Friday Five 7/2
Ransomware venture capital, VPN shutdowns, and the latest from Fancy Bear - catch up on all of the week's infosec news with the Friday Five!
1. Hackers are investing in each other's operations - just like VC's invest in startups by Steven Melendez
In an interesting look at the underground ransomware economy, new research has uncovered the creation of its own venture capital ecosystem. Modeled after the business model of venture capital, successful ransomware operators are providing the initial seed funding for new ransomware startups in exchange for a percent of their future earnings. Researchers have discovered calls for investing through secure chat apps, like Telegram, in groups that can only be accessed by verifying prior involvement in cybercrime. Large operators have an incentive to invest in new ransomware as it diversifies their stream of income if their original operation gets shut down. It’s a concerning development that is likely to make the ransomware threat even more potent.
2. Data Protection Act of 2021 Would Create US Data Protection Agency by Chris Brook
As part of the larger push for comprehensive data privacy, the Data Protection Act of 2021 was reintroduced by Senator Gillibrand of New York. The legislation would create a new federal agency to regulate personal data collection. The proposed agency would operate similarly to the Consumer Financial Protection Bureau except, it would focus on enforcing data protection rules and overseeing high-risk data practices. A new federal data protection agency would bring the U.S. in line with most other democracies worldwide, which have already created agencies to deal with this important 21st century challenge.
3. How to Make Sure Your Browser Extensions Are Safe by David Nield
In this helpful story, David Nield looks at best practices to keep your browser extension use safe. Along with keeping your applications and extensions up to date, and running regular malware scans, he also provides helpful advice on how to spot threats early and vet new extensions. He also highlights the importance of making sure the extensions are from an official repository, like the Google Chrome Store or the Firefox Brower Add-Ons portal. He concludes by providing helpful guidance on how to check extensions across Chrome, Firefox, Microsoft Edge, and Safari. It’s worth bookmarking the story for the next time that you download a new browser extension.
4. This VPN service used by ransomware gangs was just taken down by police by Danny Palmer
In a big win in the fight against cybercrime, a major underground virtual private network was shuttered by a coordinated law enforcement operation. The service, DoubleVPN, allowed cybercriminals to hide their locations and identities, which allowed them to carry out malicious hacking campaigns anonymously. The service was widely popular with cybercriminals and affordable; the cheapest offering cost only $25, indicating how low the bar of entry into cybercrime has become. The operation is a reminder that cybercrime is a global issue, and it will continue to take international collaboration to combat it.
5. US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets by Tim Starks
In a joint advisory from U.S. and U.K. agencies, officials attributed a massive brute force password spray attack to the Russian Military Intelligence Unit, 26165, more popularly known as Fancy Bear or APT28. The attack against hundreds of targets used a Kubernetes cluster to guess commonly used passwords in order to gain access to systems. The attacks began as early as mid-2019 and are the latest high-profile attack from Fancy Bear, a group well known for its interference in the 2016 U.S. election. The story is the latest case of cyber aggression from Russia. Fallout from the attribution is surely to come.