[HN Gopher] Ransom gangs increasingly outsource their work ___________________________________________________________________ Ransom gangs increasingly outsource their work Author : todsacerdoti Score : 40 points Date : 2020-10-08 19:52 UTC (3 hours ago) (HTM) web link (krebsonsecurity.com) (TXT) w3m dump (krebsonsecurity.com) | 1cvmask wrote: | While there are a lot of "outsourced" malware-as-a-service and | hacking-as-a-service outfits out there, the majority have law | enforcement somehow embedded in some part of the supply chain or | are a complete honeypot run by governments to entrap criminals. | Beware outsourcers bearing gifts. | | The "encrypted" Swiss phone of choice by narco traffickers (and | others) in the 1980s run by the CIA: | | https://en.wikipedia.org/wiki/Crypto_AG | dstick wrote: | There's a much more recent example from 2020: | https://www.france24.com/en/20200703-france-united-kingdom-n... | | Police ran that service for quite a while before cracking down | simultaneously across multiple countries. | fizixer wrote: | > ... today's attackers have exactly zero trouble gaining that | initial intrusion ... | | Any ideas why that is? I thought s/w companies have gotten | smarter about securing their infra, e.g., strict https-only | access, linux server (not windows), and so on. | | If you're a startup with limited resources, what essentials do | you need to be aware of to secure your systems? | LinuxBender wrote: | https may hurt more than it helps in this case. One well | crafted email asking for help to debug a script on github is | all it takes to get sudo on up to 10% of the laptops in a | company. Developers are just too darn helpful. :-) Unless you | enforce full tunnel vpns on all laptops and force all outbound | connections through MITM proxies, there is really no way to | stop this. Anti-malware and anti-virus software will rarely | detect a malicious python, ruby, perl, bash script and simply | connects outbound and downloads / executes a payload. Even DNS | can be used to fetch the payload. | | If you are a startup with limited resources, keep things as | simple as you can. Back up your code, artifacts and customer | data somewhere that automation and malware can not tamper with | it. Encrypt your customer backups. Challenge your staff to | automate patching of your endpoints, your servers, your virtual | machine images, etc... Challenge them to create build systems | that produce lean, fully patched images with software that only | comes from trusted sources. Images for laptops, images you run | in dev, images you run in production. Have a manifest of every | piece of software, every library, every snippet of code your | teams utilize. This will be helpful down the road when you have | grown and your legal team want to do a software license review. | If using AWS, set up automation to audit and report on public | S3 buckets. | icegreentea2 wrote: | Initial intrusion includes gaining foothold on individual | workstations/personal computers. The idea being that a) | endpoint security is always a shit show and b) social | engineering is the bomb. | | I think after doing the obvious stuff with your core | infrastructure and making sure you have good data backup and | recovery procedures in place, the next best use of resources is | in trying to make sure your employees don't fished. | ericalexander2 wrote: | Netwalker and Ryuk use similar tools and tactics. Most all of | them are doing the same. | https://thedfirreport.com/2020/10/08/ryuks-return/ | silexia wrote: | These scammers should be hunted down globally and put to death if | they are convicted after a fair trial. Their scams kill people as | they target hospitals. | Scoundreller wrote: | So many wasted drone strikes that could've been put to good | use. | dang wrote: | Please don't do this here. | kspacewalk2 wrote: | Yes, he doxxes a ransomware mogul here. Yes, this is a good thing | and should be applauded. | sneak wrote: | He's also doxxed people who left bad book reviews, and people | who argued with him on Twitter. Krebs is frequently a major | shithead. | | He's not the judge and jury and he shouldn't be doxxing anyone. | It's a big problem with him, and one of the reasons I wish | people would stop linking to his website. | xupybd wrote: | I'm not proud to say this but no way I'd want to do that. I'd | hate to be on the radar of criminals like that ransomware | mogul. Being in a country like Russia he is basically immune to | law enforcement and he specialises in harming people remotely. | _jal wrote: | Krebs seems to be making a calculated career decision by | doing so. He's trading some amount of risk for fame. | | He's not been shy about telling you about when people have | tried to retaliate. ___________________________________________________________________ (page generated 2020-10-08 23:00 UTC)