Check out my latest column from the Aspen Cybersecurity Summit on whether ransomware attacks are getting worse.

In a joint operation carried out by the Ukrainian National Police, with aid from the French Gendarmerie, the FBI, Europol, and Interpol, two members of an unspecified ransomware gang were arrested in Ukraine. One suspect arrested is a 25-year-old believed to be a crucial member of a large ransomware operation.

Ukraine officials said that the suspect was responsible for attacks on more than 100 companies worldwide and has caused more than $150 million in damages. Some security researchers suggest that the two suspects arrested last week were members of the REvil ransomware gang. (Catalin Cimpanu / The Record)

Related: Europol

Catalin Cimpanu @campuscodi

Video of the raid can be found here, courtesy of Ukrainian police: youtube.com/watch?v=I20faI… Gotta love those RGB lights on the cooler. Seems police got access to unlocked PCs and Macbooks.

October 4th 2021

7 Retweets17 Likes

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after exploiting a vulnerability to bypass the company's SMS multi-factor authentication security feature.

Coinbase said that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency. Coinbase believes the threat actor was able through phishing campaigns targeting Coinbase customers to steal account credentials. (Lawrence Abrams / Bleeping Computer)

Related: Reuters, Engadget, Security Affairs, HackRead, Engadget, Invezz, Bitcoin News, Bitcoin News, Reddit-hacking, DataBreaches.net, TechStory, Infosecurity Magazine, CryptoSlate, Alphr, IT Web

A bug in money market Compound’s code led to an erroneous disbursement of $80 million worth COMP tokens intended for long-term liquidity mining rewards.

The bug only applied to Compound’s Comptroller Contract, responsible for distributing liquidity mining rewards earned over time, and did not affect user funds. Compound Labs founder Robert Leshner is asking users to give back the funds. (Andrew Thurman / Coindesk)

Related: CNBC Technology, HotHardware.com, Slashdot

Give a gift subscription

Nebraska-based trade industry and auction website publisher Sandhills Global told its customers that a ransomware attack disrupted its operations. It had temporarily shut down several systems to protect data.

The company said it hired cybersecurity experts to help it respond to the attack. Sandhills continues to investigate whether any client data had been accessed or impacted by this incident. (Alex Lantz / Lincoln Journal Star)

Related: 3newsnow, News Channel Nebraska, Associated Press Technology

Previously “secret” pipeline regulations issued in July by the Transportation Safety Administration to address the security of the nation’s pipelines in the wake of the Colonial Pipeline attack have been published by the Washington Post, underscoring what some security specialists say is the need for transparency in regulations such as these.

Some industrial cybersecurity specialists criticize the rules as too vague, while others criticize them as overly prescriptive. (Aaron Schaffer and Ellen Nakashima / Washington Post)

Emilian @epapadopoulos

WaPo has obtained the USG's not-public cyber security directive for pipelines, issued in the wake of the Colonial Pipeline hack. One of its favorably reviewed requirements is for companies to develop and test an incident response plan, WaPo reports.💡👏🏽 washingtonpost.com/national-secur…New emergency cyber regulations lay out ‘urgently needed’ rules for pipelines but draw mixed reviewsThe regulations are designed to prevent a repeat of the Colonial Pipeline shutdown.washingtonpost.com

October 3rd 2021

1 Retweet3 Likes

Japanese electronics giant JVCKenwood suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.

JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. (Lawrence Abrams / Bleeping Computer)

Related: ComputerWeekly, Engadget

Ilya Sachkov, the 35-year-old founder of Group-IB who was arrested last week and ordered detained until November, had spoken critically of the apparent immunity of Russian hackers inside their own country’s borders, sources say. This view aligns with the demands of the Biden administration, which has called on Russia to crack down on ransomware gangs within its borders.

Moreover, Sachkov’s growing effort to commercialize his products abroad and move his business primarily outside of Russia aroused suspicions that he was too independent, sources say. As a result, Sachkov faces twenty years in a Russian prison. (Henry Meyer and Irina Reznik / Bloomberg)

Olga Lautman @OlgaNYC1211

According to Bloomberg, Group-IB's CEO, Ilya Sachkov, may have been arrested and charged with treason may have been related to his plans of moving the business abroad. That would not surprise me at all Bloomberg - Are you a robot?bloomberg.com

October 3rd 2021

45 Retweets75 Likes

Researchers at blockchain forensics firm Chainanalysis say that Suex OTC, a virtual currency exchange sanctioned last month by the Biden administration for laundering Russian ransomware attackers’ cryptocurrencies, operates out of Moscow’s tallest skyscraper despite its not being listed at the address.

Suex is legally registered in the Czech Republic but doesn’t have an office there. It is instead operating out of Federation Tower East building, a 97-story building in Moscow. (Kartikay Mehrotra and Olga Kharif / Bloomberg)

780th Military Intelligence Brigade (Cyber) @780thC

Since at least 2018, Suex has converted cryptocurrency holdings into cash inside brick-and-mortar offices in Moscow, St. Petersburg and possibly in the Middle East, according to Chainalysis Inc. bloomberg.com/news/articles/… @BloombergBloomberg - Are you a robot?bloomberg.com

October 4th 2021

3 Retweets9 Likes

In a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP), hackers stole millions of pounds from Barclays bank accounts. PISPs were introduced by the revised European Payment Services Directive (PSD2). They give retail customers the ability to pay companies directly from their bank account instead of using a debit or credit card.

The attacks follow an antitrust probe into Monzo by the Financial Conduct Authority (FCA). Monzo, a London challenger bank, is accused of violating financial crime controls and anti-money laundering (AML) mandates. (Simon Foy / Telegraph)

Related: PYMNTS

The UK government announced that its cyber-attack agency, known as the National Cyber Force, will be based in a Lancashire town called Samlesbury.

Located in purpose-built premises, it will receive more than £5 billion of investment before 2030. The National Cyber Force includes officials from MI6, cyber-spy agency GCHQ, and the military under a unified command for the first time. (BBC News)

Related: Evening Standard, Daily Mail, Sputnik News, Lep.co.uk, The Sun, Telegraph, Infosecurity Magazine, IT News

Hacker Fantastic @hackerfantastic

Samlesbury is a small parish town between Preston and Blackburn. It is known for Samlesbury Hall, a building built in the 1300's and believed to be haunted - an Aerodrome, a few hotel/b&b's, a BAE site, some eateries and the Nab's head (pictured). 1000 hackers... here? No chance.

October 3rd 2021

1 Retweet16 Likes

The Biden administration will convene a 30-country meeting this month to ramp up global efforts to address the threat of ransomware to economic and national security.

The alliance's goal will be "to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically," according to a statement. (Sean Lyngass / CNN)

Related: The Record by Recorded Future, Daily HODL, Bitcoin News, Security Affairs, CISO MAG, Insurance Journal, HITBSecNews, Fudzilla, Gizmodo

Using data from haveibeenpwned.com to figure out the most common passwords found in breached datasets, researchers at Mozilla say that superhero-based passwords are increasingly showing up in datasets of breached information.

Superman showed up in 368,397 breaches, Batman was featured in 226,327 breaches, and Spider-Man was found in 160,030 breaches, while Wolverine and Ironman were also seen in thousands of breaches. (Jonathan Greig / ZDNet)

Related: iTechPost, Mozilla

South Korea-based cybersecurity company S2W has raised $10 million in Series B venture funding.

Backers included LB Investment, KDB Development Bank, Magellan Technology Investment, YG Investment, Mirae Asset Venture Investment, Lotte Ventures, and DS Asset Management. (FinSMEs)

Related: Grit Daily, PR Newswire

Photo by Eugene Chystiakov on Unsplash