Cybercrime

A critical vulnerability in a widely used software tool – one quickly exploited in the online game Minecraft – is rapidly emerging as a major threat to organizations around the world.

“The internet’s on fire right now,” said Adam Meyers, senior vice-president of intelligence at the cybersecurity firm Crowdstrike. “People are scrambling to patch”, he said, “and all kinds of people scrambling to exploit it.” He said on Friday morning that in the 12 hours since the bug’s existence was disclosed, it had been “fully weaponized”, meaning malefactors had developed and distributed tools to exploit it.

Update: CRA takes down online services amid cybersecurity threat

Google has sued hackers believed to be part of a cybercrime gang that has stolen user information from around the world.

A complaint names two Russians and 15 unknown individuals said to be behind Glupteba, a malicious “botnet” that has infected over a million computers.

Criminals use these systems of compromised devices to hack private data.

It is the first case Google has launched against a botnet.

According to a lawsuit filed in New York and unsealed on Tuesday, the botnet built by Dmitry Starovikov, Alexander Filippov and their associates has become a “modern technological and borderless incarnation of organised crime”.

Kinda hard to pick out the bad guys here.

More than half of the known ransomware victims in Canada this year were critical infrastructure providers, according to a new threat assessment from Canada’s cyber spies, and the number is likely even higher.

As part of a push a new awareness campaign, the Communications Security Establishment (CSE), Canada’s foreign signals intelligence agency, released a ransomware bulletin Monday looking at the key trends of ransomware in 2021.

“Brazen, sophisticated, increasing in frequency, and, for the cybercriminals, very profitable,” assessed CSE’s Cyber Centre in its report.

One of the FBI’s most wanted men linked to ransomware gang REvil is living freely in a Siberian city with no sign the Russian authorities are acting to detain him.

DailyMail.com tracked suspected super-hacker Yevgeniy Polyanin, 28, to a chic $380,000 (USD) home in Barnaul where he was seen driving his $74,000 Toyota Land Cruiser 200, evidently feeling untouchable.

His wife Sofia, 28, openly runs an upscale social media baking business – including racy hen party cupcakes decorated with male genitalia – while he is accused by the US authorities of extorting millions of dollars from American businesses.

The FBI has launched an investigation after thousands of fake email messages were sent from one of its servers warning of a possible cyber-attack.

The government agency said the incident on Saturday morning was part of an “ongoing situation”, but provided no further details.

The messages purported to be from the US Department of Homeland Security.

They claimed to be a warning about a supposed threat and were titled: “Urgent: Threat actor in systems.”

One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security.

David Shipley, the CEO of a cybersecurity firm in Fredericton, said he’s seen similar breaches before, but usually on a smaller scale.

“We’ve never seen a health network takedown this large, ever,” Shipley said in an interview with CBC News. “The severity of this is what really sets it apart.”

Secretive gangs are hacking the computers of governments, firms, even hospitals, and demanding huge sums. But if we pay these ransoms, are we creating a ticking time bomb?

They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.

How much personal information do you share on your social media profile pages?

Name, location, age, job role, marital status, headshot? The amount of information people are comfortable with posting online varies.

But most people accept that whatever we put on our public profile page is out in the public domain.

So, how would you feel if all your information was catalogued by a hacker and put into a monster spreadsheet with millions of entries, to be sold online to the highest paying cyber-criminal?

The gang behind a “colossal” ransomware attack has demanded $70m (£50.5m) paid in Bitcoin in return for a “universal decryptor” that it says will unlock the files of all victims.

The REvil group claims its malware, which initially targeted US IT firm Kaseya, has hit one million “systems”.

This number has not been verified and the exact total of victims is unknown.

However, it does include 500 Swedish Coop supermarkets and 11 schools in New Zealand.

Experts are sounding the alarm about potential cyberattacks on the Tokyo Summer Olympics from those looking to create chaos at the already embattled event.

The concerns come after a year of escalating cyberattacks against a range of institutions, and as global tensions have skyrocketed during the course of the COVID-19 pandemic.