A quick Saturday digest of cybersecurity news articles from other sources.
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates. Read the rest of the hilariously gratifying story on Brian Krebs website.
Supreme Court Limits Hacking Law in Landmark Case
The U.S. Supreme Court has ruled 6-3 in favor of Nathan Van Buren, a ruling that limits the Computer Fraud and Abuse Act, which many have claimed to be overly broad. Van Buren, a former Georgia police sergeant who searched a license plate database for an acquaintance in exchange for bribes, had been prosecuted on two counts. He has now been cleared on both counts. The legal question in the… Read more
By Geoff Huston in the Internet Protocol Journal
Can you believe what the DNS tells you? The answer is that you probably can’t!
Many parties have exploited this obvious failure in the trust model in many ways. The DNS is seen as an overt control channel….
This article explores changes to the DNS including DNSSEC, and the current state of name resolution on the Internet.
Opinion: What Have We Done?
By Geoff Huston in the Internet Protocol Journal
Compared to our somewhat naive expectations about the role of computers and networking in the 1980’s, we have come a long way down a path that now seems to have taken a turn into some dark— and possibly malign—spaces. How else could we have ended up in accusations of rigged elections, “fake” news, and truly bizarre paranoid notions of some form of “deep state” that seems to sit within the collective social psyche these days. But it’s not all just a parade of some ridiculous memes that appear to be rooted in human credulity, because we also have to acknowledge the wholesale destruction of livelihoods and the creation of a new technology economy that is based largely on surveillance capitalism. The digital automation of our society has a highly disruptive aspect, and I think we can confidently assert that we are in the middle of a social revolution as fundamental as the industrial revolution. However, in this case we seem to have backed into this one with our eyes closed….
A sobering article and where we are and how we got there, relative to the current state of cybersecurity, or really, the lack of cybersecurity.
Inside an International Tech-Support Scam
How a cybersecurity researcher infiltrated a phone scam operation — exposing fraudsters and their schemes
From the AARP Bulletin
If you have ever been called by one of the tech-support scammers. you know how convincing they can be. These flim-flam artists usually target seniors, because they generally have money, are easily convinced, and are compliant.
Read this fabulous story about a single cybersecurity researcher who has made an career of turning the table on these scammers, back-hacking their networks and computers, and even getting them arrested and these businesses closed down.
Adventures in Contract Programming – Latvian woman charged with writing malware for the Trickbot Group
Looking for contract programming work? You might be surprised at what’s out there.
The US Department of Justice (DOJ) just announced that it has charged a 55-year-old Latvian woman, who went by the moniker of Max, with malware-writing crimes.
Max, whose real name is apparently Alla Witte, is the sixth of seven defendants listed in the DOJ’s indictment, along with ten other unknown individuals identified only as CC8 to CC17. (CC is short for co-conspirator.)
At the moment, the names of the other six defendants have been redacted from the document, so that Witte is the only one whose name has been publicly released.
(In the indictment, filed in August 2020, Witte was identified as a “national of Russia”, but the headline of the DOJ’s latest press release describes her as Latvian.)
Witte was apparently living in Suriname in South America at the time of the alleged offences, but was arrested in Miami, Florida, in February 2021, presumably while attempting to enter the US.
The indictment, which runs to 61 double-spaced pages, tells a fascinating story of how the Trickbot Group, as the DOJ refers to this cybergang, operated and evolved over a five-year period from late 2015 to the middle of 2020. More….
How a malicious bot tries to evade detection by morphing
Targeting Windows and Linux systems, the Necro Python bot changes its code to evade traditional security detection, says Cisco Talos. One of the more alarming capabilities uncovered in Necro’s latest flavor is code morphing. Talos found that the script code can morph into a different form after every iteration. This skill turns Necro into a polymorphic worm that can spread by abusing a growing number of web-based interfaces and SMB exploits.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com