During the month of October, one of the most recurring threats in Spain has been those involving malware specialized in information theft, known as infostealers. For some time now, it’s been common for cybercriminals to launch recurring campaigns aimed at acquiring user credentials.
Among the most well-known families of this type of malware, we find Redline Stealer, a threat that has been at the top of threat detection lists for several months. For this reason, we must highlight the significant news regarding the dismantling of the infrastructure of the Redline and Meta infostealers, following a police operation carried out by the Dutch National Police and other international partners such as the FBI.
This dismantling has led other families of infostealers to take over, and during the past month, we have detected numerous campaigns targeting Spain (and other nearby countries like Italy) involving Snake Keylogger. This threat continues to use emails with supposed invoices and estimates as its main attack vector, meaning that its techniques have not changed compared to those used by Redline.
Another police operation, carried out this time by the Civil Guard at Madrid-Barajas Airport, led to the arrest of one of the main individuals responsible for the infrastructure of the notorious Lockbit ransomware. This malware has affected around 2,500 companies in 120 countries, being one of the most feared threats for businesses and organizations worldwide for a long time.
Cyberattack on Internet Archive and phishing cases in Spain
One of the most notable cyberattacks in October was directed at The Internet Archive. This organization, considered by many to be the great library of the Internet, suffered a security breach that ultimately compromised the private data of 31 million users. To make matters worse, this organization also suffered DDoS attacks that prevented access to its website and, consequently, to the information stored there.
Regarding Spain, during the past month, numerous campaigns aimed at stealing information related to credit cards were once again observed. In these campaigns, criminals impersonated a logistics company like DHL, both in the email used as the initial attack vector and in the malicious website used to attempt to steal victims’ data.
We must also not forget the new techniques employed by criminals in several European countries, such as the use of QR codes to impersonate companies responsible for managing electric vehicle charging stations. Criminals use fraudulent QR codes placed over the genuine ones, leading users to fraudulent websites where their credit card information is stolen.