Last week, Enterprise Times took a look at the successful attack by Lockbit of Eastern Shipbuilding Group in the US. The Europol, the FBI and US DOJ celebrated several arrests and convictions, with some significant cyber criminals shut down.
The NCSC issued an advisory about how SVR is evolving its tactics as its targets migrate to the cloud. There were several new or extended partnerships with Bluevoyant, Egress, Forescout and ManageEngine, all releasing details.
BlueVoyant
Bluevoyant announced a partnership with TEKsystems Global Services. The companies will combine to provide a wide portfolio of cloud security solutions leveraging their differing Microsoft expertise. Bluevoyant is a premier Microsoft partner. Amd TEKsystems Global Services is a Microsoft Solutions Partner in modern work, data and AI, and digital and app innovation.
Milan Patel, Global Head of managed security services (MSS) at BlueVoyant, commented, “BlueVoyant has developed advanced technologies and scalable services to help customers maximize their Microsoft Security investments. Cybersecurity is a team sport, and the industry will be stronger the more we work together. We look forward to having TEKsystems Global Services as a partner at a critical time of technological advancement.”
Jennifer Kling, Global Partnership Director at TEKsystems Global Services said, “TEKsystems Global Services understands the power of advanced analytics, and provides a full-stack perspective to help customers develop a roadmap to achieve agility, innovation and — most importantly — security.
“By working with BlueVoyant and leveraging Microsoft solutions, we can maximize efficiency and create greater adaptability across their enterprise as the complexity and volume of threats grow. We’re proud to work with BlueVoyant to help organizations safeguard their enterprise — from data and people to brand and ability to deliver to customers.”
VENZO partnership
Bluevoyant also announced that it has partnered with VENZO. Based in Denmark, VENZO offers digital transformation services. It will now offer BlueVoyant’s MXDR (Managed Extended Detection and Response) services, alongside its other Microsoft security services.
Kenneth Weber, Partner at VENZO, commented, “We are thrilled to partner with BlueVoyant to bring their comprehensive cyber defense platform to our clients in the form of our new VENZO MXDR (Powered by BlueVoyant). VENZO is a recognized Microsoft partner in security advisory and implementation, and BlueVoyant was twice named the United States Partner of the Year for Security. With BlueVoyant’s expertise and our commitment to helping clients succeed in the digital age, we are confident that this partnership will help protect organizations from the ever-evolving landscape of cyber threats.”
Egress
Egress has partnered with Spear Shield. It has added the Spear Shield Managed Phishing Simulation Service scoring solution into its own adaptive security model. The integration will enable organisations to assign every user with a unique risk score based on their behaviours. The Spear Shield solution assigns scores based on factors such as clicks, credential harvesting submissions, historical user interaction analysis and more. Egress will include the scoring within its human risk scoring to help dynamically adjust the email security controls based on real-time risk.
Using Spear Shield, customers are able to run campaigns to test and educate users, promoting security awareness within an organisation. The data from phishing simulations is then used as part of the risk scoring that is fed to Egress. This can also provide reports for execs that benchmark the organisation’s risk posture.
Daniel Hoy, VP of Partnerships at Egress, commented, “When leading cybersecurity firms come together, we deliver stronger solutions against increasingly sophisticated threats.
“To effectively manage human risk on email, it’s critical that organizations give employees individualized adaptive controls that change based on the way they interact with real and simulated threats. That’s why we’re so thrilled to take our partnership with Spear Shield to the next level. Joint customers will see Egress’ risk score further enhanced by Spear Shield’s data, elevating their visibility into risk and automating their defences as the threat landscape evolves.”
Europol
Members of Europol from Italy, Latvia and Lithuania have taken action against a large scale money laundering business. Judicial and Law enforcement authorities arrested 18 individuals, including two main suspects. Who used a worldwide web of shell companies to launder an estimated €2 billion since 2017.
The third main suspect was arrested in Italy. The suspect is accused of defrauding Italian authorities of €15 million and laundering it through the network. The operation to execute the arrests included 55 locations, and over €11.5 million in assets and bank accounts were frozen.
The criminals set up a financial institution in Lithuania by an Italian based OCG. The operation begun when the Public Prosecutor’s Offices of Naples and Lecce started to investigate the Italian fraud in 2021. The Latvian and Lithuanian authorities became involved in 2022 as the money laundering operation came to light.
Europol has been supporting the case since January 2022. Working closely with the national investigators to uncover the magnitude and complexity of the activities carried out by the OCG. During the action day, two Europol experts were deployed to Latvia to support the authorities with their investigative measures. A third Europol specialist was deployed to the coordination centre at Eurojust. With an analyst on hand at Europol’s headquarters to handle the contributions shared via Europol’s secure communication channels.
The Head of Europol’s European Financial and Economic Crime Centre at Europol, Mr Burkhard Mühl, commented, “Europol firmly believes that the ‘follow the money’ approach, coupled with close cooperation between EU law enforcement agencies and Europol, constitutes the most powerful strategy for combatting transnational criminal threats and frauds related to public funds. By pooling resources, expertise, and intelligence, we can effectively disrupt illicit financial flows and dismantle criminal networks.”
FBI
Last week the FBI announced several successes. One of a group of twelve men, Qinliang Chen, pleaded guilty to his involvement in a sophisticated international money laundering and drug trafficking organization led by Jin Hua Zhang.
The operation allegedly laundered at least $25 million worth of drug proceeds and funds from other illegal businesses. Chen was a courier in the business delivering money internationally. He will be sentenced in May. The charge of money laundering conspiracy provides for a sentence of up to 20 years in prison, up to three years of supervised release and a fine of up to $500,000. Or twice the amount involved, whichever is greater.
William Lee Robinson, 43, of Hattiesburg, Mississippi, was sentenced today to three years and 10 months in prison. This was for five counts of sending threatening interstate communications and three counts of cyberstalking, US Attorney Phillip A. Talbert announced. His threats and blackmail attempts started after he was fired from his job in Fresno.
Adam Wayne Owens, 43, of Riverside, California, was charged for his role in a fraud and kickback scheme. The scheme caused more than $10 million in losses to Medicare. He is alleged, alongside others, to have operated a scheme that obtained personal data from Medicare beneficiaries. He targeted them with at-home cancer genetic tests (CGX), whether requested or not. Money was reclaimed from Medicare to the estimated amount of $10 million. Owens was released on bail.
Cybersecurity Symposium
The FBI El Paso Cyber Task Force has held their second annual Cyber Symposium. This was to discuss cybercrime and other malicious cyber activities. The two day symposium offered briefings and break out sessions. These discussed Cyber Enabled-Elder Fraud, Reverse Engineering Malware, Cryptocurrency 101. Also Darkside of Social Media, and the FBI’s Computer Analysis Response Team. The climax of the symposium was a table top exercise that simulated an intrusion into a private network.
John Morales, FBI El, Paso Special Agent in charge, commented, “Events such as this week’s FBI Cyber Symposium are how we build strong connections and partnerships with the private sector. Proactive engagement with not just well-known big companies but also with smaller companies that form the bedrock of our nation allows us all to take away the tools that cybercriminals use to attack us, secure the data that’s been stolen, and prevent hackers from causing further harm.
“The stakes have never been higher, it’s up to the FBI and the private sector to work together to protect our nation from cyber criminals and foreign adversaries.”
Forescout
Forescout announced the expansion of its partnership with the NEXTGEN Group. NEXTGEN, a distributor in the ASIAN region will now distribute Forescout solutions in Singapore and the Philippines. Extending the successful relationship that exists for Australia and New Zealand.
Wendy O’Keeffe, EVP Asia, NEXTGEN Group, said, “It’s a great time for partners to get involved with Forescout as it’s clear that the best is yet to come. At NEXTGEN, we are thrilled to work with the world’s leading enterprise software providers, and our people are excited to deliver further growth for Forescout in Singapore and the Philippines.
“Customers are looking to consolidate the number of vendors they work with and Forescout’s strategic vision and expanding portfolio are attracting a lot of interest from customers and partners.”
Sukhbir Sandhu, Director of Regional Sales – ASEAN at Forescout, said, “The strategy we employed with NEXTGEN Group was working in Australia and New Zealand, so we’re eager to replicate the vision and strong execution into the Southeast Asian market.
“NEXTGEN’s agile business model and extensive cybersecurity services challenge the status quo and complement the Forescout commitment to provide the most comprehensive cybersecurity capabilities available on the market.”
ManageEngine
ManageEngine announced an integration between Endpoint Central, and Check Point’s Harmony Mobile. Endpoint Central, is its flagship unified endpoint management solution. Harmony Mobile is a leading mobile threat defense solution. The integration between the solutions addresses the increasing number of mobile threats that continue to circumvent OS-native security measures. These threats range from traditional malware to more sophisticated phishing attacks and spyware.
Mathivanan Venkatachalam, Vice President of ManageEngine, commented, “In our journey to equip IT security teams to fight against the evolving threat landscape, we offer a wide range of security solutions from a unified platform. We are excited to partner with Check Point to enhance our mobile security capabilities, empowering customers with advanced and comprehensive endpoint security.”
Jason Min, Head of Business Development at Check Point, said, “By integrating Check Point’s Harmony Mobile with ManageEngine’s Endpoint Central, organizations can achieve holistic endpoint management and security, seamlessly addressing the challenges posed by the rapid proliferation of mobile devices in the workplace. This integration empowers organizations to identify and remediate device, network, and app-based threats across all enterprise endpoints while maintaining operational efficiency.”
National Cyber Security Centre
The National Cyber Security Centre issued a bulletin warning that SVR cyber actors are adapting tactics as public and private sector organisations move to the cloud. The advosry looks at the tactics of APT29. Also known as Midnight Blizzard, the Dukes or Cozy Bear, believed to be part of the Russian Intelligence services.
Attack vectors include brute force (T1110) and password-spraying service accounts. Targeting dormant accounts of employees who have left the organisation (T1078.004). SVR actors have also been observed logging into accounts following an enforced password reset. Therefore regaining access following incident response eviction activities. Actors have also been able to gain access using cloud-based tokens to gain access without using passwords (T1528).
Other methods include registering their own device as a new device on the cloud tenant (T1098.005). Once they have access to gain greater access. They are also using residential proxies (T1090.002). Residential proxies typically make traffic appear to originate from IP addresses within internet service provider (ISP) ranges used for residential broadband customers and hide the true source.
US Department of Justice
The Justice Department unsealed an indictment charging an Iranian national with involvement in a cyber-enabled campaign to compromise US governmental and private entities. These included the US Departments of the Treasury and State, defense contractors, and two New York-based companies.
Alireza Shafie Nasab, 39, of Iran, and other co-conspirators were members of a hacking organization. They participated in a coordinated multi-year campaign to conduct and attempt to conduct computer intrusions. These intrusions targeted more than a dozen US companies and the US Departments of the Treasury and State. Nasab remains at large.
Maxim Marchenko, 51, a Russian citizen who has resided in Hong Kong, pleaded guilty today to charges of money laundering and smuggling goods from the United States. Marchenko was arrested in September 2023.
Marchenko, along with others, operated a procurement network. The network fraudulently obtained from US distributors large quantities of dual-use, military grade microelectronics on behalf of Russia-based end users. To carry out this scheme, Marchenko, CC-1, and CC-2 used shell companies based in Hong Kong. Also other deceptive means to conceal from US Government agencies and US distributors that the OLED micro-displays were destined for Russia.
Executive Order to prevent data loss
On February 28th, an executive order, “Preventing Access to Americans’ Bulk Sensitive Personal Data and US Government-Related Data by Countries of Concern,” was issued. It directs the Justice Department to establish, implement and administer new and targeted national-security programming. To address the threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain US Government-related data.
The E.O. will require the Department, in consultation with other agencies, to issue regulations that prohibit, or otherwise restrict, certain categories of data transactions that pose an unacceptable risk to national security.
Deputy Attorney General Lisa Monaco, stated, “Today, we make clear that American citizens’ sensitive and personal data is not for sale to our adversaries. The Justice Department has long focused on preventing threat actors from stealing data through the proverbial back door. This executive order shuts the front door by denying countries of concern access to Americans’ most sensitive personal data.”
