Friday Five: A Win for Data Privacy, Conti Members Sanctioned, & More
Wins against cybercrime and the invasion of data privacy took the headlines this past week, but phishing, business email compromise, and the effects of climate change remain as threats against organizations. Catch up on all these stories in this week’s Friday Five!
UK LAWMAKERS BACK DOWN ON ENCRYPTION-BUSTING ‘SPY CLAUSE’ BY TONYA RILEY
UK lawmakers have postponed implementing the so-called "spy clause" in the Online Safety Bill, which would have mandated scanning encrypted messages for harmful content--an action seen as technically unfeasible and invasive by many. Instead, tech companies will be required to scan networks when technically feasible. The bill now clarifies that companies won't have to provide access to their systems, alleviating privacy concerns. Meta, Signal, and Apple had threatened to pull services from the UK if privacy afforded encryption weakened as a result of the bill. Although privacy advocates and tech companies view this delay as a win, they remain wary of future encryption-breaking attempts and experts still caution that the bill's passage could set a concerning precedent for other governments.
US AND UK SANCTION 11 TRICKBOT AND CONTI CYBERCRIME GANG MEMBERS BY LAWRENCE ABRAMS
The USA and UK have imposed sanctions on 11 Russian nationals linked to the TrickBot and Conti ransomware cybercrime operations. TrickBot, initially a banking credential theft malware, evolved into a tool for cybercrime groups to gain access to corporate networks. The sanctioned individuals, some of whom are said to have ties to Russian intelligence services, are associated with cybercrime activities that resulted in $180 million in global theft. Indictments against nine individuals linked to Trickbot and Conti are expected and the sanctions against them prohibit financial transactions, potentially affecting ransom payments and leading to the disruption of ransomware operations.
RESEARCHERS IDENTIFY HIGH-GRADE PHISHING KITS ATTACKING NEARLY 60,000 MICROSOFT 365 ACCOUNTS BY AJ VICENS
A cybercrime group dubbed "W3LL" developed and sold phishing software used in attempts to compromise around 56,000 Microsoft 365 accounts over the past 10 months, according to Group-IB researchers. The group, active since 2017, created a private ecosystem of highly effective phishing tools for corporate email account compromises and approximately 8,000 corporate Microsoft email accounts were successfully breached using these kits. W3LL generated over $500,000 in sales through its marketplace, the "W3LL Store," catering to a closed community of threat actors who engage in business email compromise (BEC) attacks. The W3LL Store facilitates BEC phishing campaigns, offering managed phishing solutions for cybercriminals.
CDM POLICIES PROVIDE A VITAL SHIELD AGAINST CLIMATE-DRIVEN CYBERATTACKS, EXPERTS SAY BY CHRIS RIOTTA
As rising temperatures strain grids, climate change makes them more vulnerable to cyberattacks, and cybersecurity experts suggest critical infrastructure operators adopt innovative security practices to counter emerging risks from climate change-related extreme weather events. Continuous Diagnostics and Mitigation (CDM) policies are recommended to proactively identify and address cybersecurity challenges, offering access controls and automated vulnerability remediation. CDM can bolster resilience against cyberattacks during climate-induced severe weather incidents, especially as threat actors target electric grids. Researchers also warn of "catastrophic" consequences if a cyberattack on the grid coincides with a heatwave, emphasizing the importance of modernizing CDM to address advanced threats at the application layer.
THE INTERNATIONAL CRIMINAL COURT WILL NOW PROSECUTE CYBERWAR CRIMES BY ANDY GREENBERG
The lead prosecutor of the International Criminal Court, Karim Khan, has announced the intention to investigate and prosecute hacking crimes that violate existing international law. This includes attacks on civilian critical infrastructure like power grids, banks, and hospitals. Khan's office will focus on cybercrimes that potentially breach the Rome Statute, covering war crimes, crimes against humanity, and genocide. While not explicitly mentioning Russia or Ukraine, this comes amid increasing attention on Russia's cyberattacks against Ukraine. The move signifies a significant step in considering cyberwar crimes within the purview of international law, potentially leading to broader legal consequences for cyber attackers.