A Russian national who runs Evil Corp – the world’s most harmful cyber crime group that created and deployed malware causing financial losses totalling hundreds of millions of pounds in the UK alone – has been indicted in the United States following unprecedented collaboration between the NCA, the FBI and the National Cyber Security Centre.
The United States of America, through its Departments of Justice and State, and the United Kingdom, through its National Crime Agency (NCA), today announced the unsealing of criminal charges in Pittsburgh, Pennsylvania, and Lincoln, Nebraska, against Maksim V. Yakubets, aka online moniker, “aqua,” 32, of Moscow, Russia, related to two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present. A second individual, Igor Turashev, 38, from Yoshkar-Ola, Russia, was also indicted in Pittsburgh for his role related to the “Bugat” malware conspiracy. The State Department, in partnership with the FBI, announced today a reward of up to $5 million under the Transnational Organized Crime Rewards Program for information leading to the arrest and/or conviction of Yakubets. This represents the largest such reward offer for a cyber criminal to date.
The NASK National Research Institute has started the implementation of an innovative project, which assumes, among others, more efficient response to threats related to cybersecurity at the national and European level, improvement of operational cooperation in Europe in this field and increase of the scope of CERT Polska’s activity. The “Advance threat Monitoring and Cooperation on the European and national levels” ( AMCE) project received funding of almost EUR 1 million under the Connecting Europe Facility program. NASK will maintain the system together with the non-profit organization Shadowserver. ” In cooperation with our knowledge partner from the SISSDEN project – the Shadowserver organization – we are starting this threat monitoring system again, based on previously created software and experience gained”.
The Leaseweb Community Outreach Program provides servers and network bandwidth to qualifying nonprofits that identify instances of technical Internet abuse including spam, malware, botnets, phishing, and more. The Shadowserver Foundation gathers intelligence on the dark web to understand and stop high stakes cybercrime.
CERT.at receives threat intelligence for Austrian IP networks from a variety of sources. As we receive data in different formats we harmonize and deduplicate it before forwarding it. The NGO Shadowserver (https://www.shadowserver.org) is our biggest threat intel source
“Augment Spoofer Project to Improve Remediation Efforts (ASPIRE)” – a collaborative project co-led by Professor Matthew Luckie of the University of Waikato‘s Computing & Mathematical Sciences Department. Reaching out to security risk management companies, e.g., FICO, BitSight, Security Scorecard, Shadowserver, and Redseal, to discuss the potential for commercial use of Spoofer data or other technology transition relationships.
Researchers have long bemoaned the insecurity of certain “security” cameras. Ostensibly installed to deter and thwart intruders, many actually can be transformed into an arsenal that hackers use for Web warfare. The latest cause for concern: A vulnerability that enables hackers to summon a firehose of network traffic from hundreds of thousands of such devices for “distributed denial of service” attacks. Scanning the Internet for devices vulnerable to “LDAP” hacking using Shadowserver, a search tool provided by a nonprofit security group of the same name, reveals nearly 15,000 devices ready for abuse. For WS-Discovery, the newly discovered attack method, more than 800,000 vulnerable devices appear to be open to abuse.
We discovered a series of incidents where the credit card skimming attack Magecart was used to hit the booking websites of chain-brand hotels — the second time we’ve seen a Magecart threat actor directly hit ecommerce service providers instead of going for individual stores or third-party supply chains. With special thanks to our colleagues at abuse.ch and The Shadowserver Foundation for helping to take down the Magecart domain.
On September 11-12, 2019, Vilnius, the capital of Lithuania, hosted the 12th international conference for ccTLD registries and registrars from CIS, Central and Eastern Europe, TLDCON 2019. The two-day conference brought together 120 participants from 20 countries. It was organized by the Coordination Center for TLD .RU/.РФ with the support of DOMREG.LT (host), the Technical Center of Internet (general partner), ICANN and the Vilnius Convention Bureau.
Last week, we took a look at Shodan results to try to determine which countries are the “richest” in the world when it comes to machines vulnerable to BlueKeep visible from the internet. Since the number of vulnerable machines Shodan detects grows every day (see the following chart), I thought it might be interesting to have another look at the numbers. But in a way which is a little different. It should be mentioned that the rise in the number of affected machines is most likely due to Shodan scanning previously unscanned IP ranges and not because there are actually more vulnerable machines out there. In fact it is quite probable that a not insignificant percentage of machines shown by Shodan as vulnerable have either been assigned different IP addresses since the detection (and could therefore have even been counted multiple times) of have been patched since the detection. If you’d like to see something closer to an actual “real-time” look at the number of machines which are still vulnerable to BlueKeep and accessible from the internet, Shadowserver will probably be a better place to look then Shodan.