Top news stories this week
- Exposed. Russia arrests ransomware operator Wazawaka and the founder of Hydra dark web market.
- Big hitters. BT and Deloitte are latest targets in ransomware group sites.
- Crackdown! Law enforcement shuts down encrypted chat platform and arrests cyber fraud suspects.
- On the rocks. Ransomware pushed the US arm of vodka maker Stoli Group into bankruptcy.
- Rockstar. Cyber criminals launch campaigns using new phishing platform and abuse Cloudflare domains.
- Words of warning. NCSC emphasises cyber risks faced by the UK.
1. Russia arrests Wazawaka and the founder of Hydra dark web market
Russian authorities arrested Mikhail Pavlovich Matveev, aka Wazawaka, who has been associated with ransomware groups LockBit, Hive and Babuk. Matveev was previously sanctioned by the US government who offered a USD 10 million reward for information that could lead to his arrest.
Russian law enforcement also arrested the founder of Hydra dark web market, Stanislav Moiseyev, and sentenced him to life in prison. Before its takedown in 2022, Hydra was the world's largest market on the dark web for selling drugs and money laundering, plus offering stolen databases following cyber attacks.
So What?
These arrests represent an unusual move by Russia, which is often seen as a safe haven for cyber criminals, as long as they do not target organizations within Russia's sphere of influence.
[Researcher: Anna Tankovics]
2. BT confirm cyber attack attempt whilst Deloitte targeted with unverified data theft claim
UK telecoms firm, BT has confirmed an attempted cyber attack after the Black Basta ransomware group claimed to have accessed 500GB of its corporate data. The company stated affected servers were quickly isolated, and the incident did not impact live BT Conferencing services or other BT Group or customer operations.
Separately, the Brain Cipher threat actor group listed Deloitte UK on their leak site, claiming to have stolen 1TB of data and listing a timer giving the company 11 days to respond. This claim remains unconfirmed.
So what?
Threat actors may exaggerate the level of impact or amount of stolen data in their attacks, organizations should validate claims with thorough forensic investigations.
[Researcher: Lawrence Copson]
3. Law enforcement operations shut down encrypted chat platform and arrest cyber fraud suspects
Interpol coordinated Operation Haechi V (an iteration of a long-running operation aiming to disrupt cyber-enabled fraud involving law enforcement from over 40 countries) has resulted in the arrests over 5,500 individuals and the seizure of more than USD 400 million in assets.
Separately, in another coordinated operation, international law enforcement agencies across Europe shut down MATRIX, an encrypted messaging platform used by cybercriminals. This effort resulted in the shutdown of 40 servers and the arrest of 5 suspects.
So what?
Cyber law enforcement takedowns are meticulously planned and coordinated, often taking years to execute. These efforts can significantly disrupt the cybercriminal ecosystem.
[Researcher: Aditya Ganjam Mahesh]
4. Ransomware pushed the US arm of vodka maker Stoli Group into bankruptcy
A ransomware attack on the multinational Stoli Group in August caused the bankruptcy of two of the vodka-maker’s US subsidiaries Stoli USA and Kentucky Owl. The ransomware attack by an unknown group lead to a significant disruption to the key business processes, such as enterprise resource planning and accounting.
SO WHAT?
Organizations should evaluate the requirements for their business resilience and ensure that they have strong incident response, business continuity and crisis management plans in place.
[Researcher: Milda Petraityte]
5. Cyber criminals launch campaigns using new phishing platform and abuse Cloudflare domains
Cyber criminals are using a new Phishing-as-a-Service (PhaaS) platform named Rockstar 2FA to bypass multi-factor authentication and compromise Microsoft 365 accounts using Adversary-in the-Middle (AiTM) attacks. Separately, Cloudflare domains are being increasingly abused to host phishing webpages that are bypassing security solution URL filtering.
SO WHAT?
Security teams must utilize up-to-date threat intelligence to adapt to evolving phishing techniques and protect their organisation.
[Researcher: David Broome]
6. NCSC warns UK unprepared to face cyber threats
The UK's Head of the National Cyber Security Centre (NCSC), Richard Horne has warned that the cyber threat faced by the UK is currently being underestimated. Data released by the NCSC this week, shows an increase in the volume and severity of cyber attacks, as the agency responded to 430 incidents – up from 371 of the previous year.
So what?
Both public and private organizations should be aware of the current threat landscape and invest in cyber defences to protect their assets.
[Researcher: Adelaide Parker]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
