Top | |
Newsletter 01/23/2022 | Back to Contents |
Global Law Enforcement: The Empire Strikes Back Or, Is it all just batting practice?
6
You will hear of wars and rumors of wars,
but see to it that you are not alarmed. Such things must happen, but the
end is still to come. 7 Nation will rise against nation, and
kingdom against kingdom. There will be famines and earthquakes in
various places. 8 All these are the beginning of birth pains.
The words of New Testament author, Matthew, have resonated with believers and non-believers alike over the centuries. Surely, as the literati in the eighteenth century viewed the wars of conquest between rival European powers that raged on three continents signaled the coming of the end times, all the ongoing battles for command and control over nations' computer networks and resources, may herald the end times for computing as we know it. Overblown? Maybe... But, it cannot be denied that, as noted by John Love, in an essay entitled, A Brief History of Malware — Its Evolution and Impact, April 5, 2018: Most wars involve a specific set of countries and have a defined beginning and end. Regrettably, the war with malware impacts everyone across the globe and has no end in sight. According to CNBC, cyberattacks are the fastest growing crime in the United States (and it’s easy to speculate, the fastest growing crime in the rest of the world as well). As global conflict rages on, alliances, and exactly who is friend and who is foe, often change. Proving this point, on January 14, 2022, Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks
In an unprecedented move,
Russia's Federal Security Service
(FSB), the country's principal security agency, on Friday disclosed that
it arrested several members belonging to the notorious REvil ransomware
gang and neutralized its operations.
Now REvil is not the mythical 400 pound kid sitting on his bed with a
souped up
Commodore 128. REvil's most notorious exploit
was when
REvil associates working with another ransomware group — DarkSide —
attacked Colonial Pipeline, causing fuel shortages and price spikes
across the United States.
The Russian Federal Security Service (FSB) has arrested the
administrator of the UniCC carding forum and one of the members of the
Infraud cybercrime cartel.
The carder site was already shuttered. And, on January 12, 2022, the
site announced
"it would voluntarily close down, citing the administrators’ intention
to retire, and advised users to withdraw their funds within ten days." Experts say there is good reason for Ukraine to be afraid. Ukraine has long been used as the testing grounds for Russian offensive hacking capabilities. State-backed Russian hackers have been blamed for the Dec. 23, 2015 cyberattack on Ukraine’s power grid that left 230,000 customers shivering in the dark. So while Russia is making moves to placate US and European law enforcement, North Korea is also turning the tables in the cyber war alliances. At the end of last year, North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) with new versions of malware implants. APT is an acronym that sands for Advanced Persistent Threat. Researchers believe this new campaign is less espionage and more common crime for financial gain. By focusing its hacking on stealing credentials, "North Korean has focused much of its efforts on espionage campaigns and targeting organizations for financial gain, with cryptocurrency a common target of attacks." And finally we have the stuff from where rumors originate. A cyber threat so menacing that once infected with this malware even replacing the hard drive won't remove the infection. This attacker infects a computer's UEFI firmware tht runs BEFORE THE OPERATING SYSTEM, and thus will reinfect the computer at each start up. "Due to its emplacement on SPI flash, which is located on the motherboard instead of the hard disk, the implant is capable of persisting in the system across disk formatting or replacement." Although it is not exactly known who is behind this malware, Chinese hackers are suspected. The malware responsible for the stealth attack is known as Moonbounce. A Chinese hacking group known as APT 41 is believed responsible for MoonBounce.
Security researchers have unveiled MoonBounce, a custom UEFI
firmware implant used in targeted attacks. The Cybersecurity firm, Mandiant, has published an indepth report on the nefarious activities of APT 41.
APT41 is unique among tracked China-based actors in that it
leverages non-public malware typically reserved for espionage campaigns
in what appears to be activity for personal gain. Explicit
financially-motivated targeting is unusual among Chinese state-sponsored
threat groups, and evidence suggests APT41 has conducted simultaneous
cyber crime and cyber espionage operations from 2014 onward. So why would Chinese hackers want to brick their victims computers? Maybe simply to increase the sales of new PCs, which are for the most part all made in China. Another possible answer maybe to simply to prove they can. This is known as a Proof Of Concept (POC). A successful POC is more often than not a harbinger of more excitement to come. So stay tuned. The title of the blog is Dispatches From the Front. Trouble with this war is that we are all on the front lines of the conflict whether we know it or not.
But
you tell me over and over and over again, my friend
|
Back to Top | next post → |