A prolific group of threat actors are menacing companies under the banner of “Marko Polo.”
Researchers with the Recorded Future Insikt Group said the criminal hackers are behind at least 30 cybercrime scams, including malware, phishing and cryptocurrency fraud.
It is said that the crew has managed to snare tens of thousands of victims with these schemes.
“Through social engineering tactics, the group has primarily targeted cryptocurrency influencers and online gaming personalities — individuals generally regarded as more cybersecurity-savvy than the average internet user,” wrote the Insikt Group.
“Despite their heightened awareness, these individuals have fallen victim to well-crafted spear phishing attacks, often involving fake job opportunities or partnerships.”
According to the Insikt Group researchers, what makes the Marko Polo malware group stand out amongst other cybercrime operators is its brazenness. While other threat actors may opt for custom-made malware and boutique information stealers that try to fly under the radar, this crew chooses quantity over quality.
The Insikt Group experts estimate that Marko Polo has been tossing no less than 50 different families of malware at the wall in an effort to see what sticks.
The result is a mashup of attacks and exploits that might not be pretty, but yield significant results. The researchers estimate that the combined takings of the 30-some operations have brought in millions of dollars in profits.
The money comes from a variety of sources, ranging from stolen cryptocurrency accounts to ransomware infections and extortion payments.
“For businesses, the threat is twofold: first, by compromising sensitive data, and second, by damaging a company's reputation,” said Insikt Group.
“Consumers whose data is exposed face identity theft and financial ruin, while companies must contend with data breaches that could disrupt operations and lead to legal liabilities.”
Fortunately, there is a plan of action to deal with the infections. Because the group uses known malware samples, updating signature detection will allow defenders to catch the majority of attacks.
Outside of that, the Insikt Group recommends administrators follow best practices such as keeping current with updates and training end users on how to spot spear phishing and scams.
