Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside
MOVE OVER VIRUSES, step aside worms: Ransomware has the spotlight and isn’t about to give it up. From taking down entire fuel pipelines to hijacking hospital networks, it’s the cyberattack du jour. Not only do you have the potentially disastrous consequences of being locked out of your most important files and systems, you also have to decide if you’re willing to pay cold, hard cash to get access to them again, if you even get access after paying.
That’s where the name comes from—ransomware attacks literally hold your data for ransom. There are a few variations on the theme, but it’s usually very recognizable. Malware is used to encrypt your files (in some cases even double-encrypt them) so they require a specific key to be unlocked. The damage can quickly spread across computers and networks. In some cases you might be locked out of your system completely, along with any other systems on the same network.
The United States suffered 65,000 ransomware attacks last year – or over seven an hour. And it will likely get worse.
What was previously seen as a nuisance is fast becoming a national security problem as cybercriminals target key parts of the country’s infrastructure. A recent attack on Colonial Pipeline sparked panic buying that emptied many gas stations across the Southeast, while another attack on JBS raised fears about the domestic beef supply.
In an unprecedented sting operation, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally.
Dubbed Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI), the long-term covert probe into transnational and serious organized crime culminated in the arrests of 224 offenders on 526 charges in Australia, with 55 luxury vehicles, eight tons of cocaine, 22 tons of cannabis and cannabis resin, 250 firearms, and more than $48 million in various currencies and cryptocurrencies seized in raids around the world.
A total of more than 800 arrests have been reported across 18 countries, including New Zealand, Germany, and Sweden. Europol called it the “biggest ever law enforcement operation against encrypted communication.”
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
Critical infrastructure is becoming more dependent on networks of interconnected devices. For example, only a few decades ago, power grids were essentially operational silos. Today, most grids are closely interlinked — regionally, nationally, and internationally as well as with other industrial sectors. And in contrast to discrete cyberattacks on individual companies, a targeted disruption of critical infrastructure can result in extended supply shortages, power blackouts, public disorder, and other serious consequences.
Mobile phishing exposure doubled among financial services and insurance organizations between 2019 and 2020. Cyberattackers are deliberately targeting phones, tablets, and Chromebooks to increase their odds of finding a vulnerable entry point.
A single successful phishing or mobile ransomware attack can give attackers access to proprietary market research, client financials, investment strategies and cash or other liquid assets, according to a new Lookout research team report released May 6.
The Financial Services Threat Report disclosed that almost half of all phishing attempts tried to steal corporate login credentials. Other findings include that some 20 percent of mobile banking customers had a trojanized app on their devices when trying to sign into their personal mobile banking account.
Despite a 50 percent increase in mobile device management (MDM) adoption from 2019 to 2020, average quarterly exposure to phishing rose by 125 percent. Malware and app risk exposure increased by over 400 percent.
Seven months after the release of iOS 14 and Android 11, 21 percent of iOS devices were still on iOS 13 or earlier, and 32 percent of Android devices were still on Android 9 or earlier. That delay of users updating their mobile devices creates a window of opportunity for a threat actor to gain access to an organization’s infrastructure and steal data, according to the report.
Security researchers have discovered a way to leverage Apple’s Find My’s Offline Finding network to upload data from devices, even those that do not have a Wi-Fi or mobile network connection.
Using Bluetooth Low Energy, the data is being sent to nearby Apple devices that do connect to the Internet, and then sent to Apple’s servers, from where it can be retrieved at a later date.
The technique could be used to avoid the costs and power usage associated with mobile Internet, or to exfiltrate data from Faraday-shielded sites visited by iPhone users, researchers with Positive Security, a Berlin-based security consulting firm.
Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes.
Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.
“As the numbers reflect a golden attack technique, which combines both a data breach and a ransomware threat, it is clear that attackers are still seeking methods to improve their ransom payment statistics, and their threat efficiency,” Check Point said.
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.