Zetter Substack | May 12, 2021

Anatomy of a $2 Million Darkside Ransomware Breach

Days before the Darkside ransomware creators formally launched their business with a press release last August, a U.S. victim was already preparing to pay them a $2 million ransom.

Security Boulevard | May 12, 2021

DarkSide Offered Ransomware-as-a-Service Before Pipeline Attack

Colonial Pipeline might be tight-lipped about the vulnerability hackers exploited to launch a ransomware attack that shut down the U.S.’s largest pipeline, but details are emerging about the DarkSide ransomware variant behind the attack and the cybercriminals associated with it.

Bloomberg | May 12, 2021

DarkSide Hackers Mint Money With Ransomware Franchise

When a new ransomware group popped up on the scene last year, the hackers did what’s in vogue for digital extortion organizations these days: They issued a press release. The hackers had already made “millions of dollars” in profit working as affiliates for other groups when they decided to go out on their own, the announcement said. “We created DarkSide because we didn’t find the perfect product. Now we have it.”

Homeland Security Today | May 11, 2021

Here’s What We Know About DarkSide Ransomware

With the ransomware incident that shut down a major fuel pipeline in the United States, another well-known variant on the cybercrime underground has been thrust into the international spotlight.

Krebs on Security | May 11, 2021

A Closer Look at the DarkSide Ransomware Gang

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here’s a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue.

Data Breach Today | May 11, 2021

DarkSide's Pipeline Ransomware Hit: Strictly Business?

Affiliate-Driven Ransomware-as-a-Service Operations Keep Generating Big Profits. "It's not personal, Sonny. It's strictly business." That immortal line from "The Godfather" encapsulates the mindset of criminals who extort businesses using ransomware and other tools: It's all about profits.

TechStrong TV | May 3, 2021

Cybersecurity – Military Appreciation Month

Cybersecurity has long been a part of the job description for these former servicemen. This Military Appreciation Month we talked with J.C. Vega, Jason Passwaters, and Barett Darnell about how their military experiences and skillsets transferred into the world of cybersecurity.

Security Ledger | April 27, 2021

Episode 212: China’s Stolen Data Economy (And Why We Should Care)

In this episode of the podcast (#212), Brandon Hoffman, the CISO of Intel 471 joins us to discuss that company’s latest report that looks at China’s diversified marketplace for stolen data and stolen identities.

Security Boulevard | April 22, 2021

China’s Cybercriminals Profit From Underground Data Monetization

Cybercriminals are using big data technology to make money from data obtained on the Chinese-language underground. Quelle surprise. An analysis of open source information and data drawn from a variety of closed forums showed a cycle that included multiple layers of cybercriminals, the use of insider information and unwitting victims, according to researchers at Intel 471.

Duo Security | April 19, 2021

China's Big Data Boom Spurs a Flourishing Underground Economy

China is increasingly becoming a "global epicenter" for big data analytics - but the country's lack of regulation is also cultivating a thriving underground economy centralized around the illegal sale of big data.

SC Media | April 19, 2021

Chinese Threat Actors Extract Big Data and Sell it on the Dark Web

Researchers on Monday reported that cybercriminals are taking advantage of China’s push to become a leader in big data by extracting legitimate big data sources and selling the stolen data on the Chinese-language dark web.

Bleeping Computer | April 13, 2021

QBot Malware is Back Replacing IcedID in Malspam Campaigns

Malware distributors are rotating payloads once again, switching between trojans that are many times an intermediary stage in a longer infection chain. In one case, the tango seems to be with QBot and IcedID, two banking trojans that are often seen delivering various ransomware strains as the final payload in the attack.

Help Net Security | April 12, 2021

The Benefits of Cyber Threat Intelligence

In this Help Net Security podcast, Maurits Lucas, Director of Intelligence Solutions at Intel 471, discusses the benefits of cyber threat intelligence. He also talks about how Intel 471 approaches adversary and malware intelligence.

Data Breach Today | April 8, 2021

Attackers Using Malicious Doc Builder Called 'EtterSilent'

Researchers at the security firm Intel 471 report cybercriminal gangs are using a newly discovered malicious document builder called "EtterSilent" to create differentiated, hard-to-discover, malicious documents that can be deployed in phishing attacks.

CyberScoop | April 6, 2021

Emerging Hacking Tool 'EtterSilent' Mimics DocuSign, Researchers Find

Hackers are using a new, malleable malicious document builder to run their criminal schemes, according to Intel 471 research published Tuesday.

RSA Conference | April 6, 2021

A Tribute to a Cybersecurity Maven, Angela Nichols (1969-2021)

Angela was not a cybersecurity startup founder, chief information security officer or a network security engineer. She wasn’t the creator of all the powerful cybersecurity products, threat dashboards or advanced AI technology algorithms used by the products that ArcSight, RedSeal, Anomali, Intel 471 and Analyst1 produced.

Bleeping Computer | April 6, 2021

EtterSilent Maldoc Builder Used by Top Cybercriminal Gangs

A malicious document builder named EtterSilent is gaining more attention on underground forums, security researchers note. As its popularity increased, the developer kept improving it to avoid detection from security solutions.

Dark Reading | April 6, 2021

Crime Service Gives Firms Another Reason to Purge Macros

Recent Trickbot campaigns and at least three common banking Trojans all attempt to infect systems using malicious macros in Microsoft Office documents created using EtterSilent.

Duo Security | April 6, 2021

Ettersilent Builder Gains Momentum in Malware Campaigns

Cybercrime groups are using a new malicious document builder known as EtterSilent as part of recent campaigns that have dropped a number of different malware strains, including TrickBot and Bazar loader.

Bank Info Security | April 6, 2021

Attackers Using Malicious Doc Builder Called 'EtterSilent'

Researchers at the security firm Intel 471 report cybercriminal gangs are using a newly discovered malicious document builder called "EtterSilent" to create differentiated, hard-to-discover, malicious documents that can be deployed in phishing attacks.

SC Media | April 6, 2021

Hackers Rush to New doc Builder That Uses Macro-exploit, Posing as DocuSign

Researchers at Intel471 have identified a new malicious document builder that has gone from a new, relatively unknown exploit to being incorporated into the attack chains of top cybercriminal groups in less than a year.

Dark Reading | April 6, 2021

Crime Service Gives Firms Another Reason to Purge Macros

A crime service gives attackers the ability to generate malicious Microsoft Word documents capable of compromising systems with hard-to-detect attacks, underscoring the continued danger posed by macros, according to a new analysis from threat intelligence firm Intel471.

The Hacker News | March 5, 2021

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year.

IT Pro | March 5, 2021

Widely-Used Cyber Crime Forums Targeted in Hacking Spree

Four widely-used hacking forums operating on the dark web have been compromised in a series of cyber attacks, with unknown attackers seizing the personal data of members while also siphoning away cash. Over the past few weeks, attackers have stolen user databases from these forums, which have included email addresses and hashed passwords, according to security researcher Brian Krebs. The incidents have left members of these sites worried that subsequent leaks could reveal their real-world identities.

Security Week | March 5, 2021

Someone Is Hacking Cybercrime Forums and Leaking User Data

Since the beginning of this year, an unknown threat actor has been hacking cybercrime forums and leaking user data publicly or offering it for sale. At least four such forums have been breached to date, namely Verified in January, Crdclub in February, and Exploit and Maza in March. All are predominantly Russian-language forums and saw their breaches publicly disclosed elsewhere.

TECH Times | March 4, 2021

Russian Hacker Site Maza Gets Hacked: Usernames, Email Ads, and Passwords Compromised

In the very latest string of "hits" coming from the Russian dark web forums, it seems like one of the most popular and prominent crime sites called Maza has just been breached by someone some time earlier during the week. In other words, one of the most popular hacker forum sites for dangerous criminals has just been hacked!

Krebs on Security | March 4, 2021

Three Top Russian Cybercrime Forums Hacked

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords.

GIZMODO | March 4, 2021

Someone Is Hacking the Hackers

In the latest in a string of “hits” on Russian dark web forums, the prominent crime site Maza appears to have been hacked by someone earlier this week.

Data Breach Today | March 4, 2021

Russian Cybercrime Forum 'Maza' Suffers Data Breach

Maza, a Russian carding and fraud discussion forum, has been breached, and hackers have leaked users' email addresses and forum credentials, security firms report.

Bank Info Security | March 4, 2021

Russian Cybercrime Forum 'Maza' Suffers Data Breach

Maza, a Russian carding and fraud discussion forum, has been breached, and hackers have leaked users' email addresses and forum credentials, security firms report.

WIRED | March 3, 2021

The Threat to the Water Supply Is Real—and Only Getting Worse

IN JANUARY 2019, Wyatt Travnichek left his job at the Post Rock Rural Water District, whose 1,800 miles of water-main pipe supply customers across eight counties in the dead center of Kansas. Two months later, prosecutors say, he logged back in to the facility’s computer system and proceeded to tamper with the processes it uses to clean and disinfect the drinking water.

The Hacker News | March 2, 2021

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.

InfoSecurity Magazine | March 2, 2021

Hackers Target Russian Cybercrime Forums

The Russian-language forum, which was originally known as Mazafaka, has served thousands of cyber-criminals since its launch in 2003. "Little is known at this time about the attackers who successfully compromised Maza," wrote Flashpoint researchers. But thanks to the data allegedly leaked in the attack, quite a lot has come to light about the site's users.

The CyberWire | February 27, 2021

Shining a Light on China's Cyber Underground

Guest Maurits Lucas from Intel471 joins us to discuss his team's research into cybercrime in China. Data from Intel 471 show that the Chinese cybercrime underground proliferates through use of common methods or platforms, but behaves differently in large part due to the caution that actors take with regard to their identity.

Data Breach Today | February 22, 2021

SonicWall Was Hacked. Was It Also Extorted?

Cybersecurity companies advise their clients not to pay ransoms for good reasons: Pay once and the attackers may come back with their hand out again.

SC Media | February 18, 2021

The Egregor Takedown: New Tactics to Battle Ransomware Groups Show Promise

Law enforcement officials from Ukraine, France and the U.S. this month cracked down on the Egregor ransomware gang, shutting down its leak website, seizing computers and arresting individuals who are allegedly linked to ransomware attacks that netted $80 million in illicit profits from more than 150 victimized companies.

Dark Reading | February 17, 2021

US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B

FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.

The Scottish Sun | February 16, 2021

Kim Jong-un Tries to HACK into Pfizer to Steal COVID Vaccine Data Weeks After AstraZeneca Attack, Spooks Claim

NORTH Korea attempted to HACK into pharma giant Pfizer in a bid to steal details of the Covid vaccine, it has been claimed.

Gov Info Security | February 12, 2021

Water Treatment Hack Prompts Warning From CISA

Following the hacking of a Florida water treatment plant, the Cybersecurity and Infrastructure Security Agency is warning the operators of other plants to be on the lookout for hackers who exploit remote access software and outdated operating systems - and to take risk mitigation steps.

CyberScoop | February 12, 2021

Investigators Suggest Hackers Exploited Weak Password Security to Breach Florida Water Facility

A clearer picture of poor security practices in Oldsmar, Florida prior to the dangerous hack of its water treatment plant is beginning to emerge, even as an investigation into the matter continues one week after the incident.

Bank Info Security | February 12, 2021

Water Treatment Hack Prompts Warning From CISA

Following the hacking of a Florida water treatment plant, the Cybersecurity and Infrastructure Security Agency is warning the operators of other plants to be on the lookout for hackers who exploit remote access software and outdated operating systems - and to take risk mitigation steps.

CyberScoop | January 29, 2021

Emotet, NetWalker and TrickBot Have Taken Big Blows, but Will it be Enough?

A trio of operations meant to disrupt ransomware outfits in recent months — two of which came to light this week — could have lasting impacts even if they stop short of ending the threat, security experts say.

Krebs on Security | January 27, 2021

Arrest, Seizures Tied to Netwalker Ransomware

U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged in a Florida court.

CSO Online | January 27, 2021

Law Enforcement Takes Over Emotet, One of the Biggest Botnets

aw enforcement agencies from several countries collaborated in a joint operation that resulted in taking over the command-and-control infrastructure behind Emotet, one of the world's largest botnets.

Krebs on Security | January 18, 2021

Joker’s Stash Carding Market to Call it Quits

Joker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.

Krebs on Security | January 18, 2021

Joker’s Stash Carding Market to Call it Quits

Joker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.

Dark Reading | January 2, 2021

Nation-States and Their Supply-Chain Attack Strategy

What started as a technique in the cybercriminal underground has become a hallmark of elite-level nation-state hacking groups that have refined it to maximize its impact.