Tag: federal bureau of investigation
BlackCat gives go-ahead for healthcare attacks
Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.
FBI declares cyber-war on China
US Federal Bureau of Investigation (FBI) director Christopher Wray used his keynote speech at the weekend’s Munich Cyber Security Conference, which many regard as the security version of Davos, to effectively declare cyber-war on the People’s Republic of China (PRC). “Our adversaries have been improving exponentially,” warns Wray. “Chief among those adversaries is the Chinese government…the cyber threat posed by the Chinese government is massive.” Wray added that China’s hacking program is larger than that of all the other major world nations combined and that the PRC is using AI technology stolen from the Western powers to vastly increase the present threat. The FBI director told the major world powers assembled in Munich at the weekend that a new enhanced level of cooperation between government agencies such as his and the private sector is the only way to counter this new Red Menace.
International Law Enforcement Seizes LockBit’s Website – February 20th
U.S. and U.K. authorities announced the seizure of the LockBit ransomware gang's extortion website. The "Operation Cronos" campaign was led by the UK's National Crime Agency, the US Federal Bureau of Investigation, and Europol, in collaboration with a coalition of police agencies from 9 countries globally. However, LockBit posted messages on an encrypted messaging app saying its backup servers were unaffected.
Ransomware payments top US$1 billion in 2023
Last year, ransomware payments topped US$1 billion for the first time. According to a report from blockchain analyst firm Chainalysis, in 2023 ransomware gangs reached “an unprecedented milestone” in extorted cryptocurrency payments. “This number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over US$100 million,” warns the report.
DDoS Attack on Pennsylvania Fails to Halt City Government – February 6th
Officials from the Administrative Office of Pennsylvania Courts announced their website was hit by a Distributed Denial of Service (DDoS) attack, which the city says did not compromise data or halt government operations. The attack is now being investigated by the U.S. Department of Homeland Security and the Federal Bureau of Investigation to uncover the hackers behind the attack and to ensure it is not a symptom of a larger-scale ransomware attack.
Critical infrastructure under increased attack
France-based Schneider Electric became the latest utility company to succumb to a ransomware attack on January 17, when some of its business divisions serving several critical industries were taken down. Although access to the system was eventually re-opened on January 31st, the incident underlines the growing seriousness of cyber-attacks aimed at the West’s critical infrastructure. Schnieder Electric has an annual turnover of over 42 billion and employs over 150,000 people. The ransomware attack on Schneider Electric coincides with news that, in the US, the Federal Bureau of Investigation (FBI) has recently neutralized a botnet controlled by a Chinese threat group. The White House had previously authorized the FBI to take down the botnet after federal agencies and private sector researchers had accused cyberespionage gang Volt Typhoon of a major campaign aimed at a wide range of the US’s critical infrastructure.
Sextortion racket triggers US youth suicides
Financial sextortion is now the most rapidly growing crime targeting American, Canadian, and Australian youth. The US Federal Bureau of Investigation (FBI) has called it: “a global crisis that demands everyone’s attention” - having observed a one thousand percent increase in financial sextortion incidents over the last 18 months. In a December 2023 hearing, FBI Director Wray warned Congress that sextortion is “a rapidly escalating threat,” and teenage victims “don’t know where to turn.” Almost all this activity is linked to West African cybercriminals known as the “Yahoo Boys”, who primarily target English-speaking minors and young adults on the online social networks: Instagram, Snapchat, and Wizz, according to the Network Contagion Research Institute (NCRI) report, “A Digital Pandemic: Uncovering the role of ‘Yahoo Boys’ in the Surge of Social Media-enabled Financial Sextortion Targeting Minors.
Schneider Electric Confirms Data Breach from Ransomware Attack – January 31st
Schneider Electric announced that they were hit by a ransomware attack on January 17th, resulting in a data breach exposing their customer's information. The 'Cactus' ransomware group claimed the ransomware attack. Schneider has since informed the affected customers of the breach, which include Hilton, Pepsico, and Walmart. The attack also caused Schneider to shut down several division-specific systems.
CISA and FBI Release IOCs Associated with Androxgh0st Malware – January 17th
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory (CSA) containing the Indicators of Compromise (IOC) associated with the Androxgh0st malware. The joint CSA also contained the dangerous Androxgh0st malware tactics, techniques, and procedures associated with the malware's threat actors. The malware establishes a botnet for victim identification, exploits vulnerable networks, targets the theft of sensitive data, and may lead to remote code execution.
North Korea Continues Crypto Theft Campaign – December 4th
A joint advisory by the Federal Bureau of Investigation (FBI), the Environmental Protection Agency, and the Cybersecurity Infrastructure and Security Agency (CISA) announced the Iranian-based threat actor group “Cyber Av3ngers” compromised over 200 internet-connected devices in the US. Suspected to be anti-Israeli by motive, the “Cyber Av3ngers” group was behind the Pennsylvania Water Authority hacks, disrupting an industrial control device that was made in Israel.
Pittsburgh-area Water Authority Hit by Cyber Attack – November 28th
The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend. According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as "Cyber Av3ngers". This nation-state cyberattack is not the first to disrupt critical water infrastructure.
Google to adapt email sender guidelines for heightened security – October 4th
In response to the increasingly hostile cyber environment, Google will tighten bulk email sending regulations next year. Reports say that the server plans to send new email sender guidelines in February, which will require senders of bulk email to authenticate their emails and adhere to stricter spam regulations.