2020, Cybercrime, Information Security and VPN

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said.

VPN

VPN Cybercrime Ransomware Advertising

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. In late 2020, credentials for US-based universities were found for sale on the dark web. In 2017, crooks launched a phishing campaign against universities to compromise.edu accounts.

Cybercrime

Cybercrime Education Accountability Phishing

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Experts reported that brute-force cracking tools and account checkers are available on cybercrime marketplaces and forums for an average of $4. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020.

Ransomware

Ransomware VPN Cybercrime Advertising

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

pw has been registered and abandoned by several parties since 2014, but the most recent registration data available through DomainTools.com shows it was registered in March 2020 to someone in Krasnodar, Russia with the email address edgard011012@gmail.com. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike. ” continues the report.

Hacking

Hacking VPN Advertising Financial Services

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The data stolen by Nikulin were available on the cybercrime underground between 2015 and 2016, they were offered for sale by multiple traders.

Hacking

Hacking Cybercrime Data breaches Advertising

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

3 (@pancak3lullz) October 15, 2020. KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. #KPOT source code up for sale! pic.twitter.com/fJ3BwlaHsR — ??????3

Ransomware

Ransomware Malware Advertising Cybercrime

CISA adds 15 new flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 16, 2022

The new vulnerabilities added to the catalog include one SonicWall SonicOS issue, tracked as CVE-2020-5135 , and 14 Microsoft Windows flaws addressed between 2016 and 2019. The CVE-2020-5135 is a stack-based buffer overflow that affects the SonicWall Network Security Appliance (NSA).

VPN

VPN Network Security Hacking Cybersecurity

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

Hackers aim at collecting login credentials for networks of the target organizations, then they attempt to monetize their efforts by selling access to corporate resources in the cybercrime underground. “The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP.”

Social Engineering

Social Engineering VPN Phishing Authentication

UK Fintech company Finastra hit by a cyber attack

Security Affairs

MARCH 21, 2020

.” Experts from cyber-security firm Bad Packets speculate attackers might have exploited the CVE-2019-11510 vulnerability to compromise unpatched Pulse Secure VPN servers at the Fintech firm. . link] pic.twitter.com/JrdDojlTuF — Bad Packets Report (@bad_packets) March 20, 2020. Travelex deja vu?

Cyber Attacks

Cyber Attacks Data breaches Advertising Ransomware

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 Ivanti fixed this critical code execution issue in Pulse Connect Secure VPN early this month.

Malware

Malware VPN Authentication Hacking

Security Affairs newsletter Round 247

Security Affairs

JANUARY 19, 2020

January 2020 Adobe Patch Tuesday updates fix issues in Illustrator, Experience Manager. Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA. Two PoC exploits for CVE-2020-0601 NSACrypto flaw released. Chinese police arrested the operator of unauthorized VPN service that made $1.6

Data breaches

Data breaches Advertising VPN Cybercrime

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The malicious code can also act as a first-stage malware.

Accountability

Accountability Malware Data breaches Passwords

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

A cyberattack crippled the IT infrastructure of the City of Saint John Hundreds of female sports stars and celebrities have their naked photos and videos leaked online Romanians arrested for running underground malware services Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs Computer Security and Data Privacy, the perfect alliance (..)

Data breaches

Data breaches Social Engineering Ransomware Malware

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Manufacturing Healthcare Education

Chilean bank BancoEstado hit by REVil ransomware

Security Affairs

SEPTEMBER 7, 2020

Información de Prensa pic.twitter.com/gupHjabSgX — BancoEstado (@BancoEstado) September 6, 2020. Información importante sobre nuestra red de atención pic.twitter.com/CfFeb9tCzK — BancoEstado (@BancoEstado) September 7, 2020. and Elexon electrical middleman.

Banking

Banking Ransomware Advertising VPN

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Security Affairs

SEPTEMBER 10, 2020

The popular cybercrime gang is demanding a $4.5 “Equinix is currently investigating a security incident we detected that involves ransomware on some of our internal systems.” Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. ” reads the statement.

Ransomware

Ransomware VPN Data breaches Advertising

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Monitor cyber threat reporting regarding the publication of compromised VPN login credentials and change passwords and settings.

Ransomware

Ransomware Financial Services Passwords VPN

Security Affairs newsletter Round 283

Security Affairs

SEPTEMBER 27, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Banking Advertising Ransomware

Security Affairs newsletter Round 295

Security Affairs

JANUARY 3, 2021

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Data breaches

Data breaches Mobile VPN Firewall

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ” reads the report. ” continues the alert. ” concludes the alert.

VPN

VPN Government Authentication Advertising

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

Security Affairs

SEPTEMBER 7, 2021

Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware

Ransomware VPN Authentication Passwords

What shifting ransomware strategies mean for defenders

SC Magazine

JUNE 24, 2021

It claimed to have accessed the police system using a zero-day vulnerability in a VPN. The operator of Clop ransomware, GOLD TAHOE , did it too in late 2020 and early 2021 when it exploited a vulnerability in the Accellion File Transfer Appliance (FTA) software to exfiltrate data and extort victims without deploying ransomware.

Ransomware

Ransomware Encryption VPN Software

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Wizard Spider is a cybercrime group affiliated with a what is sometimes called the Ransomware Cartel , a collective of underground groups identified by threat intelligence company Analyst1. Two years later, the group moved to using Conti, in May 2020. Only use secure networks and avoid using public Wi-Fi networks.

Healthcare

Healthcare Ransomware Encryption Passwords

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. ” reads the report published by ClearSky.

VPN

VPN Telecommunications Advertising Hacking

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime VPN Malware Penetration Testing

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. According to the advisory, the threat actors have exploited Zerologon ( CVE-2020-1472 ) in Microsoft’s Netlogon Remote Protocol in phishing attempts.

Ransomware

Ransomware Hacking Engineering Manufacturing

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. According to the advisory, the threat actors have exploited Zerologon ( CVE-2020-1472 ) in Microsoft’s Netlogon Remote Protocol in phishing attempts.

Hacking

Hacking Ransomware Manufacturing Healthcare

Researchers released a free decryption tool for the Rhysida Ransomware

Security Affairs

FEBRUARY 12, 2024

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. According to the advisory, the threat actors have exploited Zerologon ( CVE-2020-1472 ) in Microsoft’s Netlogon Remote Protocol in phishing attempts.

Ransomware

Ransomware Encryption VPN Manufacturing

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. According to the advisory, the threat actors have exploited Zerologon ( CVE-2020-1472 ) in Microsoft’s Netlogon Remote Protocol in phishing attempts.

Ransomware

Ransomware Hacking Manufacturing Healthcare

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Cyber Attacks Manufacturing Healthcare

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

Security Affairs

NOVEMBER 18, 2022

The group used various attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. The threat actors were observed gaining initial access to victim networks by using single-factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols.

Ransomware

Ransomware VPN Manufacturing Healthcare

Kaspersky released a new decryptor for Conti-based ransomware

Security Affairs

MARCH 18, 2023

Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network. The Conti group has been active since 2019, the FBI estimated that between 2020 and 2022 the gang breached hundreds of organizations. Request access to this offer here.

Ransomware

Ransomware Malware VPN Passwords

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

Along with the rise of big-game hunting in 2020, we saw the emergence of a number of high-profile groups in the ransomware world. Hackers who are on the lookout for publicly disclosed vulnerabilities (1-days) in internet facing software, such as VPN appliances or email gateways. Part I: Three preconceived ideas about ransomware.

Ransomware

Ransomware Encryption Malware Cybercrime

Group-IB Hi-Tech Crime Trends 2020/2021 report

Security Affairs

NOVEMBER 25, 2020

Group-IB , a global threat hunting and intelligence company, has presented its annual Hi-Tech Crime Trends 2020/2021 report. In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year.

Banking

Banking Ransomware Phishing Marketing

The dark web index 2021, report

Security Affairs

JUNE 4, 2021

2020 is a case in point. If you must log in to an account of any kind while on public WiFi, use a VPN for encrypting all your internet traffic. They will read your card instead of the ATM and send the information to the hacker. It was one of the worst years (if not the worst) for cyber attacks. Hackers love it.

Accountability

Accountability Marketing Hacking Cryptocurrency

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

FBI: Compromised US academic credentials available on various cybercrime forums

Webinars

Trending Sources

15 billion credentials available in the cybercrime marketplaces

Webinars

NetWalker ransomware operators have made $25 million since March 2020

Interview With a Crypto Scam Investment Spammer

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Akira ransomware received $42M in ransom payments from over 250 victims

REvil Ransomware member win the auction for KPot stealer source code

CISA adds 15 new flaws to the Known Exploited Vulnerabilities Catalog

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

UK Fintech company Finastra hit by a cyber attack

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs newsletter Round 247

A new Zerobot variant spreads by exploiting Apache flaws

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs newsletter Round 291

FBI and CISA warn of attacks by Rhysida ransomware gang

Chilean bank BancoEstado hit by REVil ransomware

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs newsletter Round 283

Security Affairs newsletter Round 295

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

What shifting ransomware strategies mean for defenders

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Rhysida ransomware gang claimed China Energy hack

Rhysida ransomware group hacked Abdali Hospital in Jordan

Researchers released a free decryption tool for the Rhysida Ransomware

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Rhysida ransomware gang is auctioning data stolen from the British Library

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

Kaspersky released a new decryptor for Conti-based ransomware

Ransomware world in 2021: who, how and why

Group-IB Hi-Tech Crime Trends 2020/2021 report

The dark web index 2021, report

Stay Connected