AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/18/2021

Cybercriminals Increasingly Employ Crypto-Mixers to Launder Stolen Profits

Cryptocurrency mixing — a technique that uses pools of cryptocurrency to complicate the tracking of electronic transactions — has become a common service used by cybercriminals and is expected to become even more popular as governments regulate cryptocurrency exchanges in the future, researchers say. Threat intelligence firm Intel 471 warned in a new report that crypto-mixers have professional-looking sites, offer services in English and often Russian, and handle individual transactions up to hundreds of thousands, or even hundreds of millions, of dollars. One service processed more than 54 bitcoins, or about $3.4 million, in less than two months. In addition, crypto-mixing providers have started partnering with ransomware-as-a-service (RaaS) gangs to split fees for any group that offers mixing as part of their ransomware service, suggesting the service will only become more popular.

 

Evil Corp: ‘My hunt for the world’s most wanted hackers’

Many of the people on the FBI’s cyber most wanted list are Russian. While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they’d be arrested – but at home they appear to be given free rein. “We’re wasting our time,” I thought, as I watched a cat licking the carcass of a discarded takeaway chicken. Surely there would no longer be any trace of an alleged multi-millionaire cyber-criminal on this dilapidated estate in a run-down town 700km (400 miles) east of Moscow. But I pressed on with an interpreter and cameraman, shooing the mangy cat away from the entrance to the block of flats. When we knocked at one of the doors, a young man answered and a curious elderly woman peered around the corner at us from the kitchen. “Igor Turashev? No, I don’t recognise the name,” he said.

 

Russian ransomware gangs start collaborating with Chinese hackers

There’s some unusual activity brewing on Russian-speaking cybercrime forums, where hackers appear to be reaching out to Chinese counterparts for collaboration. These attempts to enlist Chinese threat actors are mainly seen on the RAMP hacking forum, which is encouraging Mandarin-speaking actors to participate in conversations, share tips, and collaborate on attacks. According to a new report by Flashpoint, high-ranking users and RAMP administrators are now actively attempting to communicate with new forum members in machine-translated Chinese. The forum has reportedly had at least thirty new user registrations that appear to come from China, so this could be the beginning of something notable.

 

Iran-backed hackers accused of targeting critical U.S. sectors

Hackers linked to the Iranian government have been targeting a “broad range of victims” inside the United States, including by deploying ransomware, according to an advisory issued Wednesday by American, British and Australian officials. The advisory says that in recent months, Iran has exploited computer vulnerabilities exposed by hackers before they can be fixed and targeted entities in the transportation, health care and public health sectors. The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion, according to the advisory. The group has used the same Microsoft Exchange vulnerability in Australia, officials say. The warning is notable because even though ransomware attacks remain prevalent in the U.S., most of the significant ones in the past year have been attributed to Russia-based criminal hacker gangs rather than Iranian hackers.

 

Apple to launch self-service repairs program, allowing some customers to fix their own iPhones

Apple is letting some iPhone users fix their own phones, a sharp turnaround for a company that has long prohibited anyone but company-approved technicians from fiddling with its proprietary parts and software. The company said Wednesday that it will enable users of two of the newest iPhone models and eventually some Mac computers to get access to genuine Apple parts and tools for consumer repairs. The shift reflects a strengthening “right to repair” movement embraced by President Joe Biden and affecting everything from smartphones to cars and tractors. It’s a reaction to the infusion of software into more everyday products and the practices of manufacturers who have increasingly made those products difficult and expensive to repair.

 

Cybereason Research Finds Organizations Unprepared for Ransomware Attacks on Weekends and Holidays

In June of 2021, Cybereason published a global research report, titled Ransomware: The True Cost to Business, which revealed that the vast majority of organizations that have suffered a ransomware attack experienced significant impact to the business as a result. The consequences included loss of revenue, damage to the organization’s brand, unplanned workforce reductions, and disruption of business operations. Cybereason has just released follow-up research, titled Organizations at Risk: Ransomware Attackers Don’t Take Holidays, that focuses on the threat that ransomware attacks during the weekends and holidays poses to organizations as we move into the holiday season. The global survey includes responses from 1,200+ security professionals at organizations that have previously suffered a successful ransomware attack. There have been over 200 ransomware attacks that have made headlines in 2021 so far—and those are just the ransomware attacks that have been acknowledged publicly. Tech giants Acer and Apple were each hit with $50 million ransom demands, and the Colonial and JBS attacks impacted critical infrastructure supply chains in the United States and disrupted the economy. If a significant ransomware attack occurs over the upcoming holidays, it may have devastating consequences for organizations caught off guard. 

Related Posts