• Who Is the Network Access Broker ‘Babam’?

    Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in stealing remote access credentials -- such as usernames and passwords needed to remotely connect to the target's network. In this post we'll look at the clues left behind by "Babam," the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years.

  • Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

    In January 2021, technology vendor Ubiquiti Inc. [NYSE:UI] disclosed that a breach at a third party cloud provider had exposed customer account credentials. In March, a Ubiquiti employee warned that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a fabrication. On Wednesday, a former Ubiquiti developer was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower.

  • The Internet is Held Together With Spit & Baling Wire

    Imagine being able to disconnect or redirect Internet traffic destined for some of the world's largest companies -- just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the world's largest Internet backbones.

  • Arrest in ‘Ransom Your Employer’ Email Scheme

    In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer's network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme -- a young man who said he was trying to save up money to help fund a new social network.

  • The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

    One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim's funds via Zelle, a "peer-to-peer" (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target's bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

  • Tech CEO Pleads to Wire Fraud in IP Address Scheme

    The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.

  • Hoax Email Blast Abused Poor Coding in FBI Website

    The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

  • Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild

    Hackers are exploiting a critical authentication bypass vulnerability in ManageEngine Desktop Central MSP, an endpoint management tool used by managed service providers (MSPs). Attacks started before ManageEngine issued a patch, so all customers are advised to check their systems for signs of exploitation using a special tool released by the developers.ManageEngine is a division of business software developer Zoho that's focused on IT management software. The division maintains a portfolio of over 90 products and free tools that are used by millions of system administrators in more than 180,000 companies around the world.News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organizations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.To read this article in full, please click here

  • Collect today, decrypt tomorrow: How Russia and China are preparing for quantum computing

    Much has been bantered about how advances in quantum computing will adversely affect the ability of companies and governments to keep secret information, well, secret. Jeffery Moore, chief of UK’s Secret Intelligence Service (MI-6), summed it up nicely when he spoke at the International Institute for Strategic Studies (IISS) on November 30, on Human Intelligence in a Digital Age:“We live in a world transformed by digital connectivity and stand on the cusp of revolutionary advances in technology which will affect the way we live and work in ways we cannot fully foresee. Advances in quantum engineering and engineered biology will change entire industries. The huge volumes of data now available across the globe, combined with ever increasing computer power and advances in data science, will mean the integration of artificial intelligence, AI, into almost every aspect of our daily lives.” Moore warned, “Our adversaries are pouring money and ambition into mastering artificial intelligence, quantum computing and synthetic biology, because they know that mastering these technologies will give them leverage. “To read this article in full, please click here

  • U.S. Cyber Command’s actions against ransomware draw support and criticism

    Over the weekend, Gen. Paul M. Nakasone, the head of U.S. Cyber Command and the National Security Agency (NSA), confirmed what most cybersecurity specialists already knew: The U.S. military has engaged in offensive measures against ransomware groups. These actions were undertaken to stem the alarming and growing tide of ransomware attacks that have hit U.S. industry, notably Colonial Pipeline in May, and have afflicted hundreds of healthcare and educational institutions.To read this article in full, please click here

  • Ubiquiti breach an inside job, says FBI and DoJ

    The recent unsealing of a grand jury multi-count indictment for Nikolas Sharp provides a unique and convoluted series of criminal events. It seems Sharp undertook to put approximately $2 million into his pocket via a data theft and extortion effort, with a twist of “whistleblower” claims thrown in to confuse investigators in an attempt at self-exoneration.As with many criminal enterprises, they reach their point of collapse when everything goes toes up. When Sharp’s employer Ubiquiti Networks essentially told the criminal extorting them to pound sand, they no doubt felt this grand scheme was dying a fast death.   According to Sharp’s LinkedIn page, he had the role of “cloud lead” for Ubiquiti from August 2018 to March 2021. By all accounts, he was a trusted member of the Ubiquiti team.To read this article in full, please click here

  • Malware variability explained: Changing behavior for stealth and persistence

    Cybercriminal gangs from Eastern Europe have always followed a rule: Don't steal from Russians or their former Soviet allies. Groups like REvil or DarkSide put kill switches inside their malicious code, checking if the language on the machine it lands on is Russian, Ukrainian, Georgian, Armenian, or Romanian. If it is, the malware simply fails to install.Such tactics create malware variability—the same piece of code can do different things on different computers, depending on the version of the OS, the libraries installed, or the language settings. "If you try to run the same malware on three or four different machines, you'll potentially get three or four different behaviors," says Erin Avllazagaj, graduate research assistant at the University of Maryland, College Park.To read this article in full, please click here(Insider Story)

  • A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks

    President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity tasked the U.S. Cybersecurity and Infrastructure Security Agency (CISA) with developing a standard set of operational procedures for the Federal Civilian Executive Branch (FCEB) to use when responding to incidents and vulnerabilities. CISA recently released the Cybersecurity Incident & Vulnerability Response Playbooks as a single document. While this guidance is intended for FCEBs, it may be applicable to other entities as well.To read this article in full, please click here(Insider Story)

  • The CSO guide to top security conferences, 2021

    There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2021 and 2022.From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.To read this article in full, please click here