Where do all those cybercrime payments go?

2021-07-09 18:57

Presumably conscious of the preceding Colonial Pipeline attack in which a $4.4 million blackmail payoff resulted in a decryptor that, though functional in theory, was worthless in practice because it ran far too slowly, the REvil crew even blithely claimed that their so-called universal decryptor would allow everyone to "Recover from attack [sic] in less than an hour".

Account privileges that attackers typically go after include the local SYSTEM account or even Domain Administrator, which puts the attackers on an equal footing with your own sysadmins.

Such as the notorious PrintNightmare bug in the Windows Print Spooler that was revealed in late June 2021, combined RCE with LCE/EoP, which makes them even more useful to cybercriminals because it means they can "Get in and go up" in one attacking move.0-Day or zero-day exploits are ones with no patch available.

0-Click attacks work without any user action required.

Even so-called 1-click or multi-click attacks can be truly dangerous, if those clicks don't produce any obvious "Are you sure?" warnings that might indicate that an attack was underway.

A 0-click attack typically works not only without any user action required, but also if the computer is locked, or even if no one is logged in at all, as is often the case on servers.

News URL

https://nakedsecurity.sophos.com/2021/07/09/where-do-all-those-cybercrime-payments-go/

#cybercrime #payment