Tag Archive for: Cybercrime

The growth of APIs attracts Cybercrime: How to prepare against cyber attacks

/in


Application Programming Interfaces (APIs) have profoundly transformed the internet’s fabric. In the pre-API era, digital interactions were limited by siloed systems functioning in isolation. APIs dismantled these barriers by introducing a universal language that diverse applications could comprehend. This linguistic bridge facilitated an unprecedented level of interconnectivity between software entities.

APIs are the conduits through which software components communicate, interact, and share functionalities; this has led to an environment where applications, platforms, and services seamlessly collaborate, transcending their capabilities. The internet, once a collection of discrete entities, has morphed into an intricate web of interwoven functionalities that users traverse effortlessly.

Moreover, APIs have been instrumental in democratizing technological innovation. By allowing developers to harness existing functionalities, APIs accelerate the creation of novel solutions, propelling the evolution of applications across domains like e-commerce, mobile apps, cloud computing, and beyond.

The concept of modularity has been reshaped by APIs, giving rise to microservices architecture. This approach, underpinned by APIs, enables applications to be composed of smaller, specialized services that communicate harmoniously. Consequently, scalability, maintenance, and flexibility are greatly enhanced.

In essence, APIs have unfurled a landscape where digital interactions are fluid, innovation is rapid, and the internet’s potential is boundless. The transformation they’ve ushered in has redefined how we envision, construct, and experience the digital realm.

As API adoption increases, so too have the attacks launched upon them. Unique attackers have grown by 400% within a six-month period. And API attacks can be highly damaging; an attack on the Australian telecoms giant Optus exposed the information of more than a third of Australia’s total population. This article will explore the evolving landscape of API-based cyber threats and outline practical strategies to bolster your defenses.

API-Related Cyber Threats

  • Injection Attacks: Like traditional software applications, APIs are…

Source…

DiNapoli: Cybercrime in New York Rises 53%

/in


NY’s Ransomware and Data Breaches Third Highest in Nation Over Six Years; Over $775 Million Lost in 2022 Alone

Cyberattacks in New York state increased 53% between 2016 and 2022, jumping from 16,426 incidents in 2016 to 25,112 in 2022. The number of attacks targeting critical infrastructure in New York state nearly doubled to 83 in the first half of 2023 compared to 48 during the entirety of last year, according to a report released today by State Comptroller Thomas P. DiNapoli.

Estimated losses in New York from cyberattacks in 2022 totaled over $775 million, while losses nationwide totaled $10.3 billion.

“Cyberattacks are a serious threat to New York’s critical infrastructure, economy and our everyday lives,” said DiNapoli. “Data breaches at companies and institutions that collect large amounts of personal information expose New Yorkers to potential invasions of privacy, identity theft and fraud. Also troubling is the rise in ransomware attacks that can shut down systems we rely on for water, power, health care and other necessities. Safeguarding our state from cyberattacks requires sustained investment, coordination, and vigilance.”

Relative to other states, New York had the third highest number of ransomware attacks (135) and corporate data breaches (238) in 2022, trailing only California and Texas for ransomware attacks and California and Florida for corporate data breaches. New York also had the fourth-highest number of cybercrime victims in the nation in 2022 with losses skyrocketing 632% since 2016.

The two most attacked critical infrastructure sectors through ransomware and data breaches in New York were Healthcare and Public Health (9) and Financial Services (8). Commercial Facilities and Government Facilities (7) tied for third.

Combatting the Threat

Securing critical infrastructure from cyberattacks will require sustained investment, coordination and vigilance. In 2022, the Governor appointed a state chief cyber officer to lead cross-agency efforts to combat cyber threats and improve the state’s critical infrastructure assets’ cybersecurity. The cyber chief leads a newly created Joint Security Operations…

Source…

ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year

/in


Other servers with ShadowSyndicate’s SSH fingerprint were used as C2 servers for Sliver, an open-source penetration testing tool written in Go; for IcedID, a Trojan that has been used as malware dropped by multiple ransomware gangs in recent years; for Meterpreter, the implant from the Metasploit penetration testing framework; and for Matanbuchus, a Malware-as-a-Service (MaaS) loader that can also be used to deploy payloads.

In fact, there might even be a connection between some of these. For example, IcedID has been used to deploy Cobalt Strike implants before. It has also been used in connection with the Karakurt, RansomEXX, Black Basta, Nokoyawa, Quantum, REvil, Xingteam, and Conti ransomware families.

A successful ransomware affiliate

The researchers said they are fairly confident that ShadowSyndicate is not a hosting service because the servers were located in 13 different countries — with Panama being the favorite — and across different networks belonging to different organizations.

The researchers have found strong connections between ShadowSyndicate and attacks with Quantum (September 2022), Nokoyawa (October 2022, November 2022, and March 2023) and ALPHV (aka BlackCat) ransomware in February 2023. Weaker connections were found with Royal, Cl0p and Play ransomware.

“While checking List A servers using Group-IB data sources, we established that some servers were mapped as Ryuk, Conti, and Trickbot,” the researchers said. “However, these criminal groups no longer exist. Ryuk ceased to exist at the end of 2021, while Conti and Trickbot (which are connected) went dormant at the beginning of 2022. Researchers believe that former members of these groups could be continuing with their criminal activity using the same infrastructure, but they might now operate individually or in other criminal groups.”

There is a possibility that ShadowSyndicate is an initial access broker, a type of threat actor that compromises systems and sells the access gained to other cybercriminals, including ransomware gangs. However, the researchers believe it’s more likely that the group is actually an independent affiliate working for multiple RaaS operations.

Source…

UK sanctions members of Russian cybercrime gang

/in


  • Sanctions hit eleven from Russian cyber gang that targeted hospitals and other critical infrastructure
  • Sanctions will disrupt ransomware attacks and expose attackers behind them
  • New measures delivered in coordinated effort with the United States

Members of a Russian cyber criminal gang behind the Trickbot/Conti ransomware attacks, which included the hacking of critical infrastructure and hospitals during the COVID-19 pandemic, face new sanctions today (7 September).

Eleven cyber criminals, whose gang also threatened those who oppose the illegal Russian invasion of Ukraine, have been targeted with asset freezes and travel bans in a coordinated effort by UK and US authorities to counter the threat of ransomware both in the UK and abroad. The US Department of Justice (DOJ) is concurrently unsealing indictments against seven of the individuals designated today.

The National Crime Agency (NCA), who conducted a complex investigation into these individuals, assesses that the group was responsible for extorting at least $180m from victims globally, and at least £27m from 149 UK victims. The attackers sought to target UK hospitals, schools, local authorities and businesses.

The individuals being designated in the UK are:

  • Andrey Zhuykov was a central actor in the group and a senior administrator. Known by the online monikers “Defender”, “Dif” and “Adam”.
  • Maksim Galochkin led a group of testers, with responsibilities for development, supervision and implementation of tests. Known by the online monikers “Bentley”, “Volhvb” and “Max17”
  • Maksim Rudenskiy was a key member of the Trickbot group and was the team lead for coders. Known by the online monikers “Buza”, “Silver” and “Binman”.
  • Mikhail Tsarev was a mid-level manager who assisted with the group’s finances and overseeing of HR functions. Known by the online monikers “Mango”, “Fr*ances” and “Khano”.
  • Dmitry Putilin was associated with the purchase of Trickbot infrastructure. Known by the online monikers “Grad” and “Staff”.
  • Maksim Khaliullin was an HR manager for the group. He was associated with the purchase of Trickbot infrastructure…

Source…