Threat Context Monthly: Executive intelligence briefing for January 2024
Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.
Spotlight threat: X (Twitter) accounts hacked
Over the past few weeks there has been an uptick of compromises on the social media platform X (formerly Twitter) to promote cryptocurrency scams, phishing sites, and sites with crypto drainers. Some of the compromised accounts belong to government and business profiles, and marked with gold and grey checkmarks, giving more credibility to the fraudulent content.
Mandiant describes a Drainer-as-a-Service (DaaS) whose operators provide the drainer scripts to affiliates in exchange for a percentage of the stolen funds.
Some of the affected companies have revealed how these compromises occurred:
- CertiK: Social engineering attack by a threat actor using a verified but compromised account to initiate a phishing attack on an employee.
- Mandiant: Brute-force password attack that would have been mitigated with two-factor authentication (2FA).
- US Securities and Exchange Commission (SEC) has not provided details about the compromise, but X’s Safety account confirmed that in this case, the compromise was due to an unidentified individual obtaining control over a phone number associated with the SEC account through a third-party, and that the account itself did not had 2FA enabled.
Emerging threat update from KrakenLabs
A cracked version of the Zeppelin ransomware builder was put for sale on the RAMP underground forum for just $500. Outpost24 KrakenLabs analyst believe this could lead to a widespread of new variants and new RaaS groups.
Malware update from KrakenLabs
Threat actors behind the Akira ransomware family compromises are focusing on wiping the victim’s network-attached storage (NAS) devices usually used for backups as well as tape backup devices. This puts more pressure on the victim as there is no option of restoring data without paying.
Learn more about Threat Compass
Want more? Get started with Threat Compass to receive the latest actionable intelligence from our world-class in-house analyst team.