Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. Continue reading Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Emotet, NetWalker and TrickBot have taken big blows, but will it be enough?

A trio of operations meant to disrupt ransomware outfits in recent months — two of which came to light this week — could have lasting impacts even if they stop short of ending the threat, security experts say. Researchers are still sizing up the effects of recent busts of the Emotet and NetWalker gangs, but those operations have the potential to be more potent than last fall’s maneuvers against the TrickBot ransomware. In research out Friday, Menlo Security — echoing similar conclusions from other cyber firms — said it saw signs of TrickBot recovering, but the rebound has amounted to just a “trickle.” U.S. Cyber Command and Microsoft had led separate efforts to disrupt the hacking infrastructure of TrickBot, a massive army of zombified computers. The fear was that the botnet could be used to carry out ransomware attacks afflicting the November elections. This week’s two operations might be more promising […]

The post Emotet, NetWalker and TrickBot have taken big blows, but will it be enough? appeared first on CyberScoop.

Continue reading Emotet, NetWalker and TrickBot have taken big blows, but will it be enough?

Joker’s Stash Carding Market to Call it Quits

Joker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers. Continue reading Joker’s Stash Carding Market to Call it Quits

The anatomy of a modern day ransomware conglomerate

If school administrators, medical organizations and other crucial industries haven’t already had enough bad news over the past year, a new hacking group that relies on emerging techniques to rip off its victims should fulfill that need.  What makes the pain even worse is that the group is using an innovative structure that’s becoming more common in the cybercrime underworld. This ransomware gang, dubbed Egregor, in recent months appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies and financial institutions, according to the U.K.-based security firm Sophos. Egregor works much like other strains of ransomware — holding data hostage until a victim pays a fee — though in some ways the group behind it also exemplifies the current state of the hacking economy.  Rather than relying on lone hackers who mastermind massive data breaches, or dark web forums frequented only by Russian scammers, today’s cybercriminals […]

The post The anatomy of a modern day ransomware conglomerate appeared first on CyberScoop.

Continue reading The anatomy of a modern day ransomware conglomerate

It’s hard to keep a big botnet down: TrickBot sputters back toward full health

Mounting evidence suggests that TrickBot, the vast botnet that both U.S. Cyber Command and a Microsoft-led coalition sought to disable around the 2020 elections, is on the mend and evolving. The separate campaigns featured Microsoft going to court to disable IP addresses associated with TrickBot command and control servers, as Cyber Command’s operation also targeted command and control servers.  Hints of its rebound began in late October, shortly after signs of success in the bids to dismantle the TrickBot network of zombie computers. While Cyber Command and Microsoft always billed their assaults as a disruption rather than a full takedown, the TrickBot comeback is proof that it’s difficult to kill a botnet outright. Botnets are dangerous because they can be used to conduct a range of harmful activities, like distributed denial of service attacks that overwhelm a site with traffic or ransomware attacks, the latter of which were a major issue of concern for U.S. national security […]

The post It’s hard to keep a big botnet down: TrickBot sputters back toward full health appeared first on CyberScoop.

Continue reading It’s hard to keep a big botnet down: TrickBot sputters back toward full health

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.

The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of clients globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually. Continue reading Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. Continue reading Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Attacks Aimed at Disrupting the Trickbot Botnet

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations. Continue reading Attacks Aimed at Disrupting the Trickbot Botnet

Intel 471 and MISP help users maximize data value without unmanageable complexity

Intel 471 has announced the release of a MISP integration with premium cybercrime feeds. MISP is an open source threat intelligence platform for gathering, sharing, storing and correlating indicators of compromise (IoCs) of targeted attacks, threat int… Continue reading Intel 471 and MISP help users maximize data value without unmanageable complexity

Ukraine Nabs Suspect in 773M Password ‘Megabreach’

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches. Earlier today, authorities in Ukraine said they’d apprehended a suspect in the case. Continue reading Ukraine Nabs Suspect in 773M Password ‘Megabreach’