There were several announcements and research this week across the security sector. Europol has also been busy, spoiling Christmas for several criminal organisations.
In October, an operation saw the arrests of 636 suspects in a large-scale EMPACT joint action targeting firearms trafficking, drugs trafficking, migrant smuggling and human trafficking. The operation spanned 34 countries and identified 910 potential victims. The investigation identified 115 suspected traffickers and arrested 254 suspected human traffickers.
Law enforcement from 25 countries, supported by Europol, Eurojust, INTERPOL and the European Banking Federation (EBF), have joined forces to crack down on one of the most important enablers of money laundering: money mules and their recruiters. The operation saw 2469 money mules arrested and prevented EUR 17.5 million from being laundered by money mules in three-month action.
Coordinated activities of national authorities from Estonia, Germany, Latvia, Lithuania and Poland, supported by Europol, targeted a large criminal network smuggling migrants via Belarus into the EU. During this second coordinated action day in the framework of Europol’s Operational Task Force Flow, national authorities targeted suspects in Germany, Lithuania and Poland. They implemented joint controls on main roads and harbours in Estonia, Latvia and Lithuania. Since January 2022, authorities have arrested 61 alleged members of this migrant smuggling network.
On 30 November, a Brazilian vessel carrying over 4.6 tonnes of cocaine was intercepted by the French Navy due to intelligence activities underway between Europol, MAOC-N and the authorities in Brazil, France, the United Kingdom and the United States. Heading towards Europe, the 21-meter-long vessel was intercepted in international waters off the coast of Sierra Leone. Its illegal shipment is believed to be worth more than EUR 150 million.
Action1 Corporation announced that it had upgraded its service with AI-based detection of abnormal user behaviour and automated blocking of threat actors. With this upgrade, the company aims to combat the growing threat of scams and cyberattacks in which hackers misuse legitimate tools to deploy ransomware in corporate environments or connect to individuals’ computers to steal money and data.
Mike Walters, VP of Vulnerability and Threat Research at Action1, commented, “The accessibility of remote access and remote monitoring tools eliminates the need for malicious actors to invest their own time and effort into developing tools for managing attacks, facilitating cybercrime such as ransomware. We think that vendors should take more action to prevent abuse of their solutions as a part of the common struggle against this threat.”
Avast published its predictions for 2023 and anticipates an increased risk of ransomware attacks in 2023, threatening to leak people’s and businesses’ valuable data if ransom demands aren’t paid. It also foresees optimization of social engineering used in scam attacks, taking advantage of economic hardships and energy crisis fears. The experts expect increased malicious activity overall as open-source malware becomes more accessible and cybergangs recruit hacktivists to join their causes.
Michal Salat, Threat Intelligence Director at Avast, commented, “Ransomware attacks themselves are already an individual’s and businesses’ nightmare. This year, we saw cybergangs threatening to publicly publish their targets’ data if a ransom isn’t paid, and we expect this trend to only grow in 2023. This puts people’s personal memories at risk and poses a double risk for businesses. Both the loss of sensitive files, plus a data breach, can have severe consequences for their business and reputation.”
ConnectWise announced a global strategic partnership with Evo Security, an emerging leader in identity and access management (IAM) for managed service providers (MSPs), to deliver a cost-effective, consolidated IAM platform. Partnering with Evo will offer TSPs tools to secure and streamline access to devices and applications to protect clients’ critical assets from security incidents and address compliance requirements.
Raffael Marty, general manager of cybersecurity, ConnectWise, commented, “In our increasingly distributed world, the security perimeter has become fuzzy and at times can almost seem infinite. Identity and access management is how this new edge is contained and managed at scale – everything has an identity. However, a big market gap exists given most identity tools were built for the enterprise.
“Evo Security was formed for this new paradigm, but specifically for TSPs and their customers in a new and innovative way. We believe this partnership demonstrates our continued commitment to bringing forth the best cybersecurity solutions possible to our partners and ensuring we’re staying one step ahead of cyber criminals.”
Dragos has partnered with Cisco to integrate the Dragos Platform with Cisco Adaptive Security Appliance (ASA) firewalls, enabling joint customers to proactively prevent unknown cybersecurity threats that impact IT and OT environments.
The Logpoint Security Analyst team has analyzed multiple variants of the BlackCat ransomware to understand its Tactics, Techniques, and Procedures (TTPs). It revealed that BlackCat had the fourth-highest number of victims from May to November 2022. Logpoint research also found that the highest ransom demanded is 14 million dollars.
Doron Davidson, VP of Logpoint Global Services, commented, “BlackCat operates under the Ransomware-as-a-Service (RaaS) model and uses both double and triple extortion techniques. Now that it’s spreading, organizations need to be extra cautious. Each second wasted equals lost data, so organizations must implement preventive measures that enable detection, apply automation for enrichment and response, and keep contingency plans up their sleeve.”
Neustar Security Services
Neustar Security Services has completed an independent third-party audit of its UltraDNS and UltraDNS2 platforms. Based on SSAE No. 18 standards and KirkpatrickPrice’s independent assessment attests to both the similarities in functionality and the differences in infrastructure and operations between the company’s UltraDNS and UltraDNS2 platforms.
James Willett, senior vice president of operations at Neustar Security Services, commented, “Since the independence of the two networks is critical to organizations’ ability to reduce risk, but their similarities deliver vital benefits for reducing cost and complexity, we wanted to provide third-party attestation to these characteristics.
“Customers and prospects need to be certain that the UltraDNS and UltraDNS2 platforms are truly separate from an infrastructure standpoint, but that they leverage the same technologies and deliver key benefits for cost and complexity reduction, like unified traffic management and single pane of glass management capabilities.”
NICE Actimize announced a partnership with The Knoble, a global non-profit network of experts working to protect the vulnerable against various financial crimes and other fraudulent activity. Through the partnership, NICE Actimize will provide technology expertise, research support and other resources to The Knoble’s Financial Crimes Working Group with the goal of supporting the detection and elimination of scams in activities relating to human trafficking, child exploitation, and elder abuse.
Craig Costigan, CEO of NICE Actimize, stated, “The proliferation of scams targeting the most vulnerable has drawn massive attention across the globe, and NICE Actimize’s objective is to provide important resources to help financial institutions take preventative measures to identify and stop these crimes. We will work with our clients at financial institutions and The Knoble to advance this critical mission.”
Noname Security announced the premiere of episode 1 of Scorched Earth, a new TV series from Knight Studios. The new TV series explores the security threats of APIs as the adoption, amount and complexity of APIs continues to grow, creating cascading security issues among enterprises. To watch Episode 1 of Scorched Earth, please visit https://knightstudios.co/shows/scorchedearth.
Sophos appointed Gerard Allison as Senior Vice President of Sales for Europe, Middle East and Africa (EMEA). Allison commented, “Sophos is an industry leader, pioneering the way with a new type of MDR service that every organization can benefit from, so I am thrilled to be joining Sophos at this time and leading the company’s impressive sales team in EMEA. I am also looking forward to working closely with our extensive partner network in the region to develop new revenue streams and ensure customers have the proper security needed to defend against today’s persistent attackers.”
Sophos also announced in the first of a four-part series, “The Scammers Who Scam Scammers on Cybercrime Forums,” that cybercriminals are scamming each other out of millions of dollars and use arbitration to settle disputes about the scams. The report also reveals how attackers use classic techniques—some decades old, such as typosquatting, phishing, backdoored malware, and fake marketplaces—to carry out their scams against each other.
Matt Wixey, senior threat researcher, at Sophos, commented, “While investigating cybercriminal scams, we stumbled upon an entire sub-economy that includes not just lower-tier criminals, but some of the most prominent ransomware groups. And these scams aren’t always just financially motivated. Personal beefs and rivalries were common.
“We also found incidents where scammers would scam the scammers who scammed them. In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying $250 to join a fake underground forum. The ‘winner’ of the contest received $100.”