Recently, the U.S. Department of Justice announced that five people from a cyber gang called Scattered Spider have been charged for their involvement in a large phishing scheme. This group is accused of stealing millions of dollars in cryptocurrency and private information from different companies.
The Alleged Criminals
The five individuals charged are:
Ahmed Hossam Eldin Elbadawy, 23, also known as “AD,” from College Station, Texas
Noah Michael Urban, 20, also known as “Sosa” and “Elijah,” from Palm Coast, Florida
Evans Onyeaka Osiebo, 20, from Dallas, Texas
Joel Martin Evans, 25, also known as “joeleoli,” from Jacksonville, North Carolina
Tyler Robert Buchanan, 22, from the United Kingdom
How the Scheme Worked
The Scattered Spider gang used SMS phishing to trick employees at big companies. They sent fake messages that looked like they were from real companies, telling people their accounts were in danger. When victims clicked on links in these messages, they gave away their login information. The gang then used this information to steal data and at least $11 million in cryptocurrency.
Timeline of Activities
The phishing scheme ran from September 2021 to April 2023. In one case, the gang stole 98.5 Bitcoin, which was worth about $9.2 million at the time.
Potential Consequences
Each person charged faces serious crimes like conspiracy to commit wire fraud and identity theft. If found guilty, they could spend many years in prison—up to 27 years for those based in the U.S. Buchanan might face even more time because of additional charges against him.
Importance of Cyber Awareness
This case shows how smart and dangerous cybercriminals can be. It is important for everyone—especially students and employees—to be careful with their online information and recognize phishing attempts. As cyber threats grow, being aware and taking steps to protect personal data is more important than ever.
AI technology is developing unstoppable. In nowadays it’s important to have a high cybersecurity which will provide company’s data protection from being stolen by others. Businesses are facing an ever-expanding threat that endanger their data, operation, and financial well-being – ransomware attacks. The number of ransomware attacks increased as well in frequency and sophistication. They are targeting all kinds of companies on different fields trying to still valuable data. To navigate this evolving menace, it is essential that companies are understanding the dynamics of ransomware and have knowledge about improving their cybersecurity. It’s crucial to implement comprehensive strategies to defend against it.
The Ransomware Epidemic
In recent years we can notice that ransomware attacks are happening often, becoming increasingly prevalent. Attackers are using sophisticated tactics to encrypt valuable company information and data, infiltrate systems.
Protecting Your Business
Companies should implement strict safety features because of the ransomed attacks that are a common thing in nowadays. Therefore, below I want to present some key strategies to consider:
Regular backups: Do a regular and safe data backup at best on external drives. Later in case of a ransomware attack that clean, safe backup information can save your business from losing everything or paying huge money for getting data back.
Multi-Layered Security: Invest in a comprehensive cybersecurity security, connecting firewalls, systems detecting attacks and control (IDC) to improve the company security.
Incident Response Plan: Make sure that you have a clear incident response strategy which in case of an attack will specify what to do immediately. It might be for example isolating compromised systems or providing law enforcement. Good idea is to contact cybersecurity professionals’ contact information.
Employee Training: It is important that all faculties are educated about the danger of phishing emails and other ways that valuable data might be stolen from us. Not being aware might link to vulnerabilities.
Vendor and Supply Chain Assessment: Ensure that the supply chain in your company is fully secured and the suppliers are up to date. If there is a gap somewhere it means that somewhere might be weak spots that could be potentially exploited for example in ransomware attacks.
Collaboration: Make sure you are up to date with the latest cyber and some trends. Find colleagues in different companies with whom you can collaborate and share information, so you can pass on important knowledge to each other to stay strong in your company’s cybersecurity through joint efforts.
Conclusion
Ransomware is a growing danger which every business should be aware of. It doesn’t matter how big the size or industry is because the attacks are the same for all of them. However, the greatest threat is human unawareness on this topic because the technology is developing constantly it is super hard to catch up with everything all the time. Artificial intelligence’s job is to try to find gaps in human ignorance causing making mistakes without awareness. We can’t fix it, so the only solution is to have in the company at least one high-improving cybersecurity. Usually, the cost of buying good prevention is still often significantly lower than in case we would have to recover data from a successful attack. Stay vigilant, stay secure, and protect your business from the ever-present ransomware threat.
A fashion retailer, JD Sports, has recently announced that a cyber-attack has potentially compromised the personal and financial information of 10 million of its customers. The attack, which occurred between November 2018 and October 2020, targeted online orders made by customers of its JD, Size?, Millets, Blacks, Scotts and Millets Sport brands.
The company has taken the necessary steps to respond to the incident and is working with cybersecurity experts to investigate and review its security measures. JD Sports has also notified the Information Commissioner’s Office about the breach and is advising affected customers to be vigilant of potential scams. The information that may have been accessed by hackers includes names, billing and delivery addresses, phone numbers, order details, and the last four digits of payment cards.
JD Sports says it holds limited data and has no reason to believe that account passwords were accessed. However, the company is still advising its customers to be aware of potential fraud and phishing attacks and to report any suspicious or unusual communication purporting to be from JD Sports or any of its group brands.
The JD Sports Chief Financial Officer, Neil Greenhalgh, stated that “Protecting the data of our customers is an absolute priority for JD.” He added that the company is continuing with a full review of its cybersecurity in partnership with external specialists following this incident.
In today’s digital age, cyber-attacks are becoming more and more common, and companies must be proactive in protecting their customers’ information. JD Sports is taking the right steps in response to this attack and should be commended for its efforts in ensuring the security of its customers’ data.
In conclusion, it’s crucial for companies to have proper cybersecurity measures in place to protect their customers’ information. The JD Sports incident serves as a reminder to all companies to be diligent in their efforts to secure their systems and data. Customers should also take steps to protect their personal and financial information by being vigilant of potential scams and reporting any suspicious activity.
Taiwan’s citizens and tourists are the main victims of calls and messages from fraudsters. The fact that Taiwan is a small island makes it better place as a base for fraudsters’ gangs and overall, as a rehearsal for organized crimes. What is more, Taiwan is the leading country in the field of technology and, especially, within the cybersecurity movements. This means that the scammers have better base for developing their skills and improving software and hardware they use.
The biggest increase of fraudsters’ work was noticed during the lockdown due to COVID-19 pandemic, when people where the most exposed to the stress and at the same time using their gadgets almost all the time. According to Whoscall’s report the growth of scam calls was with an alarming 488 precents. During 12 month period almost 14 million mobile phishing attacks were observed
Whocall is one of the most popular spam blocking apps, owned by Gogolook. It is used not only in Taiwan, but also across East Asia, moreover during their work with CIB’s (Taiwan Criminal Investigation Bureau) more than 52.3 million scam messages and 13.1 million scam calls were blocked in Taiwan alone.
Moreover, more than 1.6 billion of phone numbers were blocked by the artificial intelligence used in the Whocall systems.
As we can see that is the huge problem that can be spread not only through Asia, but all over the world, that is why it is important to stop fraudsters on such small ground comparing to the worldwide scale.
However, is it possible to completely win the war against fraud, especially such widely spread and massive one? The answer will not be positive or promising, it is – no. The more ways to fight against this are discovered by cyber police or companies like Gogolook, the more inventive fraudsters become.
This is the battle that will be continuing for a long time until current technologies will modify to the level when it becomes possible to overtake the innovations of fraudsters.
Cloud security is a branch of cyber security that focuses on safeguarding cloud computing platforms. This involves maintaining data privacy and security across internet infrastructure, apps, and platforms. The efforts of cloud providers and the clients that utilize them, whether an individual, small to medium corporation, or enterprise, are required to secure these systems.
Cloud providers use always-on internet connections to host services on their servers. Because their firm relies on consumer confidence, they deploy cloud security solutions to keep client data private and secure. However, cloud security is also partially in the hands of the customer. Understanding these aspects is critical for a successful cloud security solution.
Why Cloud security is imortant?
Business and personal data resided locally in the 1990s, and security was also local. Data would be stored on your personal PC’s internal storage and on business servers if you worked for a firm.
The introduction of cloud technology has compelled everyone to rethink cyber security. Your data and apps may be bouncing between local and distant servers — but they’re always online. If you use Google Docs on your smartphone or Salesforce software to manage your clients, the data might be stored anywhere. As a result, safeguarding it becomes more complicated than before it was only a matter of preventing unauthorized individuals from accessing your network.
Cloud security necessitates certain changes to prior IT processes, however it has grown increasingly important for two reasons:
Convenience over security. Cloud computing is rapidly becoming a key technique for both business and personal use. Because of innovation, new technology is being introduced faster than industry security regulations can catch up, putting additional responsibility on users and providers to address accessibility concerns.
Centralization and multi-tenant storage. Every component, from fundamental infrastructure to minor data such as emails and documents, may now be discovered and accessed remotely via 24/7 web-based connections. All of this data collection on the computers of a few large service providers can be quite harmful. Threat actors may now target enormous multi-organizational data centers and trigger massive data breaches
What are the biggest Cloud security challenges?
As risks have developed and more sophisticated new assaults have emerged, it is now more vital than ever for enterprises to adopt security-first mindsets. Having said that, here are some of the most pressing difficulties we face this year, as well as how cloud security solutions may assist your firm in overcoming them.
Data Breaches
Failure to handle data properly (through purposeful encryption) exposes your company to significant compliance concerns, not to mention data breach penalties, fines, and substantial breaches of consumer confidence. Regardless of what your Service-Level Agreement (SLA) states, it is your responsibility to secure your customers’ and employees’ data.
IT workers have traditionally had extensive control over network infrastructure and physical hardware (firewalls, etc.) used to protect proprietary data. Some of those security controls are abandoned to a trusted partner in the cloud (in all scenarios, including private cloud, public cloud, and hybrid cloud scenarios), implying that cloud infrastructure might raise security concerns. Choosing the proper vendor with a proven track record of deploying robust security measures is critical to overcome this difficulty.
Compliance With Regulatory Mandates
It’s typical for corporations, particularly small and medium-sized businesses, to believe that just cooperating with a cloud solutions provider provides them with optimum security. However, there is more to it than meets the eye.
The correct cloud security solutions give the technological capability to comply with regulatory demands, but constant supervision and detailed attention to detail are required. The cloud provider provides cloud security under the responsibility model, whereas the end user provides cloud security.
Data loss
It’s natural to be concerned about the security of business-critical data when it’s moved to the cloud. Losing cloud data, whether by inadvertent deletion and human mistake, criminal manipulation including malware installation (i.e. DDoS), or a natural disaster that shuts down a cloud service provider, may be fatal for commercial businesses. A DDoS assault is frequently only a distraction for a more serious danger, such as an effort to steal or erase data.
To address this difficulty, it is critical to have a disaster recovery plan in place, as well as an integrated system to combat hostile assaults.
What types of cloud security solutions are available?
Identity and access management (IAM)
Enterprises may utilize identity and access management (IAM) technologies and services to install policy-driven enforcement methods for all users seeking to access both on-premises and cloud-based services. IAM’s fundamental capability is to generate digital identities for all users, allowing them to be actively monitored and limited as needed throughout all data exchanges.
Data loss prevention (DLP)
DLP (data loss prevention) services provide a set of tools and services designed to safeguard the security of regulated cloud data. DLP systems secure all stored data, whether at rest or in motion, by combining remediation warnings, data encryption, and other preventative measures.
Security information and event management (SIEM)
Security information and event management (SIEM) is a complete security orchestration solution for cloud-based settings that automates threat monitoring, detection, and response. SIEM technology, which uses artificial intelligence (AI)-driven technologies to correlate log data across many platforms and digital assets, enables IT professionals to successfully deploy network security policies while responding fast to any possible threats.
Business continuity and disaster recovery
Data breaches and disruptive disruptions can occur regardless of the precautionary measures that enterprises put in place for their on-premise and cloud-based infrastructures. Enterprises must be able to respond swiftly to newly identified vulnerabilities or large system failures. Disaster recovery solutions are a must-have in cloud security because they offer enterprises the tools, services, and standards needed to fast data recovery and restart regular company operations.
The security risks and challenges associated with cloud computing are not insurmountable. Enterprises may reap the benefits of cloud technology with the correct cloud service provider (CSP), technology, and planning.
The CDNetworks cloud security solution combines web speed with cutting-edge cloud security technologies. With 160 points of presence, our customers’ cloud-based assets are safeguarded with 24/7 end-to-end protection, including DDoS mitigation at the network and application levels, and their websites and cloud applications are expedited on a worldwide scale.
Cookie files have been a controversy for a while now. On one hand, they allow for a better user experience, on the other hand, accepting them is a way of giving up on your internet privacy. It is almost impossible to avoid having a cookies notification pop up when you browse various websites.
I am sure we have all had an instance when we were prompted with an agreement to give our precious data away, the site simultaneously becomes unaccessible to us until we either agree or try our luck elsewhere. I think we all agree that this is a very greedy approach when it comes to our data and none of us likes being monitored or spied on. Unfortunately, the worst is yet to come. Recently it has come to my attention that certain EU websites initiated a new policy where to see the contents without agreeing to their cookie files you will have to pay money. So far, this occurrence was noted only in Germany with the price of free browsing costing us 4.99€ a month. Sites like: T-Online, Bild, and Die Welt, are just a handful of examples. “It’s a win-win for the websites. They get paid with data or they get paid with money,” said Cristiana Santos, an assistant professor of privacy and data protection law at Utrecht University. This totals about 75€ a year for non-invasive browsing.
Overall this will not change much for average users who do not value their data nevertheless it creates a dark vision of the internet where no information is free anymore and everything has a cost. That leaves us either paying the fee or chipping in for a VPN. And what is your opinion about this? Comment down below 🙂
“The dark web is the hidden collective of internet sites only accessible by a specialized web browser. It is used for keeping internet activity anonymous and private, which can be helpful in both legal and illegal applications.” (Kaspersky.com)
The first concept started in the 1960s with the conception of what was known as the Advanced Research Projects Agency Network (ARPANET). The main idea of this invention was the ability to share information on a long-distance without any connection to the internet. The 1960s also being the period of great tension amongst countries, ARPANET became a tool to share intel during the cold war.
Only a decade after the first illegal transaction was made at Stanford University. Allegedly, students would’ve used ARPANET accounts to pay for marijuana with MIT students. This was part of the many experiences that researchers led. Of course, having such potential, the government wanted to be a part of it, which led founders to divide ARPANET into two parts: MILNET and the civilian version of ARPANET. MILNET was the governmental-owned part, which was used for military and secret agencies, while ARPANET was what will later become the internet.
The true beginning started in the 1990s when the onion router (Tor), a private Internet browsing network would connect dark websites. Initially, Tor didn’t take off right away, it had to wait an extra 10 years. In 2002, people looking for free speech and a way to escape oppressive governments would start using Tor. Unfortunately, Tor wasn’t easily accessible and was therefore mostly used by the tech-savvies.
In 2008, the design was remodeled, and its popularity raised, making access easier to anyone who would want to get involved. The major turning point was in 2009 with the arrival of Bitcoin. The first cryptocurrency would allow making transactions possible while being anonymous. At this point, the dark web was discovered its true underground market potential.
What about today?
According to CSO, the dark web is said to account for less than 5% of the internet, knowing that the surface web (visible and clear part) accounts for between 1 to 4%. Furthermore, according to ID Agent, “over 133,00 C-level Fortune 1000 executives had their credentials available and accessible on the dark web.”. Finally, probably the most traumatizing fact is that 80% of the traffic is linked to “illegal porn, abuse images and/or child sex abuse material” (theconversation.com)
The dark web will probably remain a place for deviant people to retrieve and share information or illicit items. There is no getting “brighter”, and it will probably remain the same if not worst. Yet with major involvement in cybersecurity, one can hope that the dark web will undergo some regulation.
How to stop the Dark Web?
Unfortunately, dismantling Tor wouldn’t help anything, as it is not the only dark web browser. Firefox and Opera can also be used to access its database.
Since accessibility can’t be stopped, one of the solutions is to prevent data from being leaked. On the big company scale, this means investing in cybersecurity experts, but on the individual level, it is as easy as turning off the light when leaving a room. What I mean is that you have to activate two-step authentication when it is possible, beware of phishing messages and use a different robust password for each of your accounts.
Now in terms of solutions to regulate the flow of illegal information such as child pornography, there isn’t much an individual can do. Unless you are a cybersecurity expert and manage to breach someone’s ID through a VPN ( which is close to impossible), government spending in cybersecurity is the only solution today.
Sodinokibi, also known as REvil (short for Ransomware Evil) is a ransomware threat group gaining more and more notoriety. Similar to some other ransomware families, REvil is what is called a Ransomware-as-a-Service (RaaS). Ransomware-as-a-Service is where a group of people maintain the code and another group, known as affiliates, spread the ransomware. Such RaaS models allow affiliates to distribute REvil ransomware in various ways, such as phishing campaigns or by uploading tools and scripts allowing them to execute the ransomware in the internal network of a victim.
Sodinokibi hacks organizations by infecting them with a file blocking virus, which encrypts files after infection and discards a ransom request message. In the message, Sodinokibi explains that the victim needs to pay a ransom in bitcoins or else the files will be leaked.
The group recently made headlines when they targeted Acer, a Taiwanese electronics company. On March 19th 2021, Acer was the subject of a hacker attack. The attackers, who are the REvil group, demanded the biggest known ransom to date in the history of cyber-attacks – $50 million. The hackers gave Acer until the 28th of March to pay the ransom, or all the stolen data will be released to the public. As of March 20th, Acer did not acknowledge that they were the victim of a security breach.
The malware first surfaced in 2019, when it was discovered that in Oracle’s WebLogic server a serious flaw was noticed – a remote code execution bug which was remotely exploitable without authentication. This was an unusual attack from the side of the hackers, as it directly utilized the vulnerability of the server – and as researchers suggests, such attacks are typically executed with the involvement of user interactions, e.g., the act of opening an attachment to an email message or clicking on a malicious link.
Sodinokibi has subsequently targeted organizations such as celebrity law firm Grubman Shire Meiselas & Sacks, foreigner currency exchange giant Travelex, Brown Forman Corp. (the owner of the Ritz Hotel in London) and as of recently Acer.
REvil is gaining momentum and notoriety, which is evident in the way the hacking group decided to target the tech giant Acer. This cyber security breach is worth following, as the repercussions for Acer may be substantial. This unfortunate event for Acer should also serve as a reminder to all internet users that cyber security attacks keep getting more refined and complex, and that substantial security measures should always be kept in place.
Reading Time: 4minutesDarktrace autonomous AI-system finds out about any digital threats, before they get severe.
Information leaks happen almost every day in the Internet. Meanwhile most of the engineers try to find a way to prevent hackers from getting into the digital systems, some of them noticed that it might be better to do it the other way around. In 2013 with that idea in mind, Darktrace has been created.
A group of former MI5 agents joined forces with Cambridge mathematicians with a mission in mind to develop a new tool to fight cyber-attacks. Interestingly enough, they decided to use AI to make that happen. As their philosophy states ‘Pit the machines against the machines to keep your data safe.‘.
So how does it really work and why is it effective? Frankly, it is quite simple. Darktrace connects their software with company’s system. From that moment, the AI starts monitoring all the activities that occur within the digital infrastructure. Furthermore, it is learning how does the company operate.
Well, you may now ask yourself a question why is it all for? With all of the data accumulated, Dartktrace’s software can now easily detect any instances of unusual activities or deviations. This is called unsupervised learning, a very rare type of machine learning, that doesn’t require any information from us humans, to know what to look for. This really revolutionized the market, because before that we used supervised learning, which is quite the opposite. In that case we had to provide data to the AI in order to allow it to learn about the threats and problems that may occur. Although it works fine in most of the cases, it has its flaws too. The main problem is that it is useless when unknown threats appear. That’s where Darktrace has the advantage.
Darktrace software here just neutralized an anomalous, dangerous behaviour
For example, in 2017 the software was introduced to one of the Las Vegas casinos. Although the company states, that their AI usually is not really useful within first days of working due to its learning process taking at least a week, just after its start, it registered some unusual activities. It turned out, that their recently installed fish tank, which had electronic sensors connected to the servicing company, had transferred over 10GB of data to an external device, which did not belong to the company. After some digging they have found the hacker all the way in Finland.
As Dawn Song, a cybersecurity and machine-learning expert at the University of California, Berkeley stated “the whole system is as secure as its weakest link” and that is the great example of that.
An example of how Darktrace interface looks like.
What also accumulates to their superiority over the market is the accessibility. Their software is really easy to use and to see through. They also provide consultations, if anyone from the IT department encounters any problems with the software. Although co-chief executive Poppy Gustafsson said that they do not want to focus on that part of service “We don’t do consulting” she said “Our tech is not just about detecting cyber threat but also to autonomously respond.”.
Also interesting is the fact that the whole idea was inspired by human body. In one of the interviews, the co-CEO of the company, Nicole Eagan said “It’s very much like the human body’s own immune system,” and moreover “As complex as it is, it has this innate sense of what’s self and not self. And when it finds something that doesn’t belong—that’s not self—it has an extremely precise and rapid response.”
This start-up has been performing incredibly ever since it was created. In March 2015 they were evaluated at 80M dollars. Only three years later in September 2018 they are valued at over 1,65 billion dollars. This rapid growth is was mainly accelerated by Mike Lynch and his Venture Fund, Invoke Capital. He owns right now over 40% of the company making him the shareholder with the highest ownership.
Although right now it may seem for you, as if this is a perfect software and solution to cyber-crime, it has its flaws too. Some IT workers had reported that this AI-based system, continuously reports multiple deviations throughout the day, to the point when they had to stop checking the alerts, just because it was a waste of their time. Furthermore, Darktrace’s plans for their customer are not cheap at all, which can make them less desirable.
Frankly, I would say that even though it will help bigger companies to eliminate some threats, especially from the inside, it is nowhere near the perfect solution yet.
What do you think about this start-up? Are AI-based systems the solution to our problem with cyber-crime? Let me know in the comments.
Reference list:
Leslie, I. (2018, June 15). You used to build a wall to keep them out, but now hackers are destroying you from the inside.
https://www.wired.co.uk/article/darktrace-insider-threats-hackers-security
Ram, A. (2018, October 10). Inside Darktrace, the UK’s $1.65bn cyber security start-up.
https://www.ft.com/content/2fa5bade-cb09-11e8-9fe5-24ad351828ab
Clifford, A. (2018, August 7). How billion-dollar start-up Darktrace is fighting cybercrime with A.I. .
https://www.cnbc.com/2018/08/07/billion-dollar-start-up-darktrace-is-fighting-cybercrime-with-ai.html
Hao, K. (2018, November 16). The rare form of machine learning that can spot hackers who have already broken in.
https://www.technologyreview.com/s/612427/the-rare-form-of-machine-learning-that-can-spot-hackers-who-have-already-broken-in/
Darktrace. (null). Company Overview. https://www.darktrace.com/en/overview/