Friday Five: Law Enforcement Finding Success, But Ransomware Remains Troublesome
Law enforcement saw quite a bit of success this past week, but ransomware and cyberespionage operations are remaining aggressive. Catch up on these stories and more in this week’s Friday Five.
VICTIMS’ RELUCTANCE TO REPORT RANSOMWARE STYMIES EFFORTS TO CURB CYBERATTACKS, SAY FEDERAL OFFICIALS BY TONYA RILEY
The Institute for Security and Technology's Ransomware Task Force released its May 2023 Progress Report this past week, which indicated that a lack of attack-related data remains a concern for the task force and other stakeholders and that better ransomware reporting could help inform some of the still unaddressed recommendations from the group’s initial 2021 report. “If we could move [the number of reported ransomware attacks] from 20-30% to up to 70-80% we could make an even bigger impact than we’re already doing,” said Marshall Miller, principal associate deputy attorney general at the Justice Department.
FEDS SEIZE 13 MORE DDOS-FOR-HIRE PLATFORMS IN ONGOING INTERNATIONAL CRACKDOWN BY DAN GOODIN
The US Justice Department has seized the domains of 13 DDoS-for-hire services as part of an ongoing initiative known as Operation PowerOFF, which was also responsible for the seizure of 48 separate domains this past December. Furthermore, according to a statement from the Justice Department, "Ten of the 13 domains seized [this past week were] reincarnations of services that were seized during a prior sweep in December, which targeted 48 top booter services." Read more about what these illicit services are used for and which cybercriminals pleaded guilty to their crimes in the full story from Ars Technica.
FBI DISRUPTS SOPHISTICATED RUSSIAN CYBERESPIONAGE OPERATION BY AJ VICENS
One of the Russian government’s most sophisticated long-running cyberespionage operations was hacked and disrupted by the FBI this past week as part of an international operation dubbed "Medusa." A unit within the Federal Security Service of the Russian Federation that has been known for years as one of Russia’s premier cybersespionage outfits, known as Turla, was reportedly using and continuously updating a piece of malware known as “Snake” to steal sensitive documents from hundreds of computer systems in at least 50 countries, including NATO allies. Details about the operation can be found in a recently-released joint cybersecurity advisory.
MEET AKIRA — A NEW RANSOMWARE OPERATION TARGETING THE ENTERPRISE BY LAWRENCE ABRAMS
A new ransomware operation that launched this past March 2023, known as Akira, has slowly been building a list of victims and claims to have already conducted attacks on sixteen companies. The ransomware encrypts files and appends the .akira extension to the file's name, after which it spreads laterally to other devices, gains Windows domain admin credentials, and deploys the ransomware throughout the network. Akira has reportedly leaked the data for four victims on their data leak site, with the size of the leaked data ranging from 5.9 to 259 GB.
A MYSTERIOUS NEW HACKER GROUP IS LURKING IN UKRAINE’S CYBERSPACE BY LILY HAY NEWMAN
The Malwarebytes Threat Intelligence Team reports that they've been tracking a new hacking group, which they've dubbed RedStinger, that has been conducting espionage operations since 2020 against both pro-Ukraine targets in central Ukraine and pro-Russia targets in eastern Ukraine. The group's operations have included compromising victims' devices to exfiltrate screenshots and documents, recording audio from their microphones, targeting election officials running Russian referendums in disputed Ukrainian cities, and more. Learn more about RedStingers operations and how they initiate their campaigns in the full story from Wired.