Category Archives: Recorded Future

Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack

Posted on by

The cybercriminal syndicate accused of causing one of the largest U.S. pipeline operators to shut down is known for running an enterprise that vets criminal customers and avoids targeting Russian-speaking organizations, according to analysts who have tracked the group. Since emerging on underground criminal forums in August, the so-called DarkSide malicious software has allegedly been used in dozens of intrusions in the health care, energy and finance sectors. (Ransomware gangs and the software they use often have the same name, but multiple criminal entities sometimes buy access to the same malicious code.) The creators of DarkSide have boasted that their mechanism for encrypting data is the fastest of any, and analysts say the ransomware can encrypt Windows and Linux systems alike. Now, the ransomware developers have gained international attention after hackers last week allegedly deployed DarkSide to encrypt the servers of Colonial Pipeline, a Georgia-based company that transports some 45% […]

The post Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack appeared first on CyberScoop.

Continue reading Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack

FBI blames DarkSide ransomware operators for Colonial Pipeline incident

Posted on by

The FBI on Monday said that a cybercriminal enterprise behind a ransomware variant known as DarkSide was responsible for the hack that prompted one of the country’s largest pipeline operators to temporarily shut down. The FBI statement came as Colonial Pipeline, which says it transports some 45% of all fuel consumed on the East Coast, said that it was aiming to “substantially” restore its pipeline operations by the end of the week. In a private advisory to U.S. companies obtained by CyberScoop, the FBI said that it had been tracking the DarkSide ransomware variant since October. “Darkside has impacted numerous organizations across various sectors including manufacturing, legal, insurance, healthcare and energy,” the FBI advisory said. The authors of DarkSide lease their hacking tools to other criminals in a “ransomware-as-as-service” model that splits the proceeds among the perpetrators, the bureau added. The Colonial Pipeline incident, which began Friday, is one of […]

The post FBI blames DarkSide ransomware operators for Colonial Pipeline incident appeared first on CyberScoop.

Continue reading FBI blames DarkSide ransomware operators for Colonial Pipeline incident

Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says

Posted on by

Malicious use of manipulated visual and audio files — technology known as deepfakes — is swiftly migrating toward crime and influence operations, according to findings published Thursday. Threat intelligence company Recorded Future pointed to a recent surge in such activities and a burgeoning underground marketplace that could spell trouble for individuals and companies that use tools like facial identification technology as part of multi-factor authentication. The report mirrors similar conclusions from an FBI alert last month warning that nation-backed hackers would themselves begin using deepfakes more frequently for cyber operations as well as misinformation and disinformation. “We believe that threat actors have begun to advertise customized deepfake services that are directed at threat actors interested in bypassing security measures and to facilitate fraudulent activities, specifically fake voices and facial recognition,” the company’s Insikt Group wrote in a blog post. Recorded Future’s work focuses more on that development in the criminal […]

The post Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says appeared first on CyberScoop.

Continue reading Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says

Wine scams spiked during COVID-19 lockdown

Posted on by

Absolute monsters. Wine-themed domain registrations rose once COVID-19 lockdowns took hold, some of them malicious and used in phishing campaigns, Recorded Future and Area 1 Security said in a joint report out Wednesday. “As the interest in virtual happy hours and get-togethers increased so did the increase in wine-themed domain registrations,” the report states. Amid the COVID outbreak, alcohol has proven itself a target for hackers — but it hasn’t been clear before that scammers were trying to exploit people who were staying home and imbibing more. Alcohol delivery service Drizly, for instance, suffered a breach in July, while ransomware hit liquor and wine maker Brown-Forman around the same time. Recorded Future observed a mild jump in wine domain registrations in March of 2020, from the usual 3,000 to 4,000 per month up to nearly 5,500. April saw a bigger leap, to almost 7,200, and the numbers took off in […]

The post Wine scams spiked during COVID-19 lockdown appeared first on CyberScoop.

Continue reading Wine scams spiked during COVID-19 lockdown

Suspected China-linked hackers targeted India’s energy sector, research suggests

Posted on by

A hacking group with suspected ties to China has been targeting entities in the power generation and distribution sector in India, according to Recorded Future research published Sunday. The group, which Recorded Future is calling “RedEcho,” has targeted 10 power sector organizations in India since mid-2020, including four of five regional load dispatch centers that balance electricity supply and demand, according to the research. The attackers have also targeted at least two Indian seaports, Recorded Future says. RedEcho has targeted Indian energy assets using command and control infrastructure linked with a malware known as ShadowPad, which has been linked with several suspected Chinese government-connected hacking groups. The identity of the hackers behind RedEcho is unclear. Infrastructure and targeting activity that Recorded Future observed, though, overlaps with a China-linked group called APT41, analysts said. The group, which has previously used ShadowPad malware, has ties to China’s civilian intelligence agency, the Ministry […]

The post Suspected China-linked hackers targeted India’s energy sector, research suggests appeared first on CyberScoop.

Continue reading Suspected China-linked hackers targeted India’s energy sector, research suggests

Investigators suggest hackers exploited weak password security to breach Florida water facility

Posted on by

A clearer picture of poor security practices in Oldsmar, Florida prior to the dangerous hack of its water treatment plant is beginning to emerge, even as an investigation into the matter continues one week after the incident. Three federal agencies teamed up with an organization that shares threat information between states to issue an alert late Thursday explaining how the breach, in which a hacker allegedly tried to raise sodium hydroxide levels to amounts that are harmful to humans, might have unfolded. Initial clues suggest the incident, which was detected before it amounted to a threat to public drinking water, was made possible by lax data protection strategies and exploitation of a software tool. “The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system,” reads the alert from the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Environmental […]

The post Investigators suggest hackers exploited weak password security to breach Florida water facility appeared first on CyberScoop.

Continue reading Investigators suggest hackers exploited weak password security to breach Florida water facility

Microsoft Patch Tuesday, February 2021 Edition

Posted on by

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws. Continue reading Microsoft Patch Tuesday, February 2021 Edition

Meet Babuk, a ransomware attacker blamed for the Serco breach

Posted on by

It began with a laughable offer. Someone calling themselves “biba99” on a popular criminal forum claimed on Jan. 5 to provide “non-malicious” software to help organizations identify “security issues.” The author struggled to explain, in halting English, “why we are not … criminals” while assuring readers that the group would not hack hospitals or schools. A month later, the attacker behind what appeared to be a bumbling forum post is reportedly claiming responsibility for a ransomware attack on the multibillion-dollar outsourcing firm Serco. The ransomware gang, dubbed Babuk after the strain of code it uses, is a case study in how quickly crooks can learn the basics of digital extortion — and how that breeds ambition for big corporate scalps. It shows how even relatively unsophisticated criminals can bedevil major corporations. After claiming to only target companies that earn less than $4 million, the Babuk attacker went after Serco, Sky News […]

The post Meet Babuk, a ransomware attacker blamed for the Serco breach appeared first on CyberScoop.

Continue reading Meet Babuk, a ransomware attacker blamed for the Serco breach

Microsoft Patch Tuesday, January 2021 Edition

Posted on by

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users. Continue reading Microsoft Patch Tuesday, January 2021 Edition