Tag Archive for: insider’s

Intel insiders go undercover revealing fresh details into NoName hacktivist operations

/in


In a Black Hat exclusive interview with Cybernews, two Radware threat researchers turned ‘undercover hacktivists’ pose as pro-Russian sympathizers, revealing new insights into the inner workings of the cyberterrorist gang NoName057(16).

“The importance of NoName for us, if you look at the number of attacks that their doing, it’s much bigger than, for example, Anonymous Sudan or even Killnet,” said the Radware researchers, who asked to remain anonymous for security reasons.

Calling Killnet media savvy, the researchers pointed out that “Killnet makes it a lot into the news, but actually, in terms of attacks and targeting, they don’t do that much anymore.”

Anonymous Sudan and Killnet, whose self-proclaimed leader is known as Killmilk, are just two of the well-known pro-Russian hacktivist groups that have been actively targeting Ukraine and the West since the Russian invasion last spring

but more on that later.

The two unnamed insiders sat down with me to tell their tale on the last day of the Black Hat USA convention, settling in at a random table on the floor of the swag-filled Business Hall, away from the commotion.

Cybernews readers will get to see the visuals accompanying their research – For Intel and Profit: Exploring the Russian Hacktivist Community – here for the first time.

From insights into the ever-evolving Russian hacktivist landscape to documenting NoName’s steady stream of persistent attacks, these security gurus have proven firsthand that the gang’s crowdsourced “DDoSia” platform is providing a steady stream of crypto payouts to otherwise ordinary citizens whose only commonality is that they despise Ukraine and any of its Western supporters.

Furthermore, according to the duo, it’s not going to stop anytime soon.

NoName nation heat map:
Image by Radware

Who is NoName057(16)?

Before we dive right into the gang’s newly discovered operations, let’s briefly profile this steadfast group of attackers and find out what they’ve been up to since they first entered the scene back in March of 2022, and more recently.

To begin with, Radware’s research shows that NoName dominated the pro-Russian hacktivist landscape in the first half of 2023, carrying out a whopping 1174…

Source…

Survey reveals the important role of ‘malicious insiders’ in successful ransomware attacks

/in


Details
Published: Thursday, 28 July 2022 09:11

Gigamon has published the State of Ransomware 2022 and Beyond report, aimed at providing valuable insights on how the ransomware threatscape is evolving. According to the global survey of IT and security leaders across the US, EMEA, and APAC, nearly one-third of organizations have suffered a ransomware attack enabled by a malicious insider – a threat seen as commonly as the accidental insider (35 percent). Furthermore, 59 percent of organizations believe ransomware has worsened in the last three months, with phishing (58 percent), malware/computer viruses (56 percent) and cloud applications (42 percent) cited as other common threat vectors.

As the ransomware crisis worsens, threat actors like Lapsus$ group are now well-known for preying on disgruntled employees to gain access to corporate networks – 95 percent (and 99 percent of CISOs/CIOs) view the malicious insider as a significant risk. 66 percent of these respondents now have a strategy for addressing both types of insider threats. However, the report says that it’s clear that many organizations lack the visibility required to distinguish which type of insider threat is endangering their business, which makes it significantly harder to mitigate risk.

Additional key findings include:

Ransomware is seen as a board-level priority
89 percent of global boardrooms see ransomware as a priority concern, a number that rises in the UK (93 percent), Australia (94 percent) and Singapore (94 percent). When asked how this cyber threat is viewed, the leading perception across all regions was that it is a ‘reputational issue’ (33 percent).

Cyber insurance is causing concern
57 percent of those surveyed agreed that the cyber insurance market is exacerbating the ransomware crisis. In APAC, where cyber insurance is most commonly employed, this concern is felt by 66 percent of Australian respondents and 68 percent of those in Singapore.

The US is leading the way with zero trust
While EMEA may have lost some confidence in implementing zero trust, 59 percent in the US agree that this framework is attainable.

More details.

Source…

Crypto Industry Insiders Support Better Public-Private Collabs To Prevent Major Ransomware Attacks

/in


House lawmakers held a hearing examining the risks within the flourishing cryptocurrency market and its potential to fund terrorism activities or evade U.S. legal sanctions, specifically understanding how the private sector can work in tandem with the federal government to protect the U.S.’s national security.  

Witnesses working within the cryptocurrency industry testified before the House Committee on Homeland Security, discussing collaboration opportunities that can distinguish money laundering through cryptocurrency and legitimate transactions. 

Each testimony broadly reiterated cryptocurrency firms’ willingness to partner with federal law enforcement to curb abuses of digital currency transactions. John Kothanek, the vice president of global intelligence at crypto trading platform Coinbase, said that his team wants to remove illegal transactions from the crypto industry.

“We have built a collaborative partnership with law enforcement agencies in concert with our strict privacy commitments to our customers to pursue bad actors in the crypto space,” he testified. 

Chief among concerns discussed in the hearing was the recent trend of ransomware hackers demanding payments in cryptocurrencies, a strategy that usually helps anonymize the recipient of the ransom. Rep. Elissa Slotkin, D-Mich., asked the witnesses how the cryptocurrency private sector plans to increase transparency in digital currency transactions. 

Kothanek said that blockchain technology, the bedrock to most cryptocurrency transactions, is inherently designed to register users accessing certain data. 

“If you are a cyber criminal and you’re using crypto, you’re going to have a bad day,” he said. “We are going to track you down and we’re going to find your finance and we’re going to hopefully help you, the government, seize that crypto.”

Concerns over cryptocurrency being used to circumvent the law and federal sanctions on foreign countries and groups mounted when Russia invaded Ukraine in February, prompting the U.S. to impose economic sanctions on various state actors. 

Lawmakers warned that oligarchs can store their wealth in independent digital currencies to avoid the financial repercussions of…

Source…

Ransomware gangs increase efforts to enlist insiders for attacks

/in


office

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.

Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.

Percentage of firms approached by RaaS actors
Percentage of firms approached by ransomware actors
Source: Hitachi ID

In most cases, the threat actors used email and social media to contact employees, but 27% of their approach efforts were conducted via phone calls, a direct and brazen means of contact.

As for the money offered to the employees, most received an offer below $500,000, but some proposals were north of a million USD.

Amounts offered to rogue employees
Amounts offered to rogue employees
Source: Hitachi ID

In half of those cases, ransomware gangs attacked the targeted company even without any insider help.

This shows that once a firm is a candidate for a ransomware attack, the rest is just about exploring potential ways to make the infiltration easier and less likely to be detected.

An ignored area

As reflected in the findings of the Hitachi ID survey, insider threats are generally ignored, underrated, and not accounted for when developing cybersecurity plans.

When IT executives were questioned about how concerned they are about internal threats, 36% responded with more concern about external threats, with 3% not worried about threats at all.

What IT executives think about insider threats
What IT executives think about insider threats
Source: Hitachi ID

Since last summer, when the LockBit 2.0 ransomware operation openly invited rogue employees to help them gain corporate network access, the awareness around the issue has been raised, but the problem persists.

CISA released a tool that can help companies assess their stance against insider threats in September 2021, warning that the particular trend is rising.

The entities that decided to do something about the issue increased…

Source…