CyberWire Daily: Black Basta Manhunt, UK Fraud Service, and CISA Nominee

Black Basta Hackers Targeted

• 🇺🇦 Ukrainian and German authorities have identified two Ukrainian nationals suspected of working for the Russia-linked ransomware group Black Basta.
• 🇷🇺 The group's alleged Russian leader has been placed on an international wanted list, with Black Basta extorting hundreds of organizations worldwide since at least 2022, causing hundreds of millions in damage.
• 🔍 Investigators seized digital devices and cryptocurrency during searches, with analysis ongoing.

UK's New National Fraud Reporting Service

• 🇬🇧 British authorities have launched Report Fraud, a new national service to transform how victims of fraud and cyber crime report incidents and how police act on them.
• 🏛️ This system replaces Action Fraud, which faced criticism for poor outcomes, and promises follow-up updates and real-time analytics for actionable intelligence.
• 📈 Fraud accounts for roughly half of all recorded crime in the UK, costing the economy billions annually.

LinkedIn Phishing and Browser Extension Attacks

• 📧 A phishing campaign is delivering malware through private messages on LinkedIn, abusing open-source tools to infect victims with a remote access Trojan (RAT).
• 🎯 The operation targets high-value individuals, including executives, using industry-themed lures.
• 💥 A separate maladvertising campaign is distributing a fake ad blocker extension called Nex Shield, which deliberately crashes browsers to deliver malware via a new ClickFix variant dubbed Crash Fix.

Ingram Micro Data Breach and Access Broker Guilty Plea

• 💾 IT distributor Ingram Micro disclosed a ransomware-related data breach affecting over 42,000 individuals after detecting a cyber intrusion in early July of last year.
• 💰 A Jordanian national has pleaded guilty in US federal court to selling stolen access to corporate networks, admitting to selling unauthorized login credentials tied to at least 50 victim organizations.

Business Breakdown and CISA Nomination

• 💰 Over $350 million was raised across seven investments and five acquisitions in the cybersecurity sector.
• 🏢 CrowdStrike acquired SGNL for $740 million and Seraphic for $420 million to enhance its Falcon platform.
• 🏛️ Tim Starks discusses the surprising renomination of Sean Plankey to lead CISA, noting that his nomination had been previously stalled by Senate Republicans over unrelated issues.

Funeral Industry Security Gaps

• 🇰🇷 In Korea, eight affiliates of the Kawan group are under government investigation following a ransomware attack, exposing significant security gaps in the funeral industry.
• 🔒 None of the country's top funeral service providers have obtained information security management system certification, operating in a regulatory gap despite handling sensitive data and significant prepaid funds.
• ⚠️ Experts note that ransomware groups favor industries with steady cash flow, sensitive data, and thin defenses.