Tag Archive for: international

Cyberterrorism, China top list of international concerns for Americans, Gallup says

/in


Most Americans deem cyberterrorism as the most critical threat to the United States, a new poll from Gallup says. File photo by SP-Photo/Shutterstock
Gallup’s latest survey on world affairs found that 74% of respondents believe Iran developing nuclear weapons is the second most critical threat to the United States. In regards to North Korea developing nuclear weapons, 73% said it is also a critical threat. File photo courtesy of the North Korean Official News Service/UPI
Republicans were far more likely to perceive immigration as a critical threat to the United States than Democrats according to the latest Gallup survey on world affairs. File photo by Pat Benic/UPI
Democrats responded at an 85% rate that climate change is a critical threat compared to 21% of Republicans who answered the same way in the latest Gallup survey on world affairs. File photo courtesy of NASA/UPI

March 22 (UPI) — Most Americans view cyberterrorism as the most critical threat to the United States, a new poll from Gallup says.

Gallup’s poll on world affairs measured how important respondents perceive 11 potential threats to the country. Cyberterrorism overwhelmingly outpaced the other topics, with 85% of respondents calling it a “critical threat.”

Advertising

Responses to cyberterrorism were consistent across political party lines, with 86% of both Democrats and Republicans calling it a critical threat. About 79% of Independents answered this way.

“Americans continue to cite cyberterrorism as the leading critical threat to U.S. vital security interests, as they have since 2021,” Mohamad Younis of Gallup wrote. “Before that, international terrorism and the development of nuclear weapons by Iran and North Korea ranked highest. But concern about each of these has ebbed over the past decade.”

The Department of Defense shares in the concerns about cyberterrorism. In a 2022 report, the department said that while state actors like China and Russia are commonly considered the most likely adversaries in cyber warfare, independent criminal organizations also pose a significant…

Source…

International Law Enforcement Takes Down Website Selling NetWire Malware

/in


by D. Howard Kass • Mar 13, 2023

International law enforcement has seized an internet domain that cyberattackers were using to sell malware on the dark web capable of stealing credentials from a victim’s computer.

The site, worldwiredlabs.com, was selling the Netwire remote access trojan (RAT), which targets a system’s operating system and creates a backdoor that allows it to spy on and gain control of the computer to execute malicious commands.

Croation National Arrested

In this action, authorities in Croatia on Tuesday arrested a Croatian national who allegedly was the administrator of the website. This defendant will be prosecuted by Croatian authorities. Additionally, law enforcement in Switzerland have seized the computer server hosting the NetWire RAT infrastructure, said U.S. District Attorney’s Office for the Central District of California officials.

The Federal Bureau of Investigation (FBI) in Los Angeles has been investigating the website since 2020. It was the only known distributor of NetWire. In the sting, FBI undercover investigators created an account on the website, paid for a subscription plan, and “constructed a customized instance of the NetWire RAT using the product’s builder tool,” according to the affidavit in support of the seizure warrant, the D.A.’s office said.

NetWire Probe Yields Results

The website marketed NetWire as a legitimate business tool to maintain computer infrastructure and the software was advertised on hacking forums. NetWire is well known to cybersecurity providers and federal law enforcement for its use in cybercrimes.

Commenting on the investigation, Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles field office, said:

“By removing the Netwire RAT, the FBI has impacted the criminal cyber ecosystem. The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cybercriminals.”

International operations to combat cybercrime has become a necessary tactic to slow the propagation of malicious software. Indeed, President Biden’s recently released…

Source…

European Police, FBI Bust Up International Ransomware Crime Ring

/in


by D. Howard Kass • Mar 8, 2023

A coordinated international law enforcement operation has seriously dented a Russia-linked DoppelPaymer ransomware gang responsible for numerous digital hijackings and extortions worldwide since 2019, according to a Europol briefing.

Nations Team Up to Bust Gang

German and Ukrainian police, working in concert with Europol, the Dutch police and the FBI, last month raided a house belonging to a German national believed to be a major player in the crime syndicate, interrogated suspects and seized equipment for forensic analysis.

Investigators said they identified 11 individuals linked to the DoppelPaymer group that has operated in various iterations since at least 2010. The gang is said to have ties to a Russia-based outfit formerly engaged in online banking theft that pre-dated ransomware.

Despite the “current extremely difficult security situation that Ukraine is currently facing due to the invasion by Russia,” Ukrainian police officers interrogated a Ukrainian national who is also believed to be a member of the core DoppelPaymer group.

During the searches, they seized electronic equipment, which is currently under forensic examination, to determine the suspects’ roles and links to other co-conspirators, Europol said. The Ukrainian officers searched two locations, one in Kiev and one in Kharkiv.

German police have also issued arrest warrants for three additional suspects based in Russia: Igor Turashev, Igor Garshin and Irina Zemlyanikina. Turashev, who is also wanted by the FBI for his alleged role in the sanctioned Evil Corp hacking group, is accused of “having committed acts of blackmail and computer sabotage in particularly serious cases.”

On the days the law enforcement operation was carried out, Europol said it deployed three experts to Germany to cross-check operational information against Europol’s databases and to provide further operational analysis, crypto tracing and forensic support. The data and other related cases are expected to trigger further investigative activities.

Ransoms Reach $42 million

Dirk Kunze, who heads the cybercrime department with North Rhine-Westphalia state police, told the Associated Press…

Source…

Turla Hacking Group: A Persistent International Threat

/in


As we continue our series of articles on state-sponsored cyberattack groups, we turn our focus to the Russia-affiliated Turla hacking group. In previous articles, we examined some of the biggest threats on the cyberattack scene, including APT10 and APT28 (also known as Fancy Bear). These notorious groups are a lurking presence, and Turla is no exception. Active for over a decade, the Turla hacking group is believed to be operating out of Russia and closely affiliated with the FSB, the Russian intelligence agency and successor to the KGB. It is also known by the names “Waterbug” and “Venomous Bear,” and has been linked to numerous high-profile cyberattacks on government agencies, embassies, and organizations around the world.

Destructive Path

Turla has been linked to 45 high-profile attacks, including the German Bundestag in 2014, the Ukrainian Parliament in 2014, and the French TV5 Monde in 2015. The group also targets organizations in the Middle East, particularly in the energy sector. Turla’s use of sophisticated methods and its focus on government and diplomatic targets has led experts to believe the group is working on behalf of the Russian government, although this has yet to be definitively proven.

Methods of Mayhem

Turla is known for using a variety of tactics to compromise networks, including “living off the land” tactics, watering hole attacks, spear-phishing emails, and compromised satellite connections. The group also uses publicly available tools like Metasploit and PowerShell, as well as Command and Control (C2) infrastructure like Google Drive and Dropbox. One of Turla’s primary tactics is the use of “second-stage” malware, which is activated after a victim’s initial infection and used to establish a backdoor into the network. From there, the group can steal sensitive information and move laterally within the network to gain access to other systems.

Turla is especially dangerous due to its use of advanced, next-level tactics. In recent years,…

Source…