Skip to main content

Friday Five 7/2

by Colin Mullins on Friday July 2, 2021

Contact Us
Free Demo

Ransomware venture capital, VPN shutdowns, and the latest from Fancy Bear - catch up on all of the week's infosec news with the Friday Five!

1. Hackers are investing in each other's operations - just like VC's invest in startups by Steven Melendez

In an interesting look at the underground ransomware economy, new research has uncovered the creation of its own venture capital ecosystem. Modeled after the business model of venture capital, successful ransomware operators are providing the initial seed funding for new ransomware startups in exchange for a percent of their future earnings. Researchers have discovered calls for investing through secure chat apps, like Telegram, in groups that can only be accessed by verifying prior involvement in cybercrime. Large operators have an incentive to invest in new ransomware as it diversifies their stream of income if their original operation gets shut down. It’s a concerning development that is likely to make the ransomware threat even more potent.

Read more

2. Data Protection Act of 2021 Would Create US Data Protection Agency by Chris Brook

As part of the larger push for comprehensive data privacy, the Data Protection Act of 2021 was reintroduced by Senator Gillibrand of New York. The legislation would create a new federal agency to regulate personal data collection. The proposed agency would operate similarly to the Consumer Financial Protection Bureau except, it would focus on enforcing data protection rules and overseeing high-risk data practices. A new federal data protection agency would bring the U.S. in line with most other democracies worldwide, which have already created agencies to deal with this important 21st century challenge.

Read more

3. How to Make Sure Your Browser Extensions Are Safe by David Nield 

In this helpful story, David Nield looks at best practices to keep your browser extension use safe. Along with keeping your applications and extensions up to date, and running regular malware scans, he also provides helpful advice on how to spot threats early and vet new extensions. He also highlights the importance of making sure the extensions are from an official repository, like the Google Chrome Store or the Firefox Brower Add-Ons portal. He concludes by providing helpful guidance on how to check extensions across Chrome, Firefox, Microsoft Edge, and Safari. It’s worth bookmarking the story for the next time that you download a new browser extension.

Read more

4. This VPN service used by ransomware gangs was just taken down by police by Danny Palmer

In a big win in the fight against cybercrime, a major underground virtual private network was shuttered by a coordinated law enforcement operation. The service, DoubleVPN, allowed cybercriminals to hide their locations and identities, which allowed them to carry out malicious hacking campaigns anonymously. The service was widely popular with cybercriminals and affordable; the cheapest offering cost only $25, indicating how low the bar of entry into cybercrime has become. The operation is a reminder that cybercrime is a global issue, and it will continue to take international collaboration to combat it.

Read more

5. US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets by Tim Starks 

In a joint advisory from U.S. and U.K. agencies, officials attributed a massive brute force password spray attack to the Russian Military Intelligence Unit, 26165, more popularly known as Fancy Bear or APT28. The attack against hundreds of targets used a Kubernetes cluster to guess commonly used passwords in order to gain access to systems. The attacks began as early as mid-2019 and are the latest high-profile attack from Fancy Bear, a group well known for its interference in the 2016 U.S. election. The story is the latest case of cyber aggression from Russia. Fallout from the attribution is surely to come.

Read more

Tags:  Data Protection Security News

Recommended Resources

The Definitive Guide to DLP

All the essential information you need about DLP in one eBook.

The Ultimate Guide to Data Protection

Everything you need to know about data protection but were afraid to ask.