Ukraine Police Arrest Ransomware Gang Members Responsible for More Than 100 Attacks
Threat actors exploited flaw to steal currency from more than 6,000 Coinbase customers, Nebraska publisher crippled by a ransomware attack, Hackers steal millions from Barclays, more
Check out my latest column from the Aspen Cybersecurity Summit on whether ransomware attacks are getting worse.
In a joint operation carried out by the Ukrainian National Police, with aid from the French Gendarmerie, the FBI, Europol, and Interpol, two members of an unspecified ransomware gang were arrested in Ukraine. One suspect arrested is a 25-year-old believed to be a crucial member of a large ransomware operation.
Ukraine officials said that the suspect was responsible for attacks on more than 100 companies worldwide and has caused more than $150 million in damages. Some security researchers suggest that the two suspects arrested last week were members of the REvil ransomware gang. (Catalin Cimpanu / The Record)
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after exploiting a vulnerability to bypass the company's SMS multi-factor authentication security feature.
Coinbase said that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency. Coinbase believes the threat actor was able through phishing campaigns targeting Coinbase customers to steal account credentials. (Lawrence Abrams / Bleeping Computer)
A bug in money market Compound’s code led to an erroneous disbursement of $80 million worth COMP tokens intended for long-term liquidity mining rewards.
The bug only applied to Compound’s Comptroller Contract, responsible for distributing liquidity mining rewards earned over time, and did not affect user funds. Compound Labs founder Robert Leshner is asking users to give back the funds. (Andrew Thurman / Coindesk)
Nebraska-based trade industry and auction website publisher Sandhills Global told its customers that a ransomware attack disrupted its operations. It had temporarily shut down several systems to protect data.
The company said it hired cybersecurity experts to help it respond to the attack. Sandhills continues to investigate whether any client data had been accessed or impacted by this incident. (Alex Lantz / Lincoln Journal Star)
Previously “secret” pipeline regulations issued in July by the Transportation Safety Administration to address the security of the nation’s pipelines in the wake of the Colonial Pipeline attack have been published by the Washington Post, underscoring what some security specialists say is the need for transparency in regulations such as these.
Some industrial cybersecurity specialists criticize the rules as too vague, while others criticize them as overly prescriptive. (Aaron Schaffer and Ellen Nakashima / Washington Post)
Japanese electronics giant JVCKenwood suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.
JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. (Lawrence Abrams / Bleeping Computer)
Ilya Sachkov, the 35-year-old founder of Group-IB who was arrested last week and ordered detained until November, had spoken critically of the apparent immunity of Russian hackers inside their own country’s borders, sources say. This view aligns with the demands of the Biden administration, which has called on Russia to crack down on ransomware gangs within its borders.
Moreover, Sachkov’s growing effort to commercialize his products abroad and move his business primarily outside of Russia aroused suspicions that he was too independent, sources say. As a result, Sachkov faces twenty years in a Russian prison. (Henry Meyer and Irina Reznik / Bloomberg)
Researchers at blockchain forensics firm Chainanalysis say that Suex OTC, a virtual currency exchange sanctioned last month by the Biden administration for laundering Russian ransomware attackers’ cryptocurrencies, operates out of Moscow’s tallest skyscraper despite its not being listed at the address.
Suex is legally registered in the Czech Republic but doesn’t have an office there. It is instead operating out of Federation Tower East building, a 97-story building in Moscow. (Kartikay Mehrotra and Olga Kharif / Bloomberg)
In a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP), hackers stole millions of pounds from Barclays bank accounts. PISPs were introduced by the revised European Payment Services Directive (PSD2). They give retail customers the ability to pay companies directly from their bank account instead of using a debit or credit card.
The attacks follow an antitrust probe into Monzo by the Financial Conduct Authority (FCA). Monzo, a London challenger bank, is accused of violating financial crime controls and anti-money laundering (AML) mandates. (Simon Foy / Telegraph)
The UK government announced that its cyber-attack agency, known as the National Cyber Force, will be based in a Lancashire town called Samlesbury.
Located in purpose-built premises, it will receive more than £5 billion of investment before 2030. The National Cyber Force includes officials from MI6, cyber-spy agency GCHQ, and the military under a unified command for the first time. (BBC News)
The Biden administration will convene a 30-country meeting this month to ramp up global efforts to address the threat of ransomware to economic and national security.
The alliance's goal will be "to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically," according to a statement. (Sean Lyngass / CNN)
Using data from haveibeenpwned.com to figure out the most common passwords found in breached datasets, researchers at Mozilla say that superhero-based passwords are increasingly showing up in datasets of breached information.
Superman showed up in 368,397 breaches, Batman was featured in 226,327 breaches, and Spider-Man was found in 160,030 breaches, while Wolverine and Ironman were also seen in thousands of breaches. (Jonathan Greig / ZDNet)
South Korea-based cybersecurity company S2W has raised $10 million in Series B venture funding.
Backers included LB Investment, KDB Development Bank, Magellan Technology Investment, YG Investment, Mirae Asset Venture Investment, Lotte Ventures, and DS Asset Management. (FinSMEs)