Security News
As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap. Global cyber insurance premiums hit $10 billion in 2021, according to Swiss Re's estimates.
The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cybercrime syndicate called Black Axe. "'Black Axe' and other West African organized crime groups have developed transnational networks, defrauding victims of millions while channeling their profits into lavish lifestyles and other criminal activities, from drug trafficking to sexual exploitation," the agency said.
INTERPOL has arrested over 70 suspected members of the 'Black Axe' cybercrime syndicate, with two believed to be responsible for $1.8 million in financial fraud. The crime syndicate first became involved with cybercrime in 2015, suspected of orchestrating numerous romance and "419 scams."
The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 through electronic payment systems like YooMoney, Qiwi, and WebMoney that are outlawed in the country. "It was them who used the received identification data of Ukrainian and foreign citizens to spread fake 'news' from the front and sow panic."
The criminal charges come as Iran has apparently stepped up its malicious activity against America and its allies - exploiting well-known software vulnerabilities to conduct espionage, deploy ransomware, steal money, data and credentials and good old-fashioned election misinformation and meddling, according to the government and private security firms. The trio are accused of conducting a hacking campaign to break into computer systems of "Hundreds of victims" in the US, UK, Israel, Iran and other countries, according to court documents [PDF].
Google says some former Conti ransomware gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations. Google TAG says its attribution is based on multiple overlaps between UAC-0098, Trickbot, and the Conti cybercrime group.
KELA surveyed 400 security team members in the US who were responsible for gathering cybercrime threat intelligence daily to better understand if they're proactively scanning the dark web and other cybercrime sources, what tools they're using, the gaps they see in their cybercrime threat intelligence approach, and more. "We found organizations may be less prepared for threats emerging from the cybercrime underground than they should be," said David Carmiel, CEO of KELA. "At KELA, our extensive intelligence expertise has shown us just how complex the cybercrime underground really is. The threats are much more comprehensive, and what organizations know and refer to as the dark web is changing within the hour."
The National Police of Ukraine took down a network of call centers used by a cybercrime group focused on financial scams and targeting victims of cryptocurrency scams under the guise of helping them recover their stolen funds. The fraudsters behind these illegal call centers were also allegedly involved in scamming citizens of Ukraine and European Union countries interested in cryptocurrency, securities, gold, and oil investments.
Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control framework in their intrusion campaigns as a replacement for Cobalt Strike. Sliver, first made public in late 2019 by cybersecurity company BishopFox, is a Go-based open source C2 platform that supports user-developed extensions, custom implant generation, and other commandeering options.
A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "Small crime threat actor."