Tag Archive for: criminals

Site run by cyber criminals behind Fulton County ransomware attack taken over

/in


Fulton County hacker site taken offline

A hacking group that claims to be behind Fulton County’s ransomware attack has been taken offline buy international law enforcement.

FULTON COUNTY, Ga.International officials believe they have gotten to the bottom of a cyberattack in Fulton County.

On Monday, a website belonging to a group of accused cyber criminals who claimed responsibility for the ransomware incident in Fulton County was taken down by the National Crime Agency of the UK.

The international law enforcement group working in conjunction with the FBI says they will report more information about the takeover on Feb. 20.

Lockbit website reportedly taken over by The National Crime Agency of the UK. This screenshot was taken on Feb. 19, 2024.

What Fulton County systems are impacted by the cyberattack?

Officials say the cyberattack in late January affected the county’s phone system, court system, tax system and jailhouse.

“A number of our primary technology platforms are affected by this incident,” Fulton County Board of Commissioners Chairman Robb Pitts said. Two weeks later, officials revealed that the attack may have been financially motivated.

Was my personal information compromised during Fulton County ransomware attack?

Fulton County did not say what information hackers might have, but according to a screenshot from the alleged hacking group’s website posted on social media, it might include confidential documents and personal data of citizens.

Last week, the Lockbit group threatened to release the data they stole.

The hackers gave Fulton County until Feb. 16 to pay a ransom. FOX 5 Atlanta reached out to determine whether it was paid, but has not received an answer.

“If we determine sensitive personal information was involved in this incident, we will notify those parties in accordance with legal requirements,” Pitts said.

The county says the investigation is ongoing and warns the situation is not unique to Fulton County.

“Incidents like these are on the rise across the United States and the world, particularly in local governments and we at Fulton County are no exception,” Pitts said.

In the meantime, Fulton County officials say they are working to strengthen…

Source…

As-a-Service tools empower criminals with limited tech skills

/in


As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious tools in use by attackers, according to Darktrace.

as-a-Service malware tools

Cybercriminals exploit as-a-Service tools

As-a-Service tools can provide attackers with everything from pre-made malware to templates for phishing emails, payment processing systems and even helplines to enable criminals to mount attacks with limited technical knowledge.

The most common as-a-Service tools Darktrace saw in use from July to December 2023 were:

  • Malware loaders (77% of investigated threats), which can deliver and execute other forms of malware and enable attackers to repeatedly target affected networks.
  • Cryptominers (52% of investigated threats), which use an infected device to mine for cryptocurrency.
  • Botnets (39% of investigated threats) enrol users in wider networks of infected devices, which attackers then leverage in larger-scale attacks on other targets.
  • Information-stealing malware (36% of investigated threats), malicious software like spyware or worms, designed to secretly access and collect sensitive data from a victim’s computer or network.
  • Proxy botnets (15% of investigated threats), more sophisticated botnets that use proxies to hide the true source of their activity.

Phishing threats escalate in business communications

Darktrace identified Hive ransomware as one of the major Ransomware-as-a-Service attacks at the beginning of 2023. With the dismantling of Hive by the US government in January 2023, Darktrace observed the rapid growth of a range of threats filling the void, including ScamClub, a malvertising actor notorious for spreading fake virus alerts to notable news sites, and AsyncRAT, responsible for attacking US infrastructure employees in recent months.

As businesses continue to rely on email and collaboration tools for communication, methods such as phishing continue to cause a headache for security teams. Darktrace detected 10.4 million phishing emails across its customer fleet between the 1st September and the 31st December 2023.

But the report also highlights how cybercriminals are embracing more…

Source…

Criminals Have Created Their Own ChatGPT Clones

/in


Krishnan says the creator of the system published a video appearing to show the chatbot operating and generating a scammy email. They were also trying to sell access to the system for $200 per month, or a yearly cost of $1,700. Krishnan says that in conversations with the developer behind FraudGPT, they claimed to have a few hundred subscribers and pushed for a sale, while the WormGPT creator appeared to have received payments into a cryptocurrency wallet address they shared. “All these projects are in their infancy,” Krishnan says. He adds, “we haven’t got much feedback” into whether people are purchasing or using the systems.

While those touting the chatbots claim they exist, it is hard to verify the makeup and legitimacy of the systems. Cybercriminal scammers are known to scam other scammers, with previous research showing that they frequently try to rip each other off, don’t provide what they claim they are selling, and offer bad customer service. Sergey Shykevich, a threat intelligence group manager at security firm Check Point, says there are some hints that people are using WormGTP. “It seems there is a real tool,” Shykevich says. The seller behind the tool is “relatively reliable” and has a history on cybercrime forums, he says.

There are more than 100 responses to one post about the WormGPT, Shykevich says, although some of these say the seller isn’t very responsive to their inquiries and others “weren’t very excited” about the system. Shykevich is less convinced about FraudGPT’s authenticity—the seller has also claimed to have systems called DarkBard and DarkBert. Shykevich says some of the posts from the seller were removed from the forums. Either way, the Check Point researcher says there’s no sign that any of the systems are more capable than ChatGPT, Bard, or other commercial LLMs.

Kelly says he believes claims about the malicious LLMs created so far are “slightly overexaggerated.” But he adds, “this is not necessarily different from what legitimate businesses do in the real world.”

Despite questions about the systems, it isn’t a surprise that cybercriminals want to get in on the LLM boom. The FBI has warned that…

Source…

Cyber criminals shutdown CT credit union’s online banking

/in


A computer system shutdown that Charter Oak Federal Credit Union officials said was triggered by unidentified cyber criminals has left members unable to access their accounts online at the financial institution’s website since Friday afternoon.

Brian Orenstein, the Waterford-based credit union’s president and chief executive officer, said Monday that Charter Oak officials still aren’t certain when online banking capabilities or access to the website will be restored. Orenstein said the credit union’s information technology and security teams were forced to shutdown down access to the website and online banking portal on Friday because of the actions of unidentified “bad actors” trying to access members personal information.

“We detected some unusual activity on the website on Wednesday,” he said. “The IT team and cyber security experts acted immediately to protect member data and assets. In the process of throttling up online security, Charter Oak’s domain was temporarily locked which has resulted in downtime for the main website and online banking.”

Charter Oak has approximately 80,000 members and about half of them do online banking, Orenstein said. Shortly after the website and online banking platform were shut down, he said fake websites purporting to be the legitimate Charter Oak web page began cropping up.

Advertisement

Article continues below this ad

Orenstein said members can still do their banking over the phone or at any one of the credit union’s 15 branches across New London and Windham counties.

“There has been no money or member data lost,” Orenstein said. “Because the system is down, the fraudsters can’t get to the website. We are encouraging members who may have provided any login or password information to contact us so we can create new logins and passwords for them, because once the website is restored, customers will be at risk of having their online accounts accessed by these individuals.”

In an email communication to credit union members, Orenstein emphasized Charter Oak’s commitment to securing members personal information, saying that it “is of the utmost importance to us.”

Advertisement

Article continues below this ad

“Please be sure not to enter your online…

Source…