Tag: cybercrime
Game over for European criminal botnet networks
An international operation coordinated by Europol has resulted in several arrests and the takedown of numerous cybercriminal networks. The operation focused on tackling the growing problem of the weaponization of botnets, which are strings of connected computers. Cybercriminal gangs use botnets to install droppers, a type of malicious software designed to install other malware, such as ransomware, onto a targeted system. Between 27 and 29 May of this year, Europol’s “Operation Endgame” targeted droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. The actions focused on disrupting criminal services, making arrests, taking down criminal infrastructures, and freezing illegal proceeds.
Law Enforcement Ramp-Up Efforts to Capture ‘Emotet’ Mastermind – June 3rd
The law enforcement agencies behind Operation Endgame are seeking information about Odd, who is allegedly behind the ‘Emotet’ malware. Initially a banking trojan, the 'Emotet' malware evolved into a tool that delivers an array of payloads, including TrickBot, IcedID, QakBot, and others.
Feds bust $100m online drugs market ‘Pharoah’
On Saturday, US authorities arrested a 23-year-old Taiwanese man alleged to have operated and owned the infamous ‘Incognito’ dark web drug-dealing website. “Drug traffickers who think they can operate outside the law on the dark web are wrong,” said Attorney General Merrick B. Garland. “As alleged, Rui-Siang Lin was the architect of Incognito, a $100 million dark web scheme to traffic deadly drugs to the United States and around the world. The long arm of the law extends to the dark web, and we will bring to justice those who try to hide their crimes there,” commented Attorney General Merrick B. Garland yesterday.
FBI takes down BreachForums -again!
The US Federal Bureau of Investigation (FBI) is investigating the criminal hacking forum BreachForums after taking down its website last week. This follows the announcement in February of the seizure of the LockBit ransomware gang’s extortion website. “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services,” says an FBI advisory.
UK engineering giant hit by $25m deepfake scam
The firm that lost $25 million to deepfake video scammers in Hong Kong earlier this year has been revealed to be UK-based engineering firm Ove Arup. Ove Arup is known for world landmarks, including the Sydney Opera House. The company employs roughly 18,000 people worldwide and has annual revenues of over £2 billion. In early February of this year, Cyber Intelligence reported that an as-yet-unidentified firm in Hong Kong had been defrauded of roughly US$25 million by criminals using deepfake video technology to pose as the company’s corporate finance officer (CFO) and other trusted colleagues. Not knowing how sophisticated even off-the-shelf deepfake video has become, the staff member who had been targeted was totally duped by what he logically assumed must be his CFO asking him to make the $25 million transfer during the course of an entirely fake but highly convincing video conference. When the attack was originally reported, the Hong Kong police gave a stark warning:
Millions of emails distributing LockBit ransomware
Affiliates of the infamous ransomware group LockBit have launched a potentially devastating new weaponized email tactic designed to cause maximum disruption to millions of companies in the US and around the world. At the end of April this year, researchers at cybersecurity firm Proofpoint began to observe high-volume ransomware campaigns sending out millions of fraudulent emails over a one-week period, facilitated by the Phorpiex botnet. In all cases, email messages purported to come from “Jenny Green” with the email address Jenny@gsd[.]com. These contained an attached ZIP file capable of downloading the LockBit Black ransomware payload from Phorpiex botnet infrastructure.
FBI warns of fresh North Korean hacking tactic
The US Federal Bureau of Investigation (FBI) has issued a joint advisory warning of a new tactic being used by North Korean intelligence-gathering cyber group Kimsuky. The warning is squarely aimed at think tanks, academic institutions, non-profit organizations, and members of the media in Western countries. Despite North Korea’s previous reliance on revenue from international crime to finance its weapons and military programs, the FBI reports that Kimsuky’s role is intelligence gathering. Kimsuky exploits an improperly configured Domain Name System (DNS) to mimic legitimate email senders and hack targeted individuals. Without properly configured DNS Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies, malicious hackers can send spoofed emails as if they came from a legitimate domain’s email exchange.
‘Brute force’ cyber-attacks continue to escalate
Cybersecurity firm Okta reports a spike in ‘brute-force’ credential-stuffing attacks over the last month. This follows earlier reports of a spike in ‘brute force’ credential-stuffing attacks reported last week. Increasingly sophisticated ‘brute force’ attacks use trial and error techniques to crack passwords, login credentials, and encryption keys. New life is now also being breathed into what is essentially an old hacking technique, with widely available software using artificial intelligence (AI) that can carry out large numbers of attempts automatically.
Beware weaponized Google Ads
Cybercriminals are exploiting a previously unseen backdoor to substitute ‘malvertizing’, weaponized bogus ads to push them to the top of Google searches. The attacks are particularly dangerous to corporations of all sizes, as they are aimed squarely at in-house IT professionals, who invariably hold the keys to the organization’s digital kingdom The unknown threat actor(s) ' selection of spoofed software evidences that cybercriminals’ targets primarily consist of IT professionals, particularly those in IT security and network administration roles, according to research from Zscaler ThreatLabz. “Beginning in March of 2024, Zscaler ThreatLabz observed a threat actor weaponizing a cluster of domains masquerading as legitimate IP scanner software sites to distribute a previously unseen backdoor. The threat actor registered multiple look-alike domains…and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords,” says Zscaler ThreatLabz.
Rise in ‘brute force’ attacks on VPNs
The past four weeks have seen a sharp global increase in ‘brute force’ attacks on virtual private network (VPN) services, which supply private networks using encryption over the internet. ‘Brute force’ attacks use trial and error to crack passwords, login credentials, and encryption keys. New life has been breathed into what is an old hacking technique with widely available software using artificial intelligence (AI) that can carry out large numbers of attempts automatically. Cisco Talos Intelligence Group reports a sharp rise worldwide in this type of attack against targets, including virtual private network (VPN) services and web authentication interfaces. “Cisco Talos has been actively monitoring a global increase in brute-force attacks against a variety of targets, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services since at least March 18, 2024. The traffic related to these attacks has increased with time and is likely to continue to rise,” predicts Cisco Talos
US Data Compromises Double Year-on-Year
It's official – the US is losing the battle against cybercrime. The first quarter of this year has seen 841 publicly reported data compromises - a 90 percent increase compared to 442 compromises in Q1 2023. According to the Identity Theft Resource Center (ITRC), the picture may be even grimmer than these bald statistics suggest. Year-on-year, the number of cyberattack-related data breach notices without information about the root cause of the attack leapt from 166 in Q1 2023 to 439 in Q1 2024. This represents a staggering rise of 265 percent in unsolved data breaches.
Cyber gangs hold healthcare ransom
Cybercriminal groups have now completely abandoned any pretense that theirs are basically victimless crimes by attacking the healthcare sector with increasing ruthlessness. Healthcare, once said to be off limits to ‘responsible’ cyber criminals, is now the subject of an urgent warning from the Cybersecurity Coordination Center (HC3) of the US Department of Health and Human Services. “HC3 has recently observed threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations,” the warning states. Tactics include contacting an organization’s IT help desk with phone calls from a familiar area code and claiming to be an employee in a financial role.