Security News
Authorities have arrested a Moroccan citizen believed to have orchestrated cyberattacks against over one hundred websites, in addition to engaging in various other nefarious activities. Operating under the online moniker Dr HeX, the individual is believed to have defaced more than 130 websites between 2009 and 2018.
Wizard Spider, the notorious cybercrime gang that operated the TrickBot botnet and the Ryuk and Conti ransomware families, may have developed a new ransomware family, Fortinet reports. Dubbed Diavol, the ransomware shows similarities with Conti, but the observed attacks lack some of the tactics previously associated with Wizard Spider.
FortiGuard Labs security researchers have linked a new ransomware strain dubbed Diavol to Wizard Spider, the cybercrime group behind the Trickbot botnet. Diavol and Conti ransomware payloads were deployed on different systems in a ransomware attack blocked by the company's EDR solution in early June 2021.
A Ukrainian man has been sentenced to seven years in prison in the United States for his role within the cybercrime group known as FIN7. Operating since at least 2015, the financially-motivated FIN7 group targeted businesses worldwide to steal payment card data.
As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets. "Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains," researchers from Proofpoint said in a write-up shared with The Hacker News.
Just how did a self-employed web site designer and mother of two come to work for one of the world's most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her involvement with the gang? This post explores answers to those questions, as well as some of the ways Trickbot and other organized cybercrime gangs gradually recruit, groom and trust new programmers. The DOJ alleges Witte was responsible for "Overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware, the control and deployment of ransomware, obtaining payments from ransomware victims, and developing tools and protocols for the storage of credentials stolen and exfiltrated from victims infected by Trickbot."
At the latest Group of Seven summit, held June 11-13 in the UK, Western leaders called on Russia to take action against those who conduct ransomware attacks and other cybercrimes from within its borders. In a communiqué issued after the conclusion of the summit, G7 countries vowed to work together to "Further a common understanding of how existing international law applies to cyberspace" and collaborate to "Urgently address the escalating shared threat from criminal ransomware networks."
A Latvian woman has been charged with developing malicious software used by a cybercrime organization that infected computers worldwide and looted bank accounts of millions of dollars, the Justice Department said Friday. Alla Witte is charged as part of a 47-count indictment with participating in an organization known as the Trickbot Group, which authorities say operated in Russia and several other countries.
The Interpol has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers. Between September 2020 and March 2021, law enforcement focused on battling five types of online financial crimes: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.
Colonial Pipeline CEO Joseph Blount later acknowledged that his company ultimately paid the cybercriminals $4.4 million to unlock company systems, generating a great deal of controversy around the simple question, of whether companies should pay when their systems are held hostage by ransomware. Rather than debating what's ultimately a moral and ethical question that's been around since the dawn of humanity, the proper debate we should be having is about the critical role of technology at non-technology companies.