Archive for Cybercrime

Killnet Group Attempting to Form a Private Military Hacking Company

Posted in Commentary with tags on March 15, 2023 by itnerd

On March 13, Killmilk, the leader of the Russian hacktivist DDoS collective Killnet, announced on Telegram the establishment of “Black Skills,” a Private Military Hacking Company. 

The name “Private Military Hacking Company” is a clear riff on the growing presence and cult of private military companies in Russia (primarily the Wagner Group). It is also likely a not-so-subtle invitation to the Russian government to use Killnet’s resources as a cyber mercenary group, although it’s also unlikely they will deeply vet their clientele. 

This blog post from Flashpoint’s analysis team has a lot more detail on this: https://flashpoint.io/blog/killnet-killmilk-private-military-hacking-company/

Leave a comment »

Investment Fraud is Now Top Cybercrime Earner: Internet Crime Report

Posted in Commentary with tags on March 14, 2023 by itnerd

According to the 2022 Internet Crime Report compiled by the IC3, at $3.3 billion, Investment Fraud is now the top-earning cybercrime category, surpassing business email compromises in 2022, according to the FBI. Furthermore, the Bureau said the increase was mainly a result of criminals spoofing legitimate business phone numbers to confirm fraudulent banking details with their victims.

Global consumers and businesses filed throughout 2022:

•    $10.3bn total cybercrime losses (up 49% yoy)
•    801,000 complaints (down 46,000 yoy)
•    $3.31bn total Investment fraud (up 127% yoy)
•    $806.6m total Tech support fraud (up 132% yoy)
•    $2.7bn total BEC fraud (up 14% yoy)
•    300,000 phishing complaints (down 7% yoy but still the most popular form)

The report also noted that while 2,385 complaints about ransomware were reported last year, estimating losses at $34.4m, the loss figures do not represent the full scale of the financial burden placed on organizations. Also, many ransomware breaches go unreported and loss estimates do not include lost business, time, wages, files, equipment or third-party remediation services used by victims.

Monti Knode, Director of Customer Success, Horizon3.ai had this to say:  

   “The SVB collapse is a perfect storm for both Investment fraud and BEC — the top two losses categories from the IC3.

   “Right now, thousands of tech companies are moving their money, but even more fragile is the fact that they are messaging with their customers and reestablishing invoicing and payments. This is creating confusion and opens up opportunity for attackers to pose and prey on unwitting customers.

   “Tech companies caught up in the SVB collapse will need to be extremely diligent and get personal with their customer base to maintain trust during this tough time, or a customer may quickly attribute the moniker of “threat” to their vendor, and that’s nowhere anyone wants to be.”

This dovetails into a story that I put up yesterday saying that I expect attacks that are leveraging the failure of SVB. Given the numbers in this report, we could start seeing those attacks at any time. Never mind all the usual cybercrime that we see now. And that’s going to cost us all a lot of money.

Leave a comment »

US Companies Will Soon Have To Report Any Instance That They Have Been Pwned Or They Paid A Ransom

Posted in Commentary with tags , , on March 13, 2022 by itnerd

I’ve said for a long time that companies will only ensure that their cyber defences are as strong as they possibly can be if they’re forced to by law. That’s why this news is really good news as far as I am concerned:

Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress. 

The rules are part of a broader effort by the Biden administration and Congress to shore up the nation’s cyberdefenses after a series of high-profile digital espionage campaigns and disruptive ransomware attacks. The reporting will give the federal government much greater visibility into hacking efforts that target private companies, which often have skipped going to the FBI or other agencies for help.

“It’s clear we must take bold action to improve our online defenses,” Sen. Gary Peters, a Michigan Democrat who leads the Senate Homeland Security and Government Affairs Committee and wrote the legislation, said in a statement on Friday.

The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that’s considered part of the nation’s critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours.

What I hope this does is make companies think long and hard if they want to be on the wrong end of getting pwned, and having to report it to the US Government. Which will make them invest time, effort, money, and more time, effort, and money into people, training and products that will keep their companies from getting pwned. That in turn will hopefully make cybercrimes like ransomware less attractive to cybercriminals, and we will see less of this as a result.

Oh. In case you’re wondering what happens if a company doesn’t report a cyber incident? Here’s your answer:

The new rules also empower CISA to subpoena companies that fail to report hacks or ransomware payments, and those that fail to comply with a subpoena could be referred to the Justice Department for investigation.

The CISA is the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. This is the lead agency for the US Government for this sort of thing. And I am pretty sure that no company wants the Justice Department knocking on their door. Thus this is great news as far as I am concerned.

1 Comment »