Security News

Some 15 server infrastructures used by crims to prepare ransomware attacks were seized by cops yesterday as part of an international sting to take down VPNLab.net. The VPN provider's service gave users "Shielded communications and internet access" that was used in "Support of serious criminals acts such as ransomware deployment and other cybercrime activities," Europol said today.

Romanian law enforcement authorities have announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, dealing a severe blow to one of the most prolific cybercrime gangs in history. The suspects are believed to have orchestrated more than 5,000 ransomware attacks and extorted close to $600,000 from victims, according to Europol.

Romanian law enforcement authorities have announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, dealing a severe blow to one of the most prolific cybercrime gangs in history. The suspects are believed to have orchestrated more than 5,000 ransomware attacks and extorted close to $600,000 from victims, according to Europol.

Security researchers have discovered Cobalt Strike denial of service vulnerabilities that allow blocking beacon command-and-control communication channels and new deployments. Cobalt Strike is also used by threat actors for post-exploitation tasks after deploying so-called beacons, which provide them with persistent remote access to compromised devices.

As India battles a surging second wave of COVID-19 cases and severe shortages of medical supplies, the nation's government has told Facebook, Instagram, and Twitter to remove social media posts it says may panic its populace with misinformation. The takedown requests were lodged on Friday, a day before India recorded more than 300,000 new COVID-19 cases for the first time ever in 24 hours.

Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation warn. In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware.

There are the obvious cybersecurity implications of disrupting what's been called the "Most dangerous malware in the world," but it's also a strong reminder of the importance of public and private collaboration in fighting cybercrime. All of these cases are perfect examples of the need for increased coordination when it comes to cybersecurity.

Apple pushed out an iOS update in something of a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted.

Sherrod DeGrippo, senior director of threat research and detection with Proofpoint, shares insights on the global law enforcement and private-sector takedown of the major cybercrime tools such as Emotet. Last fall, agencies targeted TrickBot's infrastructure to disrupt the prolific malware, and last week, they took down servers supporting the Emotet malware.

If you've followed the history of malware in recent years, you will definitely have heard of Emotet, and you'll have a very good idea of what happens next to Emotet victims if the malware breaches their defences. The macros used by Emotet documents are the opening gambit in the malware attack, and they initiate the next stage of the infection, typically launching a heavily disguised PowerShell command to download and implant the Emotet malware program itself.