online marketplace for buying and selling tools and goods for cybercrooks has emerged. According to researchers at Resecurity, it’s called Styx. It may have quietly been around since last summer but it seems to have officially opened at the beginning of the year. It focuses primarily on financial fraud, money laundering, and identity theft. Crooks can buy and sell cash-out services, data dumps, SIM cards, denial of service tools, multifactor authentication bypasses, fake and stolen IDs and much more. With the closing this week of the Genesis Marketplace, Styx may be where a number of crooks will take their business.

There’s another online place where threat actors are increasingly doing business: The Telegram messaging service. According to researchers at Kaspersky, use of Telegram by crooks has been soaring since the end of 2021. It’s especially popular with those creating phishing emails. They use Telegram for everything from automating their workflows to selling phishing kits to other hackers. In fact, Telegram is a platform for those who want to learn for free how to start sending phishing emails. If they have money they can buy phishing pages with geoblocking functions, stolen bank login credentials or bots that be used to bypass multifactor authentication. One wonders why Telegram doesn’t do more to stop this.

The website of the United Kingdom’s criminal records office, known as ACRO, has been closed following a cyber incident. Instead of being able to apply online for a copy of a criminal record or a police certification, users temporarily have to email their requests. The attack ran between January 17th and March 21st. ACRO has emailed people who made online applications between those dates, because their names, addresses phone numbers and any criminal conviction data may be at risk.

Finally, Ukrainian hackers from the Cyber Resistance Group claim they sent tens of thousands of dollars of sex toys to a pro-Russian blogger. Why? He had raised $25,000 to buy drones to assist Russian troops fighting in Ukraine. Instead they spent it for him. They allegedly spent broke into his account on the AliExpress online shopping market and bought him dildos and strap-ons. According to security reporter Graham Cluley, the blogger admitted his shopping account was hacked.

That’s it for now. But later today the Week in Review podcast will be out. This week guest David Shipley of Beauceron Security and I will talk about the takedown of the criminal Genesis Marketplace, the 3CX supply chain attack and the newest ransomware strain.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

The post Cyber Security Today, April 7, 2023 – Microsoft and Fortra go after Cobalt Strike abusers, a new online criminal marketplace, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

A new North Korean ransomware gang spotted, and more Welcome to Cyber Security Today. It's Wednesday, May 29th, 2024....

GPT outperforms financial analysts in predicting company earnings. Hashtag Trending for Wednesday, May 28th, 2024

The US is widening the innovation gap with Europe when it comes to leveraging AI. Microsoft is pulling...

Microsoft tries to regain trust of government cybersecurity leadership

Microsoft has embarked on an aggressive campaign to restore and enhance its cybersecurity image and regain trust within...

Google suffers another embarrassing AI launch. Hashtag Trending for Tuesday, May 28th, 2024

London Drugs refused to pay ransom and data is leaked. Another epic AI fail from Google, Meta’s chief...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways