AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/03/2024

NCA unmasks man it suspects is both ‘Evil Corp kingpin’ and LockBit affiliate

The latest installment of the National Crime Agency’s (NCA) series of ransomware revelations from February’s LockBit Leak Week emerges today as the agency identifies a man it not only believes is a member of the long-running Evil Corp crime group but also a LockBit affiliate. The NCA claimed Aleksandr Ryzhenkov is a high-ranking Evil Corp member – and also alleged he is the LockBit affiliate who has been known as “Beverley” since at least 2022. The revelation is the first-of-its-kind about a known crossover between the two Russian gangs. The unmasking of Ryzhenkov follows the unveiling of the 194 total affiliates – the cronies that actually carry out ransomware attacks using the brand’s name – registered with LockBit at the time of the disruption in February.

 

Systems used by courts and governments across the US riddled with vulnerabilities

Public records systems that courts and governments rely on to manage voter registrations and legal filings have been riddled with vulnerabilities that made it possible for attackers to falsify registration databases and add, delete, or modify official documents. Over the past year, software developer turned security researcher Jason Parker has found and reported dozens of critical vulnerabilities in no fewer than 19 commercial platforms used by hundreds of courts, government agencies, and police departments across the country. Most of the vulnerabilities were critical.

 

Brits hate how big tech handles their data, but can’t be bothered to do much about it

Fewer than one in five Brits report being happy with the way their personal data is handled by big tech companies, yet the furthest many will go is to reject optional cookies on the web. A little more than 60 percent of the 5,000 or so respondents to the UK government’s Department for Science, Innovation, and Technology (DSIT) survey say they rejected optional cookies when asked what measures they had taken to control their data. It’s hardly a surprising finding, given that the presence of cookies on every website, seemingly every time you visit, is difficult to ignore. Perhaps the fact that around 40 percent of people never declined the optional cookies at least once is the more shocking finding.

 

How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack

Since early September, Cloudflare’s DDoS protection systems have been combating a month-long campaign of hyper-volumetric L3/4 DDoS attacks. Cloudflare’s defenses mitigated over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (Tbps). The largest attack peaked 3.8 Tbps — the largest ever disclosed publicly by any organization. Detection and mitigation was fully autonomous. The graphs below represent two separate attack events that targeted the same Cloudflare customer and were mitigated autonomously.

 

Stonefly: Extortion Attacks Continue Against U.S. Targets

Symantec’s Threat Hunter Team has found evidence that the North Korean Stonefly group (aka Andariel, APT45, Silent Chollima, Onyx Sleet) is continuing to mount financially motivated attacks against organizations in the U.S., despite being the subject of an indictment and a multi-million dollar reward. Symantec, part of Broadcom, found evidence of intrusions against three different organizations in the U.S. in August of this year, a month after the indictment was published. While the attackers didn’t succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated. All the victims were private companies and involved in businesses with no obvious intelligence value. 

 

Related Posts