Tag Archive for: eCrime

“Augmented usage of ransomware as a service platform, a SaaS model for eCrime”

/in


CrowdStrike Inc., a global cybersecurity leader, recently released the 2022 CrowdStrike Global Threat Report. According to the annual Global Threat Report, the threat landscape saw a number of significant shifts and trends.

From a significant increase in interactive intrusions to the proliferation of access brokers on the dark web, and the re-weaponization of vulnerabilities, the report paints a picture of a threat landscape that is becoming increasingly sophisticated and difficult to defend against and an area of grave worry.

Adam Meyers, Head of Intelligence at CrowdStrike delved into an insightful interaction with Minu Sirsalewala Executive Editor – Special Projects, Dataquest about the trends and what they mean for organizations going forward.  Meyers has over 20 years of experience in the cybersecurity industry and is an expert in cyber threat intelligence and investigations.

Meyers speaks about the most significant findings in the report and offers some practical advice on improving response times, to more strategic considerations for developing a comprehensive cybersecurity strategy, he offers valuable insights for organizations looking to stay ahead of the curve and secure their digital assets.

How have the last 12 months been like, and what do you envision the next 12 months?

To start with, I think the biggest story or the biggest concern that people should have is the trend towards data exploitation. We have seen threat actors from the eCrime world, nation, and state threat actors and hacktivists, all weaponizing data against their victims, and that’s the most concerning area and we have pointed out in the report that 28% of ransomware actors are no longer even bothering to do ransomware. They are moving surely to data extortion, and this is significant, because they are able to expand their target set, and they are able to get more money from the victim. As with data extortion, they can actually make more money, because the fundamental model of ransomware is to cause downtime, and that downtime can be measured in financial dollars and cents. But it is not about downtime, it’s about the legal, regulatory and compliance impact of the data…

Source…

Go malware is now common, having been adopted by both APTs and e-crime groups

/in


go-lang.png

The number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years, since 2017, cybersecurity firm Intezer said in a report published this week.

The company’s findings highlight and confirm a general trend in the malware ecosystem, where malware authors have slowly moved away from C and C++ to Go, a programming language developed and launched by Google in 2007.

Intezer: Go malware, now a daily occurrence

While the first Go-based malware was detected in 2012, it took, however, a few years for Golang to catch on with the malware scene.

“Before 2019, spotting malware written in Go was more a rare occurrence and during 2019 it became a daily occurrence,” Intezer said in its report.

But today, Golang (as it’s often also referred to instead of Go) has broken through and has been widely adopted.

It is used by nation-state hacking groups (also known as APTs), cybercrime operators, and even security teams alike, who often used it to create penetration-testing toolkits.

There are three main reasons why Golang has seen this sudden sharp rise in popularity. The first is that Go supports an easy process for cross-platform compilation. This allows malware developers to write code once and compile binaries from the same codebase for multiple platforms, allowing them to target Windows, Mac, and Linux from the same codebase, a versatility that they don’t usually have with many other programming languages.

The second reason is that Go-based binaries are still hard to analyze and reverse engineer by security researchers, which has kept detection rates for Go-based malware very low.

The third reason is related to Go’s support for working with network packets and requests. Intezer explains:

“Go has a very well-written networking stack that is easy to to work with. Go has become one of the programming languages for the cloud with many cloud-native applications written in it. For example, Docker, Kubernetes, InfluxDB, Traefik, Terraform, CockroachDB, Prometheus and Consul are all written in Go. This makes sense given that one of the reasons behind the creation of Go…

Source…

FIN11 e-crime group shifted to clop ransomware and big game hunting

/in


The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise.

“Several of their recent ransom notes explicitly name data stolen from workstations that belong to top executives (including founders/CEOs) of the respective enterprises,” Senior Cybersecurity Analyst Thomas Barabosch wrote in a blog post detailing new research from Deutsche Telekom. “This is likely based on the hope that using data stolen from top executives in the extortion process raises their chances that the victim pays.”

The research sheds new light on how cybercriminals from the threat group, described as a relentless, big game ransomware hunter that rarely goes more than a day or two between attacks, used the popular clop ransomware in their exploitations.

Throughout 2020, FIN11 actors followed an observable pattern through three separate campaigns: first spamming potential victims with phishing emails during the work week and then sifting through those who clicked on the malicious link to identify the most lucrative corporate targets for follow up action. FireEye picked up on one of those campaigns in October, and the company’s research suggests “that the actors cast a wide net during their phishing operations, then choose which victims to further exploit based on characteristics such as sector, geolocation or perceived security posture.”

In the FIN11 clop attacks, a target is hit with a unique variation of the ransomware. Researchers found more than a dozen different clop samples used by the group. In some cases there are multiple samples for a single victim. They also craft a personalized ransom note that includes the victim’s name, specifics around exfiltrated data, file share paths, user names and other details. They also use ransomware with unique, 1024-bit RSA public keys for each victim, with Barabosch noting in a blog that “as of January 2021, the largest publicly known RSA key that was factored…had 829 bits.”

There’s…

Source…

The Big E-Crime Pivot – Dark Reading

/in

The Big E-Crime Pivot  Dark Reading

Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and …

“exploit kit” – read more