Friday Five 1/14
Russia cracks down on the REvil ransomware gang, $400 million in cryptocurrency stolen, and more - catch up on the infosec news of the week with the Friday Five!
1. Russia Lays the Smackdown on REvil Ransomware Gang by Eduard Kovacs
SecurityWeek recaps some breaking news from Friday morning that Russia has apparently arrested and charged the gang behind the ransomware REvil, perhaps the largest and most destructive ransomware strain of the last two years. "The FSB of Russia has established the full composition of the REvil criminal community and the involvement of its members in the illegal circulation of means of payment, and documentation of illegal activities has been carried out," a translated statement from the public relations department of Russia's FSB said on Friday. said. The operation, which was carried out at the request of the United States, is curiously timed and obviously a bit of good PR for Russia, which is deep in the throes of the latest crisis with Ukraine. One of the latest aggressions stemming from the crisis also came Friday, a day after diplomatic talks between Russia and the West came to an impasse, when hackers defaced and took down several websites belonging to Ukrainian governments.
2. Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking by Jai Vijayan
Microsoft's larger than expected Patch Tuesday, the first of 2022, has introduced some complications for administrators - Hyper-V and domain controller issues, an issue that's effecting some VPNs, and more - but there's also a heaping portion of fixes for Windows 11 and Windows 10 systems: 96 CVEs in total. DarkReading takes a look at one issue that deserves the attention of admins: A vulnerability in Remote Desktop Services that could allow attackers to gain file system access on machines. An attacker would first have to convince a user to connect to a malicious RDP server, from there the server could read or tamper with clipboard contents or filesystem contents. While the vulnerability doesn't sound as scary as BlueKeep (CVE-2019-0708) - another vulnerability that recently affected RDP - it's worth prioritizing fixing to deter data theft.
3. Dark web carding platform UniCC shuts up shop after making millions by Charlie Osborne
Over at ZDNet, Charlie Osborn reports that the operators behind the longtime carding forum UniCC are calling it quits. The darkweb site, which has been around almost a decade - since 2013, has peddled stolen credit card data and helped cybercriminals carry out identity theft. Elliptic, a blockchain analytics firm, has some great insight on UniCC in a blog it shared this week, including the fact its operators apparently made $358 million in cryptocurrency. Reporting cryptocurrency sums can be a nebulous concept but it's likely not far off from the truth. Joker's Stash, another carding forum that recently shuttered, sold nearly $400 million in stolen credit cards before it halted business last year.
4. North Korean Hackers Stole Nearly $400 Million in Crypto Last Year by Andy Greenberg
Speaking of cryptocurrency sums, here’s a big one: $400 million stolen in 2021 by North Korean hackers. The number, while high, isn't hugely surprising if you consider last year's charges, brought against NK military hackers, for trying to steal more than $1.3 billion in cash and cryptocurrency. Cryptocurrency fuels North Korea in many ways. It helps the country evade international sanctions and funds its military, nuclear and ballistic missile programs to name a few. As Andy Greenberg and WIRED notes, the $395 million figure is actually $100 million more than the year prior. For those curious, both Wired and Chainalysis, the blockchain analysis group behind the research that uncovered the number, have a good breakdown of the type of cryptocurrency stolen, specific hacks, and how easy it is to launder stolen cryptocurrency.
5. FCC wants to revamp data breach laws for telecom carriers by Tonya Riley
The Federal Communications Commission is looking to keep pace, not just with the evolving nature of data breaches and cybersecurity but with other government agencies, which have modernized data breach notification requirements of late, as well. The latest example came this week, on Wednesday, when the FCC disclosed that it was looking to update data breach laws for telecom carriers. While nothing is concrete yet, the FCC's Chairwoman, Jessica Rosenworcel, said the agency was considering cutting out the seven-day waiting period that's required of businesses before notifying customers when there’s been a breach. She also hinted that a new requirement could require carriers to report breaches to the FCC, along with the FBI and U.S. Secret Service. As CyberScoop reports, nothing is set in stone yet. The changes, which are part of a proposal, would need to be adopted in a vote first then undergo a rulemaking process and public comment.