Tag Archive for: Gangs

When Ransomware Gangs Get Careless

/in


Cyber Fail
,
Fraud Management & Cybercrime
,
Ransomware

Also: Rampant App Vulnerabilities, Cloud Misconfiguration and Why CISOs Matter

Anna Delaney (annamadeline) •
February 2, 2024    



Watch ISMG host Anna Delaney and our panel of experts in this episode of “Cyber Fail.”



Welcome to “Cyber Fail,” where our experts uncover fails so we can all strengthen our defenses. Today, we examine what happens when ransomware groups get careless, application developers’ laissez-faire attitude toward vulnerabilities, and the security woes of a beleaguered crypto exchange.

See Also: OnDemand Panel | Securing Operational Excellence: Thwarting CISOs 5 Top Security Concerns

In this episode:

  • When Ransomware Gangs Get Careless. Security researcher Brian Krebs recently poked around the 8Base ransomware group’s data leak site and found an error page that yielded a wealth of information about the developer who built it. Here’s what happens when cybercriminals are negligent.

  • Hacking the Human Brain. News that the U.S. Food and Drug Administration approved a request from Elon Musk startup Neuralink for human testing of a neural link to the brain deserves a moment of introspection.

  • Passwords? Who Needs Passwords? Investigators finally got to the bottom of how bad actors hacked into the DC Health Link insurance system and compromised the personal information of 56,000 Washington, D.C., residents – including members of Congress. Was it a convincing phishing email? Highly sophisticated malware? Of course not!

  • App Security: What, Me…

Source…

K-12 schools improve protection against online attacks, but many are vulnerable to ransomware gangs

/in


Some K-12 public schools are racing to improve protection against the threat of online attacks

By

ALANNA DURKIN RICHER Associated Press

November 19, 2023, 9:06 AM ET

4 min read

WASHINGTON — Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations.

Since a White House conference in August on ransomware threats, dozens of school districts have signed up for free cybersecurity services, and federal officials have hosted exercises with schools to help them learn how to better secure their networks, said Anne Neuberger, the Biden’s administration’s deputy national security advisor for cyber and emerging technology.

Neuberger said more districts need to take advantage of programs available that would better guard against online attackers who are increasingly targeting schools. Their aim is to lock up computer systems, and in some cases, steal and publish sensitive personal information if a ransom is not paid.

“Compromises happens again and again, often in the same way, and there are defenses to protect against it. And here the government has really brought companies together, brought agencies together to deploy some of those,” Neuberger said in an interview. “Don’t give up. Reach out and sign up. And your kids will be a lot safer online.”

The administration announced steps over the summer to help cash-strapped schools, which have been slow to build up cybersecurity defenses. Ransomware attackers, many of whom are based in Russia, have not only forced schools to temporarily close but have exposed a wealth of students’ private information.

Last month, parents sued the Clark County School District in Nevada, alleging a ransomware attack led to the release of highly sensitive information about teachers, students and their families in the country’s fifth largest school district. In another high-profile case this year, hackers broke into the Minneapolis Public Schools system and dumped sexual assault case records and other sensitive files online after the district refused to pay a $1 million ransom.

More than 9,000…

Source…

Russian gang’s hack in Maine affected personal data of 1.3 million people

/in


More than 1 million people who had contact with Maine state agencies have been caught up in a Russian gang’s international cybersecurity breach, potentially exposing their Social Security numbers, dates of birth and other confidential information, state officials said Thursday.

The Department of Administrative and Financial Services is notifying people who may have been affected by what it called a “global cybersecurity incident” that occurred May 28 and May 29 concerning the file transfer tool, MOVEit. The state is among several thousand organizations affected by software vulnerability that allowed cybercriminals to access and download data, the state said in an announcement about the breach. It affected industries such as insurance, finance, education, health and government.

The breach, which affected 1.3 million people, exposed data on more than half of  the state Department of Health and Human Services workers and between 10% and 30% of the employees at the Department of Education. Maine’s population is 1.37 million people.

Other affected agencies are the Office of the Controller, Workers’ Compensation, Bureau of Motor Vehicles, Department of Corrections, Department of Economic and Community Development, Bureau of Human Resources, Department of Professional and Financial Regulation, and the Bureau of Unemployment Compensation.

Once the breach was discovered, the state sought to identify people whose information might have been compromised. The assessment of those affected took months and was recently completed. The state is now notifying individuals using a press release issued nationwide, the U.S. Postal Service and email.

The exploited program, MOVEit, a file-transfer platform made by Progress Software Corp., is widely used by businesses to share files, The Associated Press reported in June. The breach was blamed on a Russian cyber-extortion gang’s hack of a file-transfer program popular with corporations and governments.

The incident in May was specific and limited to Maine’s MOVEit server and did not impact any other state networks or systems, according to information posted on the state’s website.

Maine agencies hold information about…

Source…

Feel-good story of the week: 2 ransomware gangs meet their demise

/in


A ransom note is plastered across a laptop monitor.

From the warm-and-fuzzy files comes this feel-good Friday post, chronicling this week’s takedown of two hated ransomware groups. One vanished on Tuesday, allegedly after being hacked by a group claiming allegiance to Ukraine. The other was taken out a day later thanks to an international police dragnet.

The first group, calling itself Trigona, saw the content on its dark web victim naming-and-shaming site pulled down and replaced with a banner proclaiming: “Trigona is gone! The servers of Trigona ransomware gang has been infiltrated and wiped out.” An outfit calling itself Ukrainian Cyber Alliance took credit and included the tagline: “disrupting Russian criminal enterprises (both public and private) since 2014.”

Poor operational security

A social media post from a user claiming to be a Ukrainian Cyber Alliance press secretary said his group targeted ransomware groups partly because they consider themselves out of reach of Western law enforcement.

“We just found one gang like that and did to them as they do to the rest,” the press secretary wrote. “Downloaded their servers (ten of them), deleted everything and defaced for the last time. TOR didn’t help them or even knowing they had a hole in it. Their entire infrastructure is completely blown away. Such a hunt forward.’”

A separate social media post dumped what the press secretary said was an administrative panel key and said the group wiped out Trigona’s “landing, blog, leaks site, internal server (rocketchat, atlassian), wallets and dev servers.” The person also claimed that the Ukrainian Cyber Alliance hacked a Confluence server Trigona used.

Screenshot showing purported hacker's control of Trigona Confluence server.
Enlarge / Screenshot showing purported hacker’s control of Trigona Confluence server.

By Friday, the Trigona site was unavailable, as evidenced by the message “Onionsite not found.”

Trigona first surfaced in 2022 with close ties to ransomware groups known as CryLock and BlackCat and looser ties to ALPHV. It primarily hacked companies in the US and India, followed by Israel, Turkey, Brazil, and Italy. It was known for compromising MYSQL servers,…

Source…