Vigilance. Top Cyber Insight. Why It Matters.

2024 Edition Vol 5.

Contributing Editors, Mark Mosher , Logan Pottberg and David Mauro powered by 🛡Cyber Crime Junkies Podcast🛡

Latest cyber crimes in the news with insider insight giving you the best cybersecurity practices for business, how to avoid million-dollar mistakes, and top new ways to protect your identity online today.

HOT TOPIC

Will Banning Ransom Payments Stop Ransomware Attacks?

There is open debate about whether to ban Ransomware payments.

Will a legal "ban" on ransomware payments even help? Will that even work? Will it cause more harm than help?

We invite you to comment below.

A bipartisan group of US senators proposed a bill to prohibit ransomware payments, aiming to deter cybercriminals from extorting victims. The proposed legislation seeks to hold organizations accountable for reporting ransomware payments to the government, with penalties for non-compliance.

The bill also aims to enhance transparency surrounding ransomware incidents, urging victims to report such attacks to the government.

By banning ransom payments, the legislators hope to disrupt the economic incentives driving ransomware attacks and compel organizations to bolster their cybersecurity measures.

• Proposed bipartisan bill seeks to ban ransomware payments to curb cyber extortion.
• Organizations would be mandated to report ransomware payments to the government.
• Aim to enhance transparency and deter cybercriminals by disrupting their economic incentives.

But many questions arise. More questions than answers.

Can The US Legislate our way out of cybercrime?

Well it doesn’t work for Gun Violence. Cities that have some of the strictest Gun Laws also continue with the highest number of gun violence. What effects will this have on SMBs who need their data to survive and do not have the luxury of waiting or restoring adequately? SMBs employ a vast majority of US workforce. Is this detrimental to the economy?

The ban on ransomware payments could have several impacts on organizations' cybersecurity strategies:

1. Heightened Emphasis on Prevention: Organizations may place a stronger emphasis on preventing ransomware attacks in the first place, investing in robust cybersecurity measures such as advanced threat detection, employee training, and secure backup systems to reduce the likelihood of successful attacks.

2. Investment in Incident Response: With the inability to pay ransoms, organizations may invest more in incident response capabilities, including rapid detection, containment, and recovery plans to minimize the impact of any successful ransomware incidents.

3. Enhanced Reporting and Transparency: The ban may lead to improved reporting and transparency around cyber incidents, as organizations would be mandated to report ransomware payments to the government. This could lead to better data sharing and collaboration in addressing ransomware threats.

4. Stronger Focus on Cyber Insurance and Legal Compliance: Organizations may review and strengthen their cyber insurance coverage and legal compliance to ensure they are prepared for potential ransomware incidents and the associated regulatory and legal implications.

5. Collaboration and Information Sharing: The ban could encourage increased collaboration and information sharing among organizations, industry sectors, and government agencies to collectively defend against ransomware threats.

6. Integration of Law Enforcement in Cybersecurity Planning: Organizations may integrate law enforcement agencies into their cybersecurity planning to ensure compliance with reporting requirements and to leverage their expertise in dealing with ransomware incidents.

What's the alternative? This is currently being debated. We want to know your thoughts.

Drop a comment and let us know.        

Read more about this initiative here.

"Mother of All Data Breaches" Leaks 26 Billion Passwords & Credentials from Every Major Program

Security researchers are alerting the planet that an open database was found on the Dark Web (we have checked and it is in fact there) containing over 26 billion leaked data records.The supermassive data leak, or mother of all breaches as the researchers refer to it, is likely the biggest found to date.

Credentials from services like Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram were found as well as many from U.S. government organizations.

What this means

Because in the near future this data will be used for:

1. Password Spraying and
2. Credential Stuffing

You need to change your Passwords and more importantly, you need to stop re-using passwords on more than 1 site/app.

Leaked credentials are "stuffed" at scale into programs gaining unauthorized access. This was recently found int he 23 and Me data breach, where the company is blaming you, their users for re-using passwords, combatting class action suits against them.

This also jeopardizes your own privacy.

You can find more on this story here.

The 2024 Olympics Are Here. As is Cyber Crime.

In Paris, France, from July 26-August11, 2024, the summer Olympics will be held. The Paris Olympic Games face a significant security threat from cybercrime, according to a senior figure at Interpol, the international police organization.

With the event approaching, Interpol, based in Lyon, is collaborating closely with French authorities to pinpoint potential cyber, terror, and other criminal risks.

This is not surprising given history of prior attacks at large global events.

Cybercrime gangs have targeted major international events in various ways, often aiming to disrupt operations, steal sensitive data, or cause reputational damage.         

Here are some examples of past cyber incidents:

1. Olympic Games: During the 2018 Winter Olympics in Pyeongchang, South Korea, a cybercrime gang known as "Lazarus Group" launched a large-scale cyberattack, disrupting the event's IT systems and causing significant operational disruptions.
2. FIFA World Cup: Leading up to the 2014 FIFA World Cup in Brazil, cybercriminals targeted the event's ticketing system, attempting to steal personal and financial information from fans purchasing tickets, highlighting the vulnerability of large-scale ticketing platforms to cyber threats.
3. G7 and G20 Summits: Cybercrime groups have historically targeted major international summits, such as the G7 and G20 meetings, to conduct espionage, gather sensitive information, or disrupt communications, underscoring the significance of cybersecurity for diplomatic and political events.

This underlines the urgency of addressing cybersecurity concerns to safeguard major international events, emphasizing the need for comprehensive security measures and vigilance against cyber threats.

To read more about this find more here.

Hackers Stole Millions in Grant Money from the HHS

Hackers reportedly gained unauthorized entry into the HHS and stole $7.5 million in grant money from the U.S. Department of Health and Human Services (HHS).

The breach occurred between late March and mid-November, targeting an HHS system that processes civilian grant payments. The incident has left grantees in limbo and investigators are working to identify the perpetrators.

This breach highlights the vulnerability of the health sector to cyber threats, including phishing. The response from Biden administration officials indicates frustration over the delay in escalating the incidents, and HHS has informed other government stakeholders, including the FBI and the Department of Homeland Security.

Find more details here

Potential New National Precedent Averted in Cyber Insurance MERCK Settlement

In a landmark settlement, Pharmaceutical giant Merck & Co. Inc. reached a last-minute settlement with insurers, avoiding a New Jersey Supreme Court review of its cyber insurance dispute stemming from a 2017 Russia-linked "NotPetya" attack.

The attack led to nearly 40,000 computers being hacked, resulting in alleged losses of $1.4 billion. The insurers had appealed a ruling that found them liable for roughly $700 million in claims under "all risks" property insurance policies, arguing that a "Hostile/Warlike Action" policy exclusion should apply.

The settlement terms remain confidential, bringing an end to a case that could have set a national precedent for insured businesses. Cyber insurance disputes arising from sophisticated cyberattacks can have far-reaching implications, underscoring the critical need for clear and comprehensive cyber insurance policies to navigate the evolving landscape of cyber threats. Read more here.

Cybercriminals Cause Ransomware Chaos for 60 Credit Unions

A cybercriminal gang launched a ransomware attack on an IT provider used by around 60 credit unions, causing widespread outages and disruptions.

The attack, attributed to a cybercriminal gang, affected a cloud computing firm provider used by the credit unions, leading to uncertainty about the full extent of the outage and its impact. In response, affected credit unions, such as the New York-based Mountain Valley Federal Credit Union, worked tirelessly to restore their systems which took weeks to get back online.

The long-term affects remain unknown. This incident serves as a stark reminder of the growing threat posed by cybercriminals and the need for robust cybersecurity measures to safeguard against such attacks.

Find detail here.

Mobile Banking Trojans Swarm Affecting Mobile Apps

Report Shows Banks Must Ramp Up Against Multiplying Fraud Actors

The proliferation of mobile banking has led to a surge in fraudulent activities, with one in 20 fraud attacks linked to rogue mobile applications. According to Zimperium's 2023 Mobile Banking Heists Report, 29 malware families targeted 1,800 mobile banking apps, with financially motivated threat actors focusing on U.S. institutions, including Wells Fargo, Bank of America, and Capital One.

The Godfather malware, with over 1,000 known variants, targets 237 banking apps in 57 countries, highlighting the global reach of these threats.

Key Insights found in the report:

• Over 29 malware families, 61% of the variants targeted banks, while 39% targeted fintechs or trading apps.

• Banks like Wells Fargo, Bank of America, and Capital One are among the most targeted by financially motivated threat actors.

• The prolific Godfather malware has over 1,000 known variants and targets 237 banking apps across 57 countries.

Zimperium's report emphasizes the critical need for banks to adopt new best practices and defenses to protect consumers and their brand reputation against these evolving cyber threats.

It underscores the importance of prioritizing advanced code protection techniques, enabling runtime visibility across threat vectors, and deploying on-device protection to safeguard against these increasingly sophisticated threats.

Catch more details here.

After Kansas Legal System Shutters, New Collaboration Forms.

The Kansas Supreme Court Chief Justice Marla Luckert addressed the Kansas Legislature, revealing a Russian-based cybercriminal group's successful infiltration of the judicial branch's computer system.

The attack, which occurred in October, led to a temporary switch to paper-based case handling. While the backup system limited damage, the electronic case filing portions remain inactive. Despite significant efforts to fortify the system, the state has not fully quantified the cost incurred. The cybercriminals' demands were not met, and a forensic audit is underway to identify affected individuals.

Chief Justice Luckert emphasized the necessity for collaborative efforts across all branches of government to fortify electronic infrastructure against cyberattacks.

Lessons Learned

The breach underscores the critical need for robust cybersecurity measures and intergovernmental collaboration to protect against cyber threats, safeguard democratic institutions, and mitigate the impact of future attacks.

Find more details here.

Kansas State Hit With Attack

A negotiator says a 'bad day' is likely coming for Kansas State after cybersecurity breach hit the media last week.

Kansas State’s online breach isn’t only affecting students and faculty, but groups that work closely with the university.

What they do to punish you for not paying is they release or sell that data to other bad guys,” a key investigator states. “For example, all the HIPAA and regulatory stuff will come into play because they’re going to dump all that student information in a public forum to punish you for not paying.”

Find more about this ongoing situation here.

Russian State Hackers Breach Microsoft Top Executives

Russian state hackers targeted and reportedly gain unauthorized access to Microsoft's corporate email system.

What to know:

• The Russian state hackers gained access to the inboxes of senior Microsoft executives for at least six (6) weeks .
• The attack, which Microsoft detected on January 12, involved the exfiltration of email and documents from the compromised accounts. The hackers were identified as the Russian state hacking group known as Midnight Blizzard, formerly Nobelium, APT29, and CozyBear.
• The breach was allegedly caused by password spraying. They reportedly attacked a legacy non-production test tenant account, which allowed the hackers to gain access to other corporate accounts.
• Microsoft clarified that there is no evidence that the hackers had any access to customer environments, production systems, source code, or AI systems.
• The company indicated that it is too early to determine whether the incident will materially affect its financial condition or operations, and it pledged to apply current security standards to legacy systems, even if it causes disruption to existing business processes.

Find more on this story here.

Top Wins for Law Enforcement Fighting Cyber Crime.

There are so many successes that is not often reported on, as the negative always spreads faster. This past year international law enforcement efforts, US. Federal Law enforcement alongside their allied country counterparts, has successfully taken down notorious ransomware gang infrastructure as well as key Dark Web marketplaces.

In many of these marketplaces (think Silk Road) everything is like Amazon shopping only for illicit things like drugs, guns and, for relevance here, stolen credentials, malware and more. It's where IABs (Initial Access Brokers) sell access to US and western country organizations.

There are too many law enforcement successes to list here, but some of the non-exhaustive highlights:

This year saw joint efforts take down a Ransomware-as-a-Service Gang focusing on US Healthcare, when the Hive ransomware's Tor payment and data leak sites were seized by the FBI in January 2023.

DDoS Attackers Targeted.

In a massive joint effort, law enforcement around the globe continue to go after hackers who launch DDoS attacks. Global police units issued a warning for individuals DDoS platforms (Denial of Service to disrupt the online activity) of various organizations. Their message is simple: we are dedicated to tracking you down.

As part of Operation PowerOFF, The U.K.'s National Crime Agency (NCA) created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations.

Undercover

They went undercover, by setting up fake sites, luring the criminals in, only to later capture all the data on those criminals.

Black Cat vs. FBI

The FBI, in collaboration with international partners, recently claimed a major victory against the notorious ALPHV/BlackCat ransomware gang. The DOJ revealed the FBI's success in seizing the gang's websites and creating a decryption tool, aiding over 500 victims in recovering their data.

But here's the twist. ALPHV/BlackCat countered, reasserting control of their site. They issued new threats, lifting restrictions on targeting critical infrastructure, including hospitals and nuclear plants.

Here are some Dark Web Screen Shots during the battle and a detailed review of the shocking events with Dark Web updates shared.        

VIDEO of Dark Web Findings and Timeline.

Stay Vigilant,

David Mauro , Strategic Director-Central U.S Region

Konica Minolta Business Solutions U.S.A., Inc.

Konica Minolta Cybersecurity Services

Intelligent Cybersecurity Services: 24/7 SOC~MSIEM/MDR~MEDR~VMaaS~IR Planning~Ethical Hacking/Pen Testing ~ Managed & Live Security Awareness Trainings

Past Editions.

• Vigilance. Volume 4 (January 2024)
• Vigilance. Volume 3 (Dec. 2023)
• Vigilance. Volume 2 (Nov. 2023)
• Vigilance. Volume 1 (Nov. 2023)
• New FTC Rule Accelerates Data Breach Reporting
• Espionage Hackers And Spies
• Take Down of The Boy Who Broke the Internet
• Hacking Healthcare. What A Breach Does To Your Life. #MoveITBreach2023
• Modus Operandi. Profiling Cyber Criminals.
• Under Cover. Exposing LOCKBIT Ransomware Gang
• What it Means to Have a Good Security Culture.
• Ransomware Real Life Stories Effect on People
• Business Benefits for Having Security Assessments Done.
• New Insight on Operational Resiliency and Crises Management
• Are you real? What will Deepfake do to Security Risk? Shocking Examples

Let's Connect.

Interviews with Global Leaders, Hackers and Law Enforcement

• Our Main Site CyberCrimeJunkies.com.
• Audio Podcast (Apple, Spotify, everywhere)
• Twitter/X @CyberCrimeJunky
• Video Episodes YouTube @Cybercrimejunkiespodcast