Security News
The federal government has upped the ante in its fight against ransomware by offering a $10 million reward for information leading to the identification or location of leaders of the DarkSide ransomware group. The U.S. Department of State unveiled the reward on Thursday, adding a $5 million reward for for information that leads to the arrest and conviction of individuals participating in a DarkSide attack.
The US Department of Justice claims it's arrested a member of a gang that deployed the Trickbot ransomware. A heavily-redacted indictment names Vladimir Dunaev as a developer of the malware, and alleges he was "a Malware Developer for the Trickbot Group, overseeing the creation of internet browser injection, machine identification, and data harvesting codes used by the Trickbot malware".
The US Federal Communications Commission has terminated China Telecom's authority to provide communications services in the USA. In its announcement of the termination, the government agency explained the decision is necessary because the national security environment has changed in the years since 2002. That was when China Telecom was first allowed to operate in the USA. The FCC now believes - partly based on classified advice from national security agencies - that China Telecom can "Access, store, disrupt, and/or misroute U.S. communications, which in turn allow them to engage in espionage and other harmful activities against the United States".
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem. Coinciding with the development, blockchain analytics firm Elliptic disclosed that $7 million in bitcoin held by the DarkSide ransomware group were moved through a series of new wallets, with a small fraction of the amount being transferred with each transfer to make the laundered money more difficult to track and convert the funds into fiat currency through exchanges.
The advisory urges businesses to bolster defenses tied to user credentials and implement strong passwords and multi-factor authentication to better thwart an anticipated uptick in BlackMatter criminal activity. "Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol and Server Message Block protocol to access the Active Directory to discover all hosts on the network," according to the advisory.
Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline or the 87,000 Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. As the advisory from the NSA and CISA explained, exploiting CVEs associated with VPNs can enable a malicious actor "To steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."
Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline or the 87,000 Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. As the advisory from the NSA and CISA explained, exploiting CVEs associated with VPNs can enable a malicious actor "To steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."
As part of its continued hardline against ransomware attacks, the U.S. Department of Treasury has prohibited anyone in the United States from conducting business with SUEX OTC, a Russian-linked currency exchange. The feds analyzed SUEX's transactions and found that the exchange facilitated transactions of illicit proceeds from at least eight ransomware variants, according to the release.
The US Treasury on Tuesday sanctioned virtual cryptocurrency exchange Suex OTC for handling financial transactions for ransomware operators, an intervention that's part of a broad US government effort to disrupt online extortion and related cyber-crime. According to the US Treasury, more than 40 per cent of the firm's known transaction history involves illicit entities, and that it handled payments from at least eight ransomware variants.
Though lots of people might be taking some time off over the Labor Day weekend, threat actors likely won't - which means organizations should remain particularly vigilante about the potential for ransomware attacks, the federal government has warned. The now-infamous Colonial Pipeline attack by now-defunct ransomware group DarkSide that crippled the oil pipeline on the East Coast for some weeks after occurred in the lead-up to Mother's Day weekend, agencies observed.