Security News

A "Massive" cyber attack on Ukraine caught the world's eye this morning as the country's foreign ministry said its website, among others, had been taken down by unidentified hackers. Ukraine itself held off on attribution, with a foreign ministry spokesman telling the Reuters newswire it was too early to say who was responsible - but adding Russia has done similar things in the past.

The Federal Security Service of the Russian Federation says that they shut down the REvil ransomware gang after U.S. authorities reported on the leader.REvil ransomware emerged in April 2019 from the void left behind by the shut down of the GandCrab operation.

Russia has stepped up its censorship efforts in the country by fully banning access to the Tor web anonymity service, coinciding with the ban of six virtual private network operators, as the government continues to control the internet and crackdown on attempts to circumvent locally imposed web restrictions. Russia accounts for 15% of all Tor users, with more than 310,000 daily users, second only to the U.S. Tor, short for The Onion Router, enables users to automatically encrypt and reroute their web requests through a network of Tor relays for anonymizing network traffic, as well as help bypass censorship and protect their identities from the internet service providers and the websites they visit.

The Tor Project's main website, torproject.org, is actively blocked by Russia's largest internet service providers, and sources from the country claim that the government is getting ready to conduct an extensive block of the project. Tor is a software project that allows users to automatically encrypt and reroute their web requests through a network of Tor nodes for anonymous browsing.

German news outlets claim to have identified a member of the infamous REvil ransomware gang - who reportedly lives the life of Riley off his ill-gotten gains. The gang member, nicknamed Nikolay K by Die Zeit newspaper and the Bayerische Rundfunk radio station, reportedly owns a €70,000 watch with a Bitcoin address engraved on its face and rents yachts for €1,300 a day whenever he goes on holiday.

Russia's Nobelium group - fingered as being a Russian state actor by both the United States and Britain - has massively ramped up phishing and password spraying attempts against managed service providers and cloud resellers, Microsoft's security arm has warned. The Windows maker said the group's targeted attacks against "Resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers" had trebled over the past three months.

The United States has kicked off meetings attended by representatives of nations that all hope to address the scourge of ransomware - without Russia or China in the room. An expression of the US National Security Council's Counter-Ransomware Initiative, the two-day meetings will occupy Wednesday and Thursday.

The Counter-Ransomware Initiative meetings come in response to ongoing attacks, including ransomware attacks on Colonial Pipeline, JBS Foods, and Kaseya in the U.S., which have revealed significant vulnerabilities across critical worldwide infrastructure. Disrupt Ransomware Infrastructure and Actors: The Administration is bringing the full weight of U.S. government capabilities to disrupt ransomware actors, facilitators, networks, and financial infrastructure;.

A new national cyber strategy will be launched by year-end, the National Cyber Security Centre's chief exec has promised - while calling out spyware vendor NSO Group as a "Red flag" for the UK infosec community. Lindy Cameron told the Chatham House international affairs think tank that NSO Group was "Something we raised a red flag about before, that the commercial market for sophisticated cyber exploitation products is an issue."

Iran, Turkey and both North and South Korea are bases for nation-state cyber attacks, Microsoft has claimed - as well as old favourite Russia. "After Russia, the largest volume of attacks we observed came from North Korea, Iran and China; South Korea, Turkey and Vietnam were also active but represent much less volume," said MS in a post announcing its findings.