Cybercrime and System Administration - Cyber Security Informer

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Dmitry Yuryevich Khoroshev.

Ransomware

Ransomware Cybercrime Accountability Malware

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya , Miami-based company whose products help system administrators manage large networks remotely. Prosecutors say Vasinskyi also used the monikers “ Yarik45 ,” and “ Yaroslav2468.”

Ransomware

Ransomware Cybercrime System Administration Passwords

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Conclusion: cybersecurity and cybercrime have matured.

Cybercrime

Cybercrime Banking Malware Ransomware

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. At the time of the report, some of the HTTP 404 errors remain unfixed. ” concludes the report.

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer.

Advertising

Advertising Cybercrime System Administration Hacking

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

JUNE 9, 2020

That last effort prompted a gracious return call the following day from a system administrator for the city, who thanked me for the heads up and said he and his colleagues had isolated the computer and Windows network account Hold Security flagged as hacked.

Ransomware

Ransomware System Administration Backups Technology

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. md , and that they were a systems administrator for sscompany[.]net.

Malware

Malware VPN Internet Internet

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

.” New York City-based cyber intelligence firm Flashpoint said the Snatch ransomware group was created in 2018, based on Truniger’s recruitment both on Russian language cybercrime forums and public Russian programming boards. “The command requires Windows system administrators,” Truniger’s ads explained.

Ransomware

Ransomware Accountability Cybercrime Backups

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. ” concludes DoJ.

System Administration

System Administration Penetration Testing Malware Hacking

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. ” reads the post published by Microsoft.

Ransomware

Ransomware Cybercrime Social Engineering Banking

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data.

Banking

Banking Telecommunications System Administration Hacking

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks. This joint CSA updates the advisory published by the US Government on March 17, 2022.

Ransomware

Ransomware System Administration Antivirus Malware

North Korean Lazarus APT group targets blockchain tech companies

Malwarebytes

APRIL 19, 2022

These days, financial cybercrimes often involve Bitcoin and other cryptocurrencies. It is thought to conduct financial cybercimes as a way to raise money for a regime that has few trading opportunities, because of long-standing international sanctions.

Cryptocurrency

Cryptocurrency Social Engineering Computers and Electronics Engineering

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

OCTOBER 14, 2018

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. Just to be clear, despite Alexey has broken into the infected routers to sanitize them, this action is technically considered a cybercrime.

Cryptocurrency

Cryptocurrency System Administration Advertising Hacking

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware

Ransomware System Administration Malware Authentication

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. This hostname connection is particularly heterogeneous, but it technically makes sense.

Scams

Scams Ransomware System Administration Malware

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

eSecurity Planet

JULY 13, 2023

They found a tool called WormGPT “through a prominent online forum that’s often associated with cybercrime,” Kelley wrote in a blog post. WormGPT can be used for “everything blackhat related,” its developer claimed in the cybercrime forum. Promotion of jailbreaks for AI platforms.

Cybercrime

Cybercrime Phishing Marketing System Administration

FIN7 sysadmin behind “billions in damage” gets 10 years

Malwarebytes

APRIL 20, 2021

In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. Ukrainian nationals Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov, were members of a prolific hacking group widely known as FIN7.

System Administration

System Administration Banking Malware Penetration Testing

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency stealers, its author doesn’t masquerade its purpose and promises “the leading way to make money in 2021.”. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Security Affairs

AUGUST 2, 2018

Three members of the cybercrime group tracked as FIN7 and Carbanak have been indicted and charged with 26 felony counts. Three members of the notorious cybercrime gang known as FIN7 and Carbanak have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft.

Banking

Banking Cybercrime Identity Theft Penetration Testing

Kaseya Ransomware Supply-Chain Attack: What We Know So Far

Digital Shadows

JULY 5, 2021

On 02 July 2021, details started to emerge of a sophisticated supply-chain attack targeting Kaseya VSA, virtual system administrator software.

System Administration

System Administration Ransomware Software Cyber threats

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking System Administration

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

One of the most outstanding capabilities of iLOBleed is the manipulation of the iLO firmware upgrade routine, when the system administrator tries to upgrade the iLO firmware, the malware simulates the version change while preventing the upgrade routine. . ” continues the report.

Firmware

Firmware Malware System Administration Technology

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

Skorodumov was one of the organization’s lead systems administrators, he configured and managed the clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets.

System Administration

System Administration Malware Accountability Marketing

How to stay secure from ransomware attacks this Labor Day weekend

Malwarebytes

AUGUST 27, 2021

Indeed, while many people are looking forward to catching up with friends and family this Labor Day weekend, cybercrime gangs are likely huddling, too, planning to attack somebody. . You never think you’re gonna be hit by ransomware,” says Ski Kacoroski , a system administrator with the Northshore School District in Washington state.

Ransomware

Ransomware System Administration Encryption Cybercrime

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cybercrime syndicates in the world,” said U.S. Then the criminals moved the money to other accounts or withdraw the funds and transport the funds overseas as smuggled bulk cash. . Attorney Brady.

Banking

Banking Malware Accountability Cybercrime

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking System Administration

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City experts believe that the group specifically targeted a prioritized list of servers using legitimate Microsoft system administrative tools. Early on the morning of Wednesday, May 03, 2023, the group started executing the ransomware on the City of Dallas.

Ransomware

Ransomware Surveillance Healthcare Accountability

LockBit ransomware group claims to have hacked Bridgestone Americas

Security Affairs

MARCH 13, 2022

All we do is provide paid training to system administrators around the world on how to properly set up a corporate network. “For us it is just business and we are all apolitical. We are only interested in money for our harmless and useful work.

Hacking

Hacking Ransomware Manufacturing Cyber Attacks

SysAdmin Gets 10 Years in Prison

SecureWorld News

APRIL 19, 2021

Being a systems administrator can be a fulfilling job with a lot of rewards. But if you're a SysAdmin for a hacking group, you could be rewarded with time behind bars. This is exactly what is happening to 35-year-old Fedir Hladyr, who was a SysAdmin for the hacking group FIN7.

System Administration

System Administration Hacking Malware Encryption

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

“The lengthy delay for the cleanup routine to activate may be explained by the need to give system administrators time for forensics analysis and checking for other infections.” concludes MalwareBytes. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Malware

Malware Banking System Administration Hacking

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” In this case, the visitors were downloading Midjourney-x64.msix, msix, which is a Windows Application Package also signed by ASHANA GLOBAL LTD. ” concludes the report.

System Administration

System Administration Advertising Malware Hacking

The Challenges in Building Digital Trust

SecureWorld News

DECEMBER 11, 2023

System administrators didn't bother locking down their systems, because the possibility of bad actors using them didn't really cross their minds. What Stoll was calling us to do is to take the threats of scams, misinformation campaigns, and cybercrime seriously.

Technology

Technology Artificial Intelligence Cybercrime Government

IT admin admits sabotaging ex-employer’s network in bid for higher salary

The State of Security

SEPTEMBER 30, 2022

A 40-year-old man could face up to 10 years in prison, after admitting in a US District Court to sabotaging his former employer’s computer systems.

System Administration

System Administration Cybercrime

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

MAY 29, 2020

But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path.

Cybercrime

Cybercrime System Administration Marketing Malware

Just What Does It Take to Develop a Career in the Cybersecurity Domain?

IT Security Guru

JANUARY 12, 2021

System Administrator (or, sysadmin). Far away from the glamor and spotlight that other career fields like programming or data science get, there is a full-on war for hiring good cyber talent because of the year-on-year spike in cybercrime. Secure Software Development. Secure DevOps. IoT (Internet of Things) Security.

Cybersecurity

Cybersecurity Government IoT Penetration Testing

Best Privileged Access Management (PAM) Software for 2022

eSecurity Planet

NOVEMBER 30, 2021

PAM is the utility that verifies the permissions for administrative users according to these policies. As cybercrime has grown in both frequency and severity, zero trust’s advantages have become increasingly clear. It integrates with Office 365, Google Workspace, Okta and more for both cloud-based and on-premises systems.

Software

Software Accountability Government Passwords

University of Phoenix Recognized With 2021 Academic Circle of Excellence Award by EC-Council, World’s Largest Cybersecurity Certification Body

CyberSecurity Insiders

DECEMBER 17, 2021

In an era seeing more cybercrime focused on businesses , cybersecurity knowledge and education is only becoming more critical. Current faculty includes 136 chief executive officers, 19 chief information officers, three chief information security officers, and 127 information technology/system administrators. About EC-Council.

Cybersecurity

Cybersecurity Education Technology System Administration

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

But let’s see what are the execution binaries and what an administrator will see because this analysis IS for rise the system administration awareness: Code execution: execve("/tmp/upgrade""); // to execute upgrade. This C2 scheme is new , along with the installer / updater. The Elknot DoS ELF dropped is not new.”.

DDOS

DDOS Malware Encryption Penetration Testing

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

The tool is basically a search engine for local and network shared files inside a Windows environment: unlike the default Windows search, it is designed to locate files and folders by filename instantly, speeding up system information discovery. Its name is YDArk and it is an open-source tool available even on GitHub ( link ).

Ransomware

Ransomware Software Encryption System Administration

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

A recent leak has put it in the hands of cybercrime actors and it is very likely that by the end of the year we will see it involved in APT cases too. We encourage system administrators to immediately set up monitoring for these machines, due to the unlikelihood that patching (even in a timely fashion) will be sufficient to protect them.

Firmware

Firmware Surveillance Mobile Telecommunications

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines.

Malware

Malware Social Engineering Encryption Marketing

Cyber Security Training for Employees

Spinone

NOVEMBER 19, 2018

In this Cyber Security Training for Employees you will find an extensive instruction on how to avoid becoming a cybercrime victim which will be useful for your colleagues. Do not reveal them to anybody, including your boss, your system administrator or support service, your spouse, parents, children etc.

Passwords

Passwords Password Management Antivirus Mobile

Kaseya Ransomware Supply-Chain Attack: What We Know So Far

Digital Shadows

JULY 5, 2021

On 02 July 2021, details started to emerge of a sophisticated supply-chain attack targeting Kaseya VSA, virtual system administrator software used to manage and monitor customers’ infrastructure.

Ransomware

Ransomware Encryption Cryptocurrency System Administration

How Did Authorities Identify the Alleged Lockbit Boss?

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Trending Sources

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Meet the Administrators of the RSOCKS Proxy Botnet

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Who and What is Behind the Malware Proxy Service SocksEscort?

A Closer Look at the Snatch Data Ransom Group

A member of the FIN7 group was sentenced to 10 years in prison

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Caketap, a new Unix rootkit used to siphon ATM banking data

FBI and CISA published a new advisory on AvosLocker ransomware

North Korean Lazarus APT group targets blockchain tech companies

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

StealthWorker botnet targets Synology NAS devices to drop ransomware

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

FIN7 sysadmin behind “billions in damage” gets 10 years

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Kaseya Ransomware Supply-Chain Attack: What We Know So Far

FireEye experts found source code for CARBANAK malware on VirusTotal?

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Administrators of bulletproof hosting sentenced to prison in the US

How to stay secure from ransomware attacks this Labor Day weekend

US authorities charged Dridex gang members for stealing over $100 Million

FireEye experts found source code for CARBANAK malware on VirusTotal?

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

LockBit ransomware group claims to have hacked Bridgestone Americas

SysAdmin Gets 10 Years in Prison

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

The Challenges in Building Digital Trust

IT admin admits sabotaging ex-employer’s network in bid for higher salary

Career Choice Tip: Cybercrime is Mostly Boring

Just What Does It Take to Develop a Career in the Cybersecurity Domain?

Best Privileged Access Management (PAM) Software for 2022

University of Phoenix Recognized With 2021 Academic Circle of Excellence Award by EC-Council, World’s Largest Cybersecurity Certification Body

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Dissecting the malicious arsenal of the Makop ransomware gang

Advanced threat predictions for 2023

Updates from the MaaS: new threats delivered through NullMixer

Cyber Security Training for Employees

Kaseya Ransomware Supply-Chain Attack: What We Know So Far

Stay Connected