Security News
As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets. "Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains," researchers from Proofpoint said in a write-up shared with The Hacker News.
Just how did a self-employed web site designer and mother of two come to work for one of the world's most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her involvement with the gang? This post explores answers to those questions, as well as some of the ways Trickbot and other organized cybercrime gangs gradually recruit, groom and trust new programmers. The DOJ alleges Witte was responsible for "Overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware, the control and deployment of ransomware, obtaining payments from ransomware victims, and developing tools and protocols for the storage of credentials stolen and exfiltrated from victims infected by Trickbot."
At the latest Group of Seven summit, held June 11-13 in the UK, Western leaders called on Russia to take action against those who conduct ransomware attacks and other cybercrimes from within its borders. In a communiqué issued after the conclusion of the summit, G7 countries vowed to work together to "Further a common understanding of how existing international law applies to cyberspace" and collaborate to "Urgently address the escalating shared threat from criminal ransomware networks."
A Latvian woman has been charged with developing malicious software used by a cybercrime organization that infected computers worldwide and looted bank accounts of millions of dollars, the Justice Department said Friday. Alla Witte is charged as part of a 47-count indictment with participating in an organization known as the Trickbot Group, which authorities say operated in Russia and several other countries.
The Interpol has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers. Between September 2020 and March 2021, law enforcement focused on battling five types of online financial crimes: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.
Colonial Pipeline CEO Joseph Blount later acknowledged that his company ultimately paid the cybercriminals $4.4 million to unlock company systems, generating a great deal of controversy around the simple question, of whether companies should pay when their systems are held hostage by ransomware. Rather than debating what's ultimately a moral and ethical question that's been around since the dawn of humanity, the proper debate we should be having is about the critical role of technology at non-technology companies.
While privateer cybercriminal groups are not specifically state-sponsored, they may carry out activities of the protecting state anyway due to pressure to engage in specific actions or target specific entities, according to the post. Privateers fall in the third tier of cybercrime groups below those specifically sponsored by governments at the top, commonly known as APTs and which receive explicit direction and financial support by a nation-state.
SpecTrust, a no-code, risk-defense layer to unify people, data, and technology in the fight against cybercrime, emerged from stealth, announcing $4.3M in funding. Through the SpecTrust platform, customers can unify data and risk signals into comprehensive defense that deploys instantly.
The FBI's Internet Crime Complaint Center has seen a massive 100% in cybercrime complaints over the past 14 months. When the IC3 first began logging complaints in 2000, it took seven years to reach 1 million complaints.
The Federal Bureau of Investigation says its Internet Crime Complaint Center received more than one million cybercrime complaints over the past 14 months. Established in 2000 as the Internet Fraud Complaint Center and renamed in 2002, IC3 has received a total of 6 million complaints to date.