Search This Blog

Showing posts with label Ransomware. Show all posts

A Nunavut Ransomware Incident Was Not Reported by Qulliq Energy

 


Despite being locked out of its data in January's cyberattack, Qulliq Energy Corp. did not use the word, ransomware to describe what took place. 

A cyberattack that targeted QEC on January 15 was discovered, and QEC announced that it had fallen victim to it the previous month. QEC's information technology, such as the email system, billing, and payroll database, was impacted by the large cyberattack. However, no operating technology, such as the power plants' infrastructure, was affected. 

QEC's vice president of operations and engineering Bill Nippard explained that there are several levels of cyberattacks, and the level of these attacks can vary greatly. Sometimes, they steal data from you, and other times, they simply lock your data out of your computer and encrypt it.   

However, as far as the data is concerned, the team at QEC does not believe there has been any adverse impact on their data from this incident. This is still under investigation as they mentioned. 

During an interview with Nippard about the nature of the attack, he expressed that the investigation was still at an early stage. He was not sure if it was the former or the latter when QEC was cut off from its system and its data was encrypted. 

Nipard mentioned that they have encountered that type of cyberattack in this case, but it is quite early in the investigation stage. Many details need to be sorted out. 

As it turns out, it is very difficult to determine if this is a ransomware attack. This is because if the former had occurred if the former were the case, the GN would have been subjected to a cyberattack for the second time in more than three years. 

GN's entire IT system was hacked in November 2019, which led to a large amount of data breaches. All communities were able to regain core connectivity and applications within the last six weeks after being taken out of service. It was not affected since QEC is not part of the GN's information technology system, so the public utility was spared.  

A government report has reported that the department of community and government services alone had to spend more than $5 million to resolve the problem resulting from the 2019 attack. The recovery process involved replacing more than 1,400 workstations as part of the recovery process. It has been reported by Microsoft that more than 5,500 devices have been affected by the vulnerability. This is the company that was hired by the government to help rebuild the network. 

In light of the detailed information that is available, QEC is unable to comment on the details of the cyberattack, Nippard replied. He was asked directly if the cyberattack was, according to his description, a ransomware attack. 

The process may be similar to a knot that has been tangled very tightly if you understand me. Taking the time and being patient is something that takes a lot of effort. There is likely to be a little bit of time involved in getting to the bottom of this, but it will be well worth it in the long run. 

Nippard said that even though QEC operates independently of the government's IT infrastructure, QEC was informed about the lessons learned from the 2019 attack. 

Upon completion of this investigation, he said, there will be lessons learned, which we will share with the GN once the investigation is completed. However, it must be noted that during those three years, there was a lot of change in cybersecurity, cybercrime, and cyber terrorists. 

Quite a few changes have taken place since then, so it is challenging to keep up. Even though it is a continual struggle, it is not going away. 

The Email System Behaves Oddly. 

An employee of QEC attempted to send an email to an external recipient, and after sending it, Nippard says the issue was discovered during an investigation. During the past few weeks, however, Nunatsiaq News first reported a malfunction with the email system, as per the report. CBC News reported that Nippard's email system began behaving strangely almost as soon as he sent the email, citing that the system denied sending the email. 

There was a point where the employee communicated with the IT team at the company. The IT team began an investigation and shut down the network and the entire system within the company, believing that there had been some kind of cyberattack. 

As a result of the cyberattack, Nippard did not provide any information on whether or not QEC is still locked out because of the incident. Despite that, the interviewer made sure to emphasize several times throughout the interview that there had been no impact on any customer data. 

He said that as soon as QEC and its customers are sure that there is no safety risk, he would not plan to unlock anything until he is 100 percent sure there is no safety risk. 

The power systems continue to operate normally. The company advises all of its customers to continue to keep an eye on their financial card information and their credit card statements. This will enable them to avoid any unforeseen situations.

The Unheard Story of a Crippling Ransomware


When did the attack surface?

Rob Miller first learned there was a problem on a Sunday morning in mid-October 2020. The databases and IT systems at Hackney Council in East London suffered from outrages. During the time, the UK was moving towards a lethal wave of the Covid-19 pandemic, with millions living with Covid-19 restrictions, and daily life was greatly disturbed. Bot for Miller, who's a strategic director at the public authority, the path ahead was full of challenges. By the time it was lunch, it was clear that the issue was more than technical stuff. 

What did the ransomware impact?

Soon afterward, the leaders of Hackney Council- one of London's 32 local authorities that deals with the lives of over 250,000 people- disclosed that it suffered a cyberattack. Threat actors had planted ransomware that greatly injured its systems, affecting the council's efficiency to take care of people who rely on it. The Pysa ransomware gang afterward took responsibility for the cyberattack, and after some time, claimed to publish stolen data from the council.

Current Situation

Presently, more than two years later, Hackney Council is still involved with the damage of the ransomware attack. For almost a year, various council services were out of service. Vital council systems- comprising social care services and housing benefit payments, needed to be fixed. While the services are on track now and running smoothly, parts of the council are still not able to work as they used to before the attack.

The attack on Hackney points out not only for its severity but also for the amount of time the organization took to heal and help affected people. 

Ransom Demands

Among the number of services Hackney Council provides are social and children's care benefits paid to people needing financial help, public housing, and waste collection. Many of these services are running via in-house technical systems and services. In various ways, they can work as a crucial infrastructure, making the Hackney Council no different from energy providers and hospitals. 

“The attacks against public sector organizations, like local councils, schools, or universities, are quite powerful,l. It’s not like the energy grids going down or like a water supply being disrupted … but it’s things that are crucial to the day-to-day existence," said Jamie MacColl, a cybersecurity and threat researcher at the RUSI think tank who is researching the societal impact of ransomware.

All the systems hosted on Hackney were affected. Lisa Stidle, the data and insight manager at Hackney Council said "most of our data and our IT systems that were creating that data were not available, which really had a devastating impact on the services we were able to provide, but the work that we do as well."

Where Do the Most Ransomware Attacks Take Place in the United States?

 

Ransomware can be as disruptive to your day as a flood, earthquake, fire, or another natural disaster. It has the potential to devastate businesses, close hospitals, and close schools. And if you're unlucky enough to be affected, it can completely devastate your finances. 

However, as with natural apocalyptic events, there are patterns in misfortune, and it is possible to draw patterns and identify high-risk areas. You can avoid disaster entirely with some forethought. 

What is Ransomware? 

Criminals are after your money, and draining your bank account is problematic. By encrypting vital files on compromised computers, criminals persuade victims to hand over their money voluntarily. Companies that are unable to perform business and are losing money every day, they are not functioning and will frequently pay criminals to decrypt their machines and enable them to continue trading. Criminals typically gain access to devices through either lax security processes or social engineering attacks.

Engaging in any criminal enterprise is a risky business, and cybercriminals prefer to target targets that will net them the most money while exposing them to the least amount of risk. It makes more sense to hit fewer large targets rather than many small ones. And it's understandable that they'd rather target businesses that are more likely to pay than call law enforcement.

Between 2018 and January 2023, there were 2,122 ransomware attacks in the United States, as per Comparitech research. That's a lot, and even more is likely to have gone unreported. Even if this figure is taken at face value, it equates to more than one ransomware attack per day. Each ransom was worth an astounding $2.3 million on average.

Naturally, because businesses have more money than private individuals, schools, or government agencies, they are regarded as the biggest jackpot for hackers. And because they're constantly making money, every pause costs them more. The largest ransom known to have been paid during this time period was a whopping $60 million paid in 2022 by Intrado, a communications company with interests in cloud collaboration, 911 operations, enterprise communications, and digital media, among other things.

In fact, nine of the top ten ransoms were paid by corporations, including Kia Motors, Garmin, and EDP Renewables. The education sector is prominent, with Broward County Public Schools paying the second-largest ransom of $40 million in 2021. The notorious Conti group, which has been linked to hundreds of other attacks, carried out the attack.

Hospitals and other medical care facilities are prime targets for ransomware attacks because when hospital computers go down, patients don't get the care they require, and people die. Ransoms from the healthcare sector tend to be lower, with an average payout of around $700,000, possibly because the criminals have some conscience about people dying as a direct result of their actions.

Government facilities are also frequently targeted, with state and regional facilities particularly vulnerable. Local government agencies have limited IT security resources and frequently use outdated software due to their stricter budgets, making them easier targets. However, this also means that they pay significantly less than businesses with a median revenue of half a million dollars.

Where do most attacks take place?

Ransomware attacks occur wherever criminals believe they can make a quick buck, and attacks are concentrated in areas with a high concentration of wealth and businesses with a high turnover.

In the United States, this includes the east coast, which includes Washington, DC, Maryland, Delaware, and New York; the north-west coast, which includes California and Seattle; and major regional hubs like Chicago, Illinois. The majority of these attacks target businesses, but that doesn't mean the rest of the country is safe. Attacks on healthcare and government are far more common in poorer states. Again, this is most likely due to reduced IT budgets.

Between 2018 and January 2023, no US state was immune to ransomware attacks, though some were either less appealing or more resilient to criminals. Wyoming had the fewest reported attacks, with one ransomware incident at Carbon Power and Light and two healthcare facility attacks.

Ransomware is frightening, but just like designing flood defences or forest fires, there are steps you can take to avoid becoming a victim. Here are some of the best recommendations:
  • Take regular backups and store them securely
  • Employ a good antivirus
  • Train your staff
  • Keep your systems updated
Ransomware is terrible, but at least you know that if you pay the ransom, your system will be restored to normal working order and you can resume business as usual... right? This isn't always true. What appears to be ransomware is sometimes fake ransomware: your files have been encrypted, but the criminals who have encrypted them will never decrypt them.

Northern European Criminals Copy the Lockbit Gang

 


The threat group, known as LockBit, is one of the most notorious ransomware groups operating currently. As a result, they have become very active on dark web forums. In addition, they are exploiting the negative publicity created by other ransomware groups to recruit more hardened cybercriminals for their agenda. 

The rate at which ransomware attacks have targeted companies in northern Europe has increased significantly. It appears that these attacks are being conducted using a device known as the LockBit locker. This is believed to be one of the tools used by a criminal affiliation program dubbed Gangrel. 

There is a wide range of industries that have been targeted by the LockBit group. It has caused significant disruptions and financial losses for a wide range of companies, from small to multinational. 

As a result of the nature of these new attacks, one of the most concerning characteristics is how they are being undertaken. A company's network is at risk from the LockBit Locker group. This group exploits a variety of advanced security techniques to gain initial access to the network through phishing and social engineering, among others. Having gained access to a network, attackers use a wide variety of tools and techniques to reach various parts of the network and steal sensitive information. These include sensitive system information. 

There has been an increase in attacks on small and medium-sized businesses in Belgium, as reported by Computerland in the country. There was, however, a report by the company that explained that the company was targeted by a group of cybercriminals using a variant of the LockBit locker malware. This variant appeared to have been used by the company. Following a thorough investigation, it was discovered that these attackers were unlikely to be connected with the LockBit group but rather were "wannabes" who had gained access to leaked versions of the malware. Despite not being the real LockBit Locker group, these micro-criminals were still able to inflict significant damage by encrypting a large number of internal files. 

There was, however, no impact on the company's computer system as a result of the intrusion, as backups had been made, and none of the client workstations were lost. 

The incident is one of many highlighting the dangers of outdated software and systems. This is true especially for less sophisticated actors, even in the criminal underground, where extortion practices seem to be gaining popularity. 

According to the report, in this case, the attackers were able to utilize the company's FortiGate firewall to gain access to the company's sensitive data. They did this by taking advantage of unpatched vulnerabilities. According to the Known Exploited Vulnerabilities Catalog maintained by the Center for Internet Security Awareness, unpatched FortiGate firewalls are prone to several vulnerabilities currently being exploited by cybercriminals. However, in these recent cases, the flaws exploited were the infamous "Fortifuck" flaws that date back as far as 2018. 

Unattended exposure through a branch internet gateway has allowed exploits to be made of these flaws to be discovered and exploited. As a result, these gateway sites are usually less well-protected than the central network, which may put attackers at an advantage in terms of gaining access to the network. 

The recent ransomware attacks against small and medium-sized businesses in North Europe are highly concerning for several reasons. Even though the criminal operators' lack of experience reduced their effectiveness, extended outages and data exfiltration were experienced by the targeted industries despite the reduced effectiveness of the criminal operators. 

Briefing on Threat Actors   

There is a well-known ransomware affiliation program known as LockBit, which started in September of 2019 and involves the developers of the malicious software hiring unethical penetration testing teams to spread the ransomware as a third party. There are a few gangs that have established double-extortion practices. The Stealbit malware was part of the toolkits used by this gang to support such attacks.

It is well known that during Lockbit's infamous career, a large number of small and medium businesses and large corporations such as Accenture and Royal Mail were targeted. During the infection process, the victim will be redirected to a gang payment site managed by the ransomware developers once they have infected the environment. The attackers threatened the victim that they would leak the victim's data to get her to pay more money.

Ransomware Attacks on the Small and Medium Businesses are on the Rise

 

The risk of being victimised by ransomware has grown over time. The frequency and sophistication of these attacks, which affects every industry, have both steadily increased. Additionally, when these attacks become more well-known among businesses, they search for fresh defenses against them. 

61 percent of all cyberattacks targeted small firms, according to a survey by Checkpoint. The report also notes that few small and medium-sized enterprises (SMBs) are aware that they are vulnerable to these internet risks just like the larger corporations. SMEs may strengthen their internet security by using the three steps Checkpoint has provided. 

Maintain IT equipment, and make routine repairs

Keeping your systems updated with the most recent software and security updates can prove to be extremely beneficial when it comes to safeguarding your organisation against any cyber-attacks. 

According to a recent report, 80% of all BYODs (bring your own devices) at a firm are not monitored, which presents a chance for hackers to exploit these unattended systems. Updates for tablets, smartphones, laptops, and PCs used for office work should be installed as soon as they are made available. This is one of the most crucial steps you can take to increase security. By ensuring that their operating systems, software, phones, and apps are set to update automatically, users can also prevent gaps in their security posture. 

Monitor the usage of hard drives and USB sticks

For at least part of the week, 40% of SMB employees must work remotely. The security of these gadgets must be controlled properly at all times, and that is the top responsibility of the company. Using an external USB drive or memory stick, workers frequently transfer files between teams or to different businesses.

The fact that one unsecured device is all it takes to compromise an entire network should not be overlooked. It is exceedingly challenging to trace the files that are stored on storage devices because they are shared publicly. The likelihood of a breach can be decreased by using endpoint protection measures, restricting access to physical ports, and only permitting the use of authorised sticks or memory cards. 

Avoid backing up data on the main server 

If you keep all of your company's data on the same server, there is a potential that a hacker may access it all in the event of an assault. Organizations should determine the critical information that is necessary for their operations and establish an entirely separate, off-site network backup. Employees will be able to access crucial files, allowing them to carry on with daily operations, and this will assist the company in recovering from a ransomware assault. 

Mimic Attacks: Ransomware Hijacking Windows ‘Everything’ Search Tool


Trend Micro has recently revealed details of the new type of ransomware, apparently targeting the APIs ‘Everything’ search tool to attack English and Russian-speaking Windows users. 

The malware was discovered by the security firm researchers in June 2022 and was named ‘Mimic.’ According to the researchers, the malware has been “deleting shadow copies, terminating multiple applications and services, and abusing Everything32.dll functions to query target files that are to be encrypted.” 

The researchers also found that some of the code in Mimic shared similarities with the infamous Conti ransomware, which was leaked in early 2022 following a number of high-profile incidents. 

Mimic Attacks 

Mimic ransomware attack begin with targeted victims receiving executable, most likely via an email, that retrieves four files from the target system, including the main payload, ancillary files, and tools to disable Windows Defender. 

The researchers’ findings reveal that the ransomware attack largely constituted legitimate files, of which one file contains the malicious payloads. Mimic is a sophisticated strain of ransomware that may use command-line options to target specific files and multiple processor threads to encrypt data more rapidly. 

According to Trend Micro, this combination of several active threads and the way it abuses Everything's APIs enable it to operate with minimum resource consumption, leading to a more effective execution and attack. 

What Could be the Solution? 

One of the best measures advised to the companies is by implementing a multilayered approach, which will provide the most efficient security, including data protection, backup and recovery measures. 

Utilizing a range of software that are designed to prevent, mitigate and combat the attacks on personal and business computers will add another layer of protection to the systems. 

Moreover, conducting regular vulnerability assessment and patching those vulnerabilities in the systems as soon as security updates become available will additionally aid in combating potential ransomware attack.  

DOJ Reveals: FBI Hacked Hive Ransomware Gang


The U.S. Department of Justice (DOJ) recently confirmed that the FBI has infiltrated the activities of a popular cyber-crime gang, covertly disrupting their hacking attacks for more than six months. 

According to DOJ, FBI gained deep access to the Hive ransomware group in the late July 2022. The infiltration prevented them from blackmailing $130 million in emancipate bills from more than 300 organizations. 

The files of victims are encrypted by ransomware gangs using malicious software, locking them up and rendering them unavailable unless a ransom is paid to obtain a decryption key. 

It is being estimated that Hive and its affiliates have accumulated over $100 from more than 1,500 victims that included hospitals, school districts, financial companies and critical infrastructure, in more than 80 countries across the globe. 

The FBI revealed that it has collaborated with the local law enforcement agencies to help victims recover from the attack, including the UK's National Crime Agency, which claims to have given around 50 UK organizations decryptor keys to overcome the breaches. 

On Thursday, the US announced that it had put an end to the operation by disabling Hive's websites and communication systems with the aid of police forces in Germany and Netherlands. 

Attorney General Merrick Garland stated that "Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world." 

While the Equity Division had not yet been used to capture any individual connected to Hive attacks, a senior official suggested that such releases might happen soon. 

In regards to the infiltrations, Deputy Attorney General Lisa O Monaco said, "simply put, using lawful means, we hacked the hackers." 

Moreover, the DOJ says it would pursue those behind the Hive until they were brought to justice. 

"A good covert operation can degrade confidence in operational security and inject suspicion among actors,” Mandiant Threat Intelligence head John Hultquist said. "Until the group is arrested, they will never truly be gone. They will have to reconstitute, which takes time, but I'll bet they reappear in time."    

Ransomware Profits Shrink, as Victims Refuse to Pay

 

As per data from blockchain analysis firm Chainalysis, ransomware revenue for 2022 has dropped from $765.6 million to at least $456.8 million, representing a -40.3% year-over-year drop. The number of attacks is as high as it has ever been, but the number of victims who refuse to pay the ransom has increased as well. 

Working with Coveware, Chainalysis has observed a significant decrease in the number of ransomware victims willing to pay: 76% in 2019, but only 41% in 2022. According to Chainalysis, this is a "highly encouraging" trend that is likely influenced by a variety of factors. 

Ransomware victims have realized that even if they pay the ransom, there is no guarantee that their data will be handed back or that the ransomware actor will delete the "stolen" files instead of selling them on the dark web. But since the public perception of the ransomware phenomenon has matured, data leaks no longer pose the same risks to brand reputation as they did in previous years.

Companies and government agencies, which are the primary targets of modern ransomware operations, have also improved their backup strategies, making data recovery a much cleaner and easier process than it was only a few years ago.

Insurance companies are also much less likely to permit their customers to use an insurance payout to satisfy a ransom demand. Eventually, because many ransomware operations are based in Russia, victims who choose to pay may face harsh legal consequences as a result of the country's economic sanctions following the invasion of Ukraine.

Despite the fact that victims are not paying as much as they used to, the ransomware industry is far from dead: in 2022, the average lifespan of file-encrypting-malware strains has dropped from 153 days to just 70 days year on year. The "Conti" ransomware operation ended, while other ransomware-as-a-service (raas) operations, such as Royal, Play, and BlackBasta, went live. At the end of 2022, LockBit, Hive, Cuba, BlackCat, and Ragna were still in business (and still demanding ransom payments).


Ransomware Attacks Declined by 61% But Organizations Must Remain Vigilant

 


Despite WannaCry infecting thousands of PCs worldwide in 2017, ransomware has always remained one of the biggest threats to corporations worldwide. There is, however, new research that indicates that this persistent threat may be on the decline.  

Privileged access management (PAM) provider Delinea, in partnership with Censuswide, has released the 2022 State of Ransomware Report, a comprehensive study of the latest forms of ransomware. There was a survey of 300 U.S.-based IT decision-makers conducted by the research firm, and results showed that only 25% of companies had been affected by ransomware attacks over the last calendar year.  

This represents a 61% decline in incidents of theft from organizations over the last 12 months when 64% of organizations reported being victims in that period. Additionally, according to the report, the number of companies that paid ransoms decreased from 82% at the beginning of the study period to 68% at the end of the research.  

The fact that these attacks are still common enough to cause serious data breaches is encouraging news for enterprises. However, security leaders cannot afford to become complacent in the face of attacks. 

Ransomware: Why organizations should not be complacent  

However, organizations should not relax their security precautions, although ransomware attacks appear to be declining. As ransomware breaches cost an average of $4.5 million, this is particularly significant when there is potential for an increase. 

According to Joseph Carson, chief security scientist and advisory CISO at Delinea, ransomware remains a significant concern and a threat to any organization. He further continued that they saw some signs of complacency in the survey research. This could be a sign that ransomware will be on the rise in 2023. 

An example of complacency is the decline in the number of organizations that include incident response plans, which is one of the signs of complacency. As a result, this number dropped from 94% to 71%. These circumstances may make it less likely for these companies to be able to respond to data breaches effectively. This may give threat actors more opportunities to steal critical data assets from these companies. 

Actions to be taken proactively

Rather than succumbing to complacency, organizations should remain prepared while continuing to invest time, money, and effort in proactive security solutions to prevent breaches.  

The key to protecting networks and systems from these types of attacks is making organizations more proactive about cybersecurity. This is especially true in areas where they are most vulnerable, such as identity management and access controls.  

In Carson's view, the most pertinent aspect of this concerns adopting and enforcing the principle of least privilege and employing multifactor authentication (MFA) and password vaulting to decrease enterprises' vulnerability to ransomware attacks.  

Furthermore, other measures can be taken to mitigate additional risks including frequent data backups, comprehensive incident response plans, and investing in cyber insurance policies.

Digital Systems Fail at Toronto Hospital Network, Triggering a "code grey"

 


Several major Toronto hospitals had their digital systems down on Monday, and they are investigating the cause, following which University Health Network issued a "code grey" to indicate a system failure. 

Gillian Howard, a spokeswoman for UHN, said the hospital has been experiencing outages in its digital systems. There are currently "downtime procedures" in clinical areas, Gillian added. 

In a series of tweets issued later Monday evening, the UHN noted that the network had restored service to most departments across the city. However, there may be some challenges getting to some departments due to the outage. Patients should also be prepared for a delay when they arrive at the hospital on Tuesday morning, according to the tweet.   

"In addition to ensuring the safety and well-being of their patients, the hospital ensures that they give patients updates as soon as they have more information," concluded the tweet. 

There was another outage during the day at UHN, which followed a similar outage at Toronto's Hospital for Sick Children caused by a ransomware attack last month. As part of the response, the children's hospital announced last week that 80 percent of its priority systems had been restored. It had not paid any ransoms to the hackers. 

In the United States, there is a ransomware group called LockBit, which The Federal Bureau of Investigation has called one of the world's most destructive and active criminal organizations. The group apologized for the hack allegedly committed by a member of the group. 

SickKids was offered a decryptor, but the organization said it was not planning to use it and that its technology department was restoring its systems instead. There has also been an incident where Scouts Canada has been a victim of a cyberattack recently on its "MyScouts" database, which is used to manage programs across the country. Scouts Canada announced only a small number of users had been directly affected by the outage on Monday, but the system remains down. 

The cause of the latest outage at UHN hospital is unclear. However, a research firm has found that cyberattacks on Canadian hospitals increased by 20 percent last year. This is according to data compiled in its report. 

According to a study by Check Point Research, three industries were the most affected in 2022: healthcare, finance, and government. There has been a lot of progress in the public sector regarding privacy and cybersecurity, but more needs to be done to reach "cyber maturity" in the public sector. 

It recommended that across the broader public services sector, the province needs to "enhance existing governance structures to facilitate effective cybersecurity risk management."

This Linux Malware Bombards Computers with DDoS Bots and Cryptominers

 

Security experts have discovered a new Linux malware downloader that uses cryptocurrency miners and DDoS IRC bots to attack Linux servers with weak security. After the downloader's shell script compiler (SHC) was uploaded to VirusTotal, researchers from ASEC found the attack. It appears that Korean users were the ones who uploaded the SHC, and Korean users are also the targets. 

Additional research has revealed that threat actors target Linux servers with weak security by brute-forcing their way into administrator accounts over SSH. Once inside, they'll either set up a DDoS IRC bot or a cryptocurrency miner. XMRig, arguably the most well-liked cryptocurrency miner among hackers, is the miner that is being used.

It generates Monero, a privacy-focused cryptocurrency whose transactions appear to be impossible to track and whose users are allegedly impossible to identify, using the computing power of a victim's endpoints.

Threat actors can use the DDoS IRC bot to execute commands like TCP Flood, UDP Flood, or HTTP Flood. They can execute port scans, Nmap scans, terminate various processes, clear the logs, and other operations. Malicious deployments are continuously thrown at Linux systems, most frequently ransomware and cryptojacking.

"Because of this, administrators should use passwords that are difficult to guess for their accounts and change them periodically to protect the Linux server from brute force attacks and dictionary attacks, and update to the latest patch to prevent vulnerability attacks," ASEC stated in its report. "Administrators should also use security programs such as firewalls for servers accessible from outside to restrict access by attackers."

The continued success of Linux services in the digital infrastructure and cloud industries, as well as the fact that the majority of anti-malware and cybersecurity solutions are concentrated on protecting Windows-based devices, according to a VMware report from February 2022, put Linux in a risky situation.

Warning: Ransomware Attacks Spreading via Fortinet Kit

 

The eSentire’s Threat Research Unit (TRU) confirmed in its recent research that the threat actors are exploiting Fortinet Virtual Private Network (VPN) devices that remain vulnerable to critical authentication bypass vulnerability.  The VPNs were being controlled by third-party providers; thus, the company had no direct visibility into the devices. 

Fortinet is a security ecosystem, which provides a variety of different products including next-generation firewalls, antivirus, VPNs, and endpoint solutions, among other offerings. 

On October 10, 2022, Fortinet issued a public statement in which it disclosed the critical vulnerability (CVE-2022-40684) in the system impacting several of their products including FortiOS, FortiProxy, and FortiSwitchManager. 

If the vulnerability is successfully exploited, the hacker could gain access to the Fortinet device. Specifically, devices are often integrated with organization-wide authentication protocols such as Lightweight Directory Access Protocol (LDAP) and Active Directory (AD). 

The TRU further said that its team detected and shut down two attacks on its customers – one was a Canadian-based college and the other, was a global investment firm. 

Additionally, once the threat actors had gained access to the target network, they exploited Microsoft’s Remote Desktop Protocol (RDP) to successfully get lateral movement and legitimate encryption utilities BestCrypt and BitLocker. 

Keegan Keplinger, research and reporting lead for the eSentire TRU, said “SSL VPNs are easy to misconfigure, and they are highly targeted for exploitation since they must be exposed to the internet and they provide access to credentials for the organization…” 

“Additionally, the tendency for these devices to be managed by a third party often means that the organization and their security providers have no direct visibility into activities being conducted on the device. This allows threat actors longer dwell times, as observed in the sale of these devices on the dark web, [making] SSL VPNs a prime target for initial access brokers [IABs].” 

Furthermore, Keplinger said the TRU’s research had shown that threat actors are always ready when it comes to exploiting vulnerabilities in well-used products. The attack is giving high singles to big tech companies if their technology is bing exploited in such a way.

How Hackers Can Exploit ChatGPT, a Viral AI Chatbot


Cybernews researchers have discovered ChatGPT, a platform that provides hackers step-by-step instructions on hacking a website. An AI-based chatbot, ChatGPT was launched recently and has caught the attention of the online community. 

The team at Cybernews has warned that AI chatbots may be fun to play with, but they are also dangerous as it is able to give detailed info on how to exploit any vulnerability. 

What is ChatGPT?

AI has created a stir in the imaginations of leaders in the tech industry and pop culture for decades. Machine learning tech allows you to automatically create text, photos, videos, and other media. They are all flourishing in the tech sphere as investors put billions of dollars into this field. 

While AI has enabled endless opportunities to help humans, the experts warn about the potential dangers of making an algorithm that will outperform human capabilities and can get out of control. 

Apocalypse situations due to AI taking over the planet are not something we are talking about. However, in today's scenario, AI has already started helping threat actors in malicious activities.

ChatGPT is the latest innovation in AI, made by research company OpenAI which was led by Sam Altman, and also backed by Microsoft, LinkedIn Co-founder Reid Hoffman, Elon Musk, and Khosla Ventures. 

The AI chatbot can make conversations with people imitating various writing styles. The text made by ChatGPT is way more imaginative and complex when compared to earlier chatbots built by Silicon Valley. ChatGPT is trained using large amounts of text data from web, Wikipedia, and archived books. 

Popularity of ChatGPT

After five days after the ChatGPT launch, over one million people had signed up for testing the tech. Social media was invaded with users' queries and the AI's answers- writing poems, copywriting, plotting movies, giving important tips for weight loss or healthy relationships, creative brainstorming, studying, and even programming. 

According to OpenAI, ChatGPT models can answer follow-up questions, argue incorrect premises, reject inappropriate queries, and admit their personal mistakes. 

ChatGPT for hacking

According to cybernews, the research team tried "using ChatGPT to help them find a website's vulnerabilities. Researchers asked questions and followed the guidance of AI, trying to check if the chatbot could provide a step-by-step guide on exploiting."

"The researchers used the 'Hack the Box' cybersecurity training platform for their experiment. The platform provides a virtual training environment and is widely used by cybersecurity specialists, students, and companies to improve hacking skills."

"The team approached ChatGPT by explaining that they were doing a penetration testing challenge. Penetration testing (pen test) is a method used to replicate a hack by deploying different tools and strategies. The discovered vulnerabilities can help organizations strengthen the security of their systems."

Potential threats of ChatGPT and AI

Experts believe that AI-based vulnerability scanners used by cybercriminals can wreak havoc on internet security. However, cybernews team also sees the potential of AI in cybersecurity. 

Researchers can use insights from AI to prevent data leaks. AI can also help developers in monitoring and testing implementation more efficiently.

AI keeps on learning, it has a mind of its own. It learns newer ways of advanced tech and exploitation, and it works as a handbook to penetration testers, offering sample payloads fulfilling their needs. 

“Even though we tried ChatGPT against a relatively uncomplicated penetration testing task, it does show the potential for guiding more people on how to discover vulnerabilities that could, later on, be exploited by more individuals, and that widens the threat landscape considerably. The rules of the game have changed, so businesses and governments must adapt to it," said Mantas Sasnauskas, head of the research team. 





Microsoft Discloses Methods Employed by 4 Ransomware Families Targeting MacOS


Microsoft has recently revealed information on the four different ransomware families, i.e. KeRanger, FileCoder, MacRansom, and EvilQuest that are apparently impacting Apple macOS systems. 

These ransomware families first spread through what the Windows makers refer to as "user-assisted methods," in which the victim downloads and sets up trojanized software. 

Besides, it may also show up as part of a supply chain attack payload or as a second-stage payload delivered by already-existing malware on the attacked host. 

"While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," said the tech giant’s Security Threat Intelligence team, in a Thursday report.

Regardless of the approach of attack used, the attacks follow a similar pattern in which threat actors use legitimate operating system features and vulnerabilities to gain access to the computers and encrypt important documents. 

This includes the use of the Unix operating system, along with library functions like opendir, readdir, and closedir in order to enumerate files. Microsoft mentioned another approach, but the ransomware strains did not use it, says the NSFileManager Objective-C interface. 

In an attempt to thwart analysis and debugging efforts, malware such as KeRanger, MacRansom, and EvilQuest have also been seen to employ a combination of hardware- and software-based tests to establish whether the malware is operating in a virtual environment. 

KeRanger utilizes an approach known as delayed execution to evade detection. It achieves this by sleeping upon its launch for three days before resuming its destructive operations. 

While KeRanger uses AES encryption in cipher block chaining (CBC) mode to accomplish its objectives, FileCoder uses the ZIP programme to encrypt files. On the other hand, both MacRansom and EvilQuest use a symmetric encryption technique. 

Moreover, EvilQuest, which was first detected in July 2020, includes various trojan-like functions, such as keylogging, compromising Mach-O files by inserting arbitrary code, and disabling the security software, in addition to the standard ransomware features. 

Additionally, it has the ability to run any file directly from memory, effectively eliminating any evidence of the payload from the disk. 

"Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets," Microsoft added.  

Rackspace: Ransomware Bypasses ProxyNotShell Mitigations

 


According to Rackspace Technology, a cloud hosting company that provides managed cloud services, the massive December 2 attacks have caused the company to take action. As part of the attack, thousands of small and midsized businesses suffered disruption in their email services due to a zero-day exploit against a vulnerability in Microsoft Exchange Server called server-side request forgery (SSRF), or CVE-2022-41080. 

According to Karen O'Reilly-Smith, the chief security officer at Rackspace, in an email response, the root cause of this vulnerability is a zero-day exploit associated with CVE-2022-41080. It has been reported that Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include any notes on the fact that it was part of a remote execution chain that was exploitable. 

According to a third-party advisor to Rackspace, the company had yet to apply the ProxyNotShell patch because the company was concerned that it may cause "authentication errors" that could take down its Exchange servers, as well as other potential issues. As part of its mitigation strategies for the vulnerabilities, Rackspace had already implemented Microsoft's mitigation recommendations, which the software giant had deemed as a means of preventing attacks. 

A security firm called CrowdStrike was hired by Rackspace for its breach investigation, and CrowdStrike posted its findings in an open blog post on its findings. CrowdStrike explained how the Play ransomware group had used a newly developed technique to exploit a new ProxyNotShell RCE vulnerability called CVE-2022-41080 and CVE-2022-41082. 

According to a report, CrowdStrike's post about who beat Backdoor Play was the outcome of the company's investigation into the attack against Rackspace. However, the company's external advisor told us that the research about Play's bypass method was the result of CrowdStrike's investigation into the attack. 

Last month, Microsoft informed Dark Reading that while the attack bypasses mitigations provided by previous releases of ProxyNotShell, it does not bypass the actual patch that is being applied to the system.  

'Patching - if you can do so - is the answer,' says an external advisor, pointing out that the company had weighed the risks and benefits of patching at the time when mitigations were said to have been effective and on the other hand, the patch had the potential to take their servers down. The external advisor's report states that at the time when the risk was being evaluated, considered, and weighed, they were aware of it. Because the patch has not yet been applied, the servers remain unavailable.  

According to a Rackspace spokesperson, the company has not responded to questions about whether or not the ransomware attackers have been paid.

A Recent Ransomware Attack Targeted Multiple Electric Utilities

 


In an October ransomware attack, hackers stole data belonging to multiple electric utilities across the country from a US government contractor. The information was obtained by CNN from a memo that described the hack in detail. 

As part of the federal government's ongoing effort to determine whether the incident will have any serious effects on the US energy sector, it has been closely monitored to evaluate the extent of any impact. Private investigators have searched for stolen data on the dark web. It was in this regard that the North American grid regulator, through its cyberthreat sharing center, sent a memo to senior executives of power companies this month. 

The previously unreported incident offers a glimpse into the complex procedures of what happens behind the scenes when critical US companies are attacked with ransomware. To assess the level of damage caused by this incident, lawyers and federal investigators quickly sprang into action. 

An attack has been reported on Sargent & Lundy, a Chicago-based company that has designed over 900 power stations and thousands of miles of power systems. A ransomware attack encrypts sensitive data related to stations and systems. 

In addition to handling nuclear issues, the company also works with the Departments of Defense, Energy, and other agencies to prevent terrorists from getting their hands on weapons of mass destruction and strengthen nuclear deterrence. 

Several people close to the investigation of the Sargent & Lundy hack have told CNN that the event was contained and properly resolved. This is because it does not appear that it had a broader impact on other firms in the power sector. 

The Electricity Information Sharing and Analysis Center tells us that there is no indication that the data stolen from Sargent & Lundy is on the dark web. The data includes "model files" and "transmission data" that the firm uses for utility projects and does not appear to have been accessed by anyone else. 

Nevertheless, security experts have long worried that contractors that work in the electric and nuclear power industries might dump schematics online as a means of launching follow-up physical or cyberattacks against their facilities. 

Several attacks on electric utility customers in multiple states that have resulted in physical assaults and vandalism have created an atmosphere of urgency raising concerns. A Duke Energy substation near Moore County, North Carolina, was damaged by gunfire this month, which resulted in thousands of people losing electricity in the area. After a vandal damaged multiple substations in Washington County, hundreds of thousands of people lost power on Christmas Day as a result of vandalism. 

Brenda Romero, the spokesperson for Sargent & Lundy, said in a statement to CNN that the company has fully recovered from the incident. This incident had a limited impact on its normal business operations. He added that the firm had notified law enforcement about the hack, which was made public on Friday. 

It was Romero's decision to decline further questions regarding the ransomware attack. This included whether the hackers had attempted to extort Sargent & Lundy through the extortion. It was because an investigation was still ongoing. 

According to the Biden administration, companies should share information about such hacks with each other. The reason for this has to do with the fact that US officials are still trying to get a grip on the ransomware epidemic. There have been millions of dollars lost due to this breach of critical infrastructure. 

A strain of ransomware known as Black Basta was used during the attack against Sargent & Lundy. According to two people familiar with the investigation, this strain was first detected early this year. As a result of the Black Basta attacks, Palo Alto Networks, a cybersecurity company, has reported scores of attacks on its website since April. Hackers steal the data and use that data as leverage to demand a ransom from their victims. 

Known for its work on critical infrastructure projects across many sectors of the economy, Sargent & Lundy is one of several engineering firms that have served the needs of the industry for several years. This engineering work can be a challenge for U.S. cybersecurity officials to evaluate as it pertains to its risk to supply chain security. This is in comparison to a company that only makes software. This is because engineering work requires more scrutiny. 

The federal government requires that electric utilities adhere to a set of cybersecurity standards that protect their systems against intrusions and hackers. Experts told CNN that companies that contract with these utilities to deliver services, such as Sargent & Lundy, are generally not held to the same security standards. Instead, they are subject instead to the contract's security requirements.

Are You Really Prepared for a Ransomware Attack?


With the continuous evolution and development in the IT industry, it still seems as if most IT environments are yet not adequately equipped against ransomware and remain oblivious to the importance of an efficient protection system. 

According to a recent IDC survey, conducted on more than 500 CIOs from more than 20 industries around the world, 46 percent of the respondents reported having witnessed at least one ransomware attack in the last three years. This indicates how ransomware has surpassed natural disaster, to become the main reason one needs to be skilled at handling large data restorations. Many years ago, disk system failure, which frequently required a complete restore from scratch, was the primary cause of such restores. 

However, situations changed with the introduction of RAID and Erasure Coding, which brought terrorism and natural disasters to the forefront. Nonetheless, unless you lived in a specific disaster-prone area, the likelihood that any one company would experience a natural disaster was actually fairly low. 

Is the Company Prepared for an Attack? 

May be not. 

The survey suggests that organizations who have had an experience of cyberattacks or data loss think highly of their ability to respond to such events in the future. In support of this notion, 85 percent of the respondents, on being asked about their security plans, claimed of having a cyber-recovery playbook for intrusion detection, prevention and response. 

While, it is to be taken into consideration that ransomware attacks are ever-evolving, with threat actors implementing a different tactics for the attacks. Thus, it is difficult to conclude that the current data resiliency tools would be highly efficient for all the future ransomware attacks. 

These tools however, should have one key objective in common. An efficient tool must be capable of recovering the breached data in a manner that the organization need not have to pay enormous ransom, while also making sure that the data is not lost. Since ransomware attacks are inevitable, data resiliency tool could at least ensure lesser damage from the attacks. 

Minimizing Attack Damage 

In order to detect a ransomware attack, to respond and to recover from it, one requires several crucial steps and tactics to be followed as given below.  

• IT infrastructure could be created in a way to limit the damage of an attack, for example, by forbidding the usage of new domains (preventing command and control) and restricting internal lateral movement (minimizing the ability of the malware to spread internally). However, after ransomware has hit you, you must employ numerous tools, many of which may be automated for greater efficiency. 

• Limiting lateral movement in order to halt the IP traffic all at once. If infected systems would not be able to communicate, no further damage would resultingly take place. Once the infected systems are identified and shut down, one can proceed with their disaster recovery phase of bringing infected systems online. Further, ensuring that the recovery systems are themselves not infected.  

Why Must Businesses be Equipped With Modern Ransomware Capabilities?


The most contemporary threat to the survival of businesses may be the "if, not when" approach surrounding ransomware. Ransomware attacks are increasingly prevalent targets for businesses of all sizes and in all sectors, and we know that 94% of enterprises had a cybersecurity issue just last year.

However, several companies still operate with archaic security measures that are incompetent in combating modern ransomware. 

It has been falsely believed that ransomware attacks are declining. In reality, Q1 of 2022 reported a 200% YoY hike in ransomware activities. Moreover, the increase in Ransomware as a Service (RaaS) offerings indicates that ransomware attacks have in fact turned into a commodity for threat actors. 

Ransomware as a Service 

The RaaS market opens a new and challenging trend for organizations and IT experts. 

With RaaS – a subscription ransomware model that charges affiliates for setting up malware – the access barriers for hackers are lower than ever. 

The unsophisticated nature of RaaS hackers is the reason why the average downtime has decreased to just 3.85 days (as compared to the average attack duration of two months in the year 2019). 

While the decrease in attack downtime sounds promising, the emergence of RaaS still indicates a fact for the business leaders, i.e. all organizations are vulnerable. Consequently, demanding the role of IT and business experts to combat the risk by implementing robust cybersecurity protocols. 

The need for the aforementioned action could be estimated by reviewing the ransomware attack cases that organizations have witnessed in recent times. 

Bernalillo County’s Ransomware Breach 

In January 2022, threat actors breached data centers in Bernalillo County, New Mexico. The largest detention facility in the county's automatic locking systems and security cameras were among the critical infrastructure disruptions that continued for several days. 

Months after subverting the ransomware agents, Bernalillo County officials finally implemented a stronger cybersecurity strategy that included endpoint detection and response (EDR) systems, multi-factor authentication (MFA) on all employee accounts, 24/7 security monitoring, and new virus-scanning software. 

Bernalillo County’s Ransomware Breach has taught security experts several lessons. The incident highlights how ransomware can cause non-financial harm to persons and businesses. Since, residents of Bernalillo County suffered severe service interruptions during the incident, while county convicts were confined to their cells for several days. 

The incident also emphasized the importance of rapid response to such situations. Cybersecurity measures such as MFA, remote monitoring, and EDR work wonders in preventing ransomware attacks, but only if implemented before the cyberattack. 

Unfortunately, a lot of business executives still hold off on putting strong cybersecurity policies in place. As a result, ultimately and inevitably, their organizations end up suffering like the residents of Bernalillo County. 

Prioritizing a Robust Security Strategy is Crucial 

Organizations must not compromise in implementing security protocols and services. In order to boost the effectiveness of cybersecurity, business and IT leaders are suggested to have access to the same evolving AI and machine learning capabilities that are utilized by modern hackers. 

An adequate tactile protection plan usually requires a third-party vendor in order to provide security insights or monitoring capabilities. However, business and IT leaders only consider Ransomware Protection as a Service (RPaaS) solutions that provide adaptive tactics for cloud-based, on-premises, and hybrid data centers. Doing so will eventually ensure the organization’s cybersecurity package scales as it grows—or, in some instances, shrink —without the need for extra software. 

Preparing For “When,” And Not “If” 

The first step to combat a ransomware threat is by accepting that any organization, big or small, could be a target sooner or later. This realization will eventually become more crucial in combatting the attacks, as one witnesses a constant rise in casual ransomware attacks via RaaS, and as international conflicts have further increased the chances of large-scale breaches and ransomware attacks. 

Although one cannot entirely evade ransomware attacks, breaches could still be dodged by taking cybersecurity measures such as a robust cyber defense, that will consequently secure an organization from any financial loss or a mission-critical service outage.  

FIN7 Cybercrime Syndicate: Emerges as a Major Player in Ransomware Ecosystem

 

A thorough investigation of FIN7 has revealed the organisational structure of the cybercrime group as well as its function as an associate for launching ransomware assaults. Additionally, it has revealed deeper connections between the group and the larger threat ecosystem, which includes the now-defunct DarkSide, REvil, and LockBit families of ransomware. 

The extremely active threat group Carbanak is known for using a wide range of instruments and strategies to broaden its "cybercrime horizons," including adding ransomware to its playbook and setting up fictitious security companies to entice researchers into performing ransomware attacks under the pretext of penetration testing. The financially motivated adversary has compromised more than 8,147 victims worldwide, with the majority of the affected businesses being based in the United States. Other notable nations include China, Germany, Canada, Italy, and the U.K.

Over the years, FIN7's invasion techniques have extended beyond conventional social engineering to include infected USB drives, compromised software supply chains, and the exploitation of stolen credentials obtained from dark web markets.

"Nowadays, its initial approach is to carefully pick high-value companies from the pool of already compromised enterprise systems and force them to pay large ransoms to restore their data or seek unique ways to monetize the data and remote access," PRODAFT said in a report shared with The Hacker News.

The Russian-speaking hacking group has also reportedly been seen using a number of Microsoft Exchange security weaknesses, including CVE-2020-0688, CVE-2021-42321, ProxyLogon, and ProxyShell, as weapons to infiltrate target environments. Even in situations where the victim has previously paid a ransom, the organization has launched operations that have installed SSH backdoors on the compromised systems. This is despite the use of double extortion tactics.

As part of its illegal money-making scheme, the plan is to resell access to other ransomware organizations and retarget the victims, underlining its attempts to minimize effort and maximize profits. In addition, it prioritizes businesses based on their annual revenues, dates of founding, and the number of employees. According to the researchers, this "demonstrates a certain form of feasibility study regarded a distinctive habit among cybercrime gangs."

In other words, FIN7's method of operation is to shortlist businesses and organizations with the largest income by using tools like Dun & Bradstreet (DNB), Crunchbase, Owler, and Zoominfo. In order to track visitor traffic to the victims' websites, it also makes use of other website analytics tools like MuStat and Similarweb.

One of the various intrusion vectors is used to gain initial access, after which data is exfiltrated, files are encrypted, and finally the ransom price is calculated based on the company's income.
The remote access trojans Carbanak, Lizar (also known as Tirion), and IceBot are likewise intended to be loaded using these infection sequences. IceBot was initially identified by Recorded Future-owned Gemini Advisory in January 2022.

Other tools created and provided by FIN7 include the Cobalt Strike post-exploitation tool and the Checkmarks module, which automates mass scans for vulnerable Microsoft Exchange servers and other public-facing online applications.

Another example of how criminal organizations behave like legitimate businesses is FIN7, which has a team structure with top-level management, development, pentesting, affiliate, and marketing teams, all of which have specific tasks to do.

While Alex and Rash are the main drivers of the operation, Sergey-Oleg, the third management member, assigns tasks to the other members of the group and supervises their completion. A review of the group's Jabber communication history, however, has shown that operators in administrator roles use coercion and extortion to force team members to put in more effort and issue threats to "harm their family members in case of resigning or escaping from duties."

The information was uncovered more than a month after cybersecurity firm SentinelOne suspected FIN7 may have connections to the Black Basta ransomware operation.

PRODAFT concluded, "FIN7 has established itself as an extraordinarily versatile and well-known APT group that targets enterprise companies. Their signature move is to thoroughly research the companies based on their revenue, employee count, headquarters and website information to pinpoint the most profitable targets."

"Although they have internal issues related to the unequal distribution of obtained monetary resources and somewhat questionable practices towards their members, they have managed to establish a strong presence in the cybercrime sphere."

A Huge DDoS Network was Taken Down by the US DOJ

 


According to the US Department of Justice (DOJ), 48 domains were seized after it was discovered that they were offering distributed denial of service (DDoS) attacks on-demand as a service that criminals could exploit.  

This information was provided in a press release from the office of E Martin Estrada, the United States Attorney for the Central District of California. This release was intended to inform the public that in addition to these seizures, six defendants are being charged with crimes in connection with operating these platforms.  
 
With the addition of the DDoS attacks which are plaguing the internet, this news brings back to the forefront the concept of Cybercrime-as-a-Service, outlined in the Microsoft Digital Defence Report (MDDR) released in November 2022. 

What is DDoS?

It is a platform for performing distributed denial-of-service attacks (DDoS attacks) that primarily allows anyone to purchase and execute such attacks for free. Based on the software as a service (SaaS) business model, these services are lucrative because they allow the owner of an IoT botnet to conduct low-overhead attacks.


DoS-for-Hire Services

Until recently, the majority of cybercrime-as-a-service reports have covered cybercrime using the context of ransomware, or a threat actor encrypting data and locking it out so that people cannot access what they want (usually until a ransom has been paid), or droppers bots that spread malware via delaying software updates.  

Despite this, DDoS-as-a-service (sometimes known as "booters" since they boot targeted systems from the internet) continues to be one of the most popular cybercrime methods for those who wish to commit a crime without having the necessary knowledge. 

According to the US Attorney's office, the websites seized during the operation launched "millions" of DDoS attacks, attacking victims around the world, with some claiming to provide legitimate services for your business to cope with stress. 

With booter services such as these, anyone can launch cyberattacks against victims, causing grave harm to individuals, and compromising the internet access of everyone, said US Attorney Estrada, noting the ease with which the attacks are carried out, allowing for maximum damage to be done. 

This week’s sweeping law enforcement activity is a considerable step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.

There are several organizations, including the FBI, the National Crime Agency, the Netherlands Police, and the National Crime Strategy, which are taking a much softer approach towards anyone who shows an interest in using the DDoS-for-hire services that are available. 

To deter would-be cybercriminals from investing in these services and to educate the public about the dangers of DDoS activity, an advertorial campaign will be conducted using placement ads in search engines on common keywords related to DDoS-for-hire activity. The campaign aims to target the use of common keywords related to DDoS-for-hire activity. As part of its commitment to victims, the FBI has also pledged to assist them whenever possible. 

"The FBI is ready to work with victims of crimes whether they launch them independently or hire a skilled contractor to execute them," said Donald Alway, Assistant Director in Charge of the FBI Los Angeles Field Office. 

American victims of cybercrime are encouraged to contact their local FBI field office or to file a complaint with the FBI's Internet Crime Complaint Center at www.ic3.gov.