Tag Archive for: Cybercrime

Russian-based LockBit ransomware hackers attempt a comeback | Cybercrime


The LockBit ransomware gang is attempting a comeback days after its operations were severely disrupted by a coordinated international crackdown.

The Russian-based group has set up a new site on the dark web to advertise a small number of alleged victims and leak stolen data, as well as releasing a rambling statement explaining how it had been hobbled by the UK’s National Crime Agency, the FBI, Europol and other police agencies in operation last week.

The group said law enforcement had hacked its former darkweb site using a vulnerability in the PHP programming language, which is widely used to build websites.

“All other servers with backup blogs that did not have PHP installed are unaffected and will continue to give out data stolen from the attacked companies,” said the statement, which was published in English and Russian.

The statement also referred to “my personal negligence and irresponsibility”, declared an intention to vote for Donald Trump in the US presidential election and offered a job to whoever hacked LockBit’s main site.

LockbitSupp, the group’s administrator and presumed author of the statement, does not live in the US, according to law enforcement. The agencies involved in the LockBit operation have also added that “LockbitSupp has engaged with law enforcement”.

In a statement, the NCA said LockBit remains “completely compromised”. A spokesperson said: “We recognised LockBit would likely attempt to regroup and rebuild their systems. However, we have gathered a huge amount of intelligence about them and those associated to them, and our work to target and disrupt them continues.”

The US this month charged two Russian nationals with deploying Lockbit ransomware against companies and groups around the world. Police in Poland made an arrest, and in Ukraine police arrested a father and son they said carried out attacks using Lockbit’s malicious software.

The message on the new LockBit site also threatened to attack US government sites more often. Its revamped website, launched on Saturday, showed a number of purported hacking victims.

Rafe Pilling, director of threat research at the cybersecurity firm Secureworks, said the statement and website showed…

Source…

Ransomware payments hit $1bn in 2023 as cybercrime grows — Report


Ransomware actors got over $1billion in extorted cryptocurrency payments from victims in 2023.

These actors, who targeted high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies, exploited file transfer software MOVEit for their operations, a report from Chainalysis revealed.

In a snippet of its anticipated, ‘2024 Crypto Crime Report,’ the blockchain firm disclosed that firms like BBC and British Airways were victims of attacks in the year.

Last year’s developments highlighted the evolving nature of cyber threats and their increasing impact on global institutions and security at large. The payments in 2023 have been the highest ever recorded, and according to the firm, it still does not capture the economic impact of productivity loss and repair costs associated with attacks.

The blockchain firm noted that the ransomware landscape is not only prolific but continually expanding, making it challenging to monitor every incident or trace all ransom payments made in cryptocurrencies. “It is important to recognise that our figures are conservative estimates, likely to increase as new ransomware addresses are discovered over time.

“For instance, our initial reporting for 2022 in last year’s crime report showed $457million in ransoms, but this figure has since been revised upward by 24.1 percent,” the firm said.

Ransomware is a type of malicious software that encrypts data, making it inaccessible to the owner. It is when someone else takes files hostage and demands a ransom payment in exchange for unlocking them.

Chainalysis explained that ransomware attacks are carried out by a variety of actors, from large syndicates to smaller groups and individuals, with the numbers on the rise. Allan Liska, Threat Intelligence Analyst at cybersecurity firm, Recorded Future, said. “A major thing we are seeing is the astronomical growth in the number of threat actors carrying out ransomware attacks.”

While threat actors might have had a field day in 2023, the fight against ransomware with collaboration between international law enforcement, affected organisations, cybersecurity firms, and blockchain intelligence also recorded…

Source…

The $10 billion cyber-insurance industry sees a dangerous year in cybercrime ahead. AI, ransomware, and war are its biggest concerns


It’s rare to find an insurance policy against war breaking out, but there’s a $10 billion market for cyber-insurance that guards against the threat of ransomware attacks. With the world as violent and turbulent as it is right now, though, lines between the two are blurring.

The ongoing wars in Ukraine and Gaza have insurers on such high alert that many simply aren’t offering coverage any longer, on top of which AI is creating new and unpredictable cybersecurity risks. And insurers expect a “significant” increase in hacks in 2024, to boot.

Those were the three key findings of a new report on cyber-insurance trends from consultancy Woodruff Sawyer. Insuring against cybercrime has grown from a tiny niche to a $10 billion market, with firms that offer coverage ranging from small specialty carriers to household names such as Chubb and Travelers. They offer coverage for losses incurred relating to companies’ IT and computer systems—for example, if companies are hacked and lose data or have to pay ransoms to get it back.

Woodruff Sawyer surveyed over 40 of its clients and found that the industry has a gloomy outlook this year: 56% of respondents said they believed cyber risk would “increase greatly” in 2024. They pointed to ransomware and war-associated risks as two of their biggest concerns.

“If you have an attack that is part of a war campaign, it can affect private companies across the globe that have nothing to do with war,” said Woodruff Sawyer national cyber practice leader Dan Burke in an interview with Fortune. “That is the true risk that’s elevated by conflict and war and geopolitical tension. That’s really what underwriters are mostly concerned about.”

A famous example of this type of ransomware attack was a virus called NotPetya, which circulated in 2017. Originating in Ukraine, it quickly went global and compromised the computer systems of dozens of companies, including drug giant Merck and shipping company Maersk. The White House estimated it caused $10 billion in damages.

“The NotPetya attack was a Russian-based attack against an accounting software in Ukraine. And it turns out that that specific piece of software was used by multinational…

Source…

Vast botnet hijacks smart TVs for prime-time cybercrime • The Register


Updated Security researchers have pinned a DDoS botnet that’s infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi.

At least 170,000 bots were running daily at the campaign’s height after infecting Android-based TVs and other streaming hardware via pirated apps and firmware updates.

A common infection scenario would see a user visit a dodgy streaming site while browsing on their smartphone, only to then be pushed into downloading the associated malicious app to their Android-based smart TV.

A user would then have their device backdoored and its resources made available for use in various cybercrimes, including DDoS attacks and hijacking other streams, replacing other channels’ content with an attacker’s.

Such a case happened in the United Arab Emirates back in December 2023, for example, where regular broadcasts were hijacked with imagery from inside the conflict between Israel and Palestine.

“The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability,” said researchers at Chinese security biz Qianxin.

The researchers didn’t detail the history of the botnet’s DDoS activity or blame it for any high-profile attacks, but to get a feel for what it’s capable of, its DDoS commands are inherited from the infamous Mirai.

Qianxin’s investigation revealed the malware, called pandoraspear, added 11 different Mirai-related DDoS attack vectors to its list of commands after the first few versions had comparably weaker tools in this area.

As we all know, Mirai was responsible for some of the most high-profile DDoS attacks from yesteryear, including those on Dyn, GitHub, Reddit, and Airbnb – all falling on that one October 2016 day that broke the internet (not in the viral sensation kind). It’s also a malware that just keeps cropping up and is under active development to this day.

In trying to trace the identity of those behind pandoraspear, Qianxin’s researchers eventually narrowed their search down to a single company but…

Source…