[HN Gopher] Ransom gangs increasingly outsource their work
___________________________________________________________________
Ransom gangs increasingly outsource their work
Author : todsacerdoti
Score : 40 points
Date : 2020-10-08 19:52 UTC (3 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| 1cvmask wrote:
| While there are a lot of "outsourced" malware-as-a-service and
| hacking-as-a-service outfits out there, the majority have law
| enforcement somehow embedded in some part of the supply chain or
| are a complete honeypot run by governments to entrap criminals.
| Beware outsourcers bearing gifts.
|
| The "encrypted" Swiss phone of choice by narco traffickers (and
| others) in the 1980s run by the CIA:
|
| https://en.wikipedia.org/wiki/Crypto_AG
| dstick wrote:
| There's a much more recent example from 2020:
| https://www.france24.com/en/20200703-france-united-kingdom-n...
|
| Police ran that service for quite a while before cracking down
| simultaneously across multiple countries.
| fizixer wrote:
| > ... today's attackers have exactly zero trouble gaining that
| initial intrusion ...
|
| Any ideas why that is? I thought s/w companies have gotten
| smarter about securing their infra, e.g., strict https-only
| access, linux server (not windows), and so on.
|
| If you're a startup with limited resources, what essentials do
| you need to be aware of to secure your systems?
| LinuxBender wrote:
| https may hurt more than it helps in this case. One well
| crafted email asking for help to debug a script on github is
| all it takes to get sudo on up to 10% of the laptops in a
| company. Developers are just too darn helpful. :-) Unless you
| enforce full tunnel vpns on all laptops and force all outbound
| connections through MITM proxies, there is really no way to
| stop this. Anti-malware and anti-virus software will rarely
| detect a malicious python, ruby, perl, bash script and simply
| connects outbound and downloads / executes a payload. Even DNS
| can be used to fetch the payload.
|
| If you are a startup with limited resources, keep things as
| simple as you can. Back up your code, artifacts and customer
| data somewhere that automation and malware can not tamper with
| it. Encrypt your customer backups. Challenge your staff to
| automate patching of your endpoints, your servers, your virtual
| machine images, etc... Challenge them to create build systems
| that produce lean, fully patched images with software that only
| comes from trusted sources. Images for laptops, images you run
| in dev, images you run in production. Have a manifest of every
| piece of software, every library, every snippet of code your
| teams utilize. This will be helpful down the road when you have
| grown and your legal team want to do a software license review.
| If using AWS, set up automation to audit and report on public
| S3 buckets.
| icegreentea2 wrote:
| Initial intrusion includes gaining foothold on individual
| workstations/personal computers. The idea being that a)
| endpoint security is always a shit show and b) social
| engineering is the bomb.
|
| I think after doing the obvious stuff with your core
| infrastructure and making sure you have good data backup and
| recovery procedures in place, the next best use of resources is
| in trying to make sure your employees don't fished.
| ericalexander2 wrote:
| Netwalker and Ryuk use similar tools and tactics. Most all of
| them are doing the same.
| https://thedfirreport.com/2020/10/08/ryuks-return/
| silexia wrote:
| These scammers should be hunted down globally and put to death if
| they are convicted after a fair trial. Their scams kill people as
| they target hospitals.
| Scoundreller wrote:
| So many wasted drone strikes that could've been put to good
| use.
| dang wrote:
| Please don't do this here.
| kspacewalk2 wrote:
| Yes, he doxxes a ransomware mogul here. Yes, this is a good thing
| and should be applauded.
| sneak wrote:
| He's also doxxed people who left bad book reviews, and people
| who argued with him on Twitter. Krebs is frequently a major
| shithead.
|
| He's not the judge and jury and he shouldn't be doxxing anyone.
| It's a big problem with him, and one of the reasons I wish
| people would stop linking to his website.
| xupybd wrote:
| I'm not proud to say this but no way I'd want to do that. I'd
| hate to be on the radar of criminals like that ransomware
| mogul. Being in a country like Russia he is basically immune to
| law enforcement and he specialises in harming people remotely.
| _jal wrote:
| Krebs seems to be making a calculated career decision by
| doing so. He's trading some amount of risk for fame.
|
| He's not been shy about telling you about when people have
| tried to retaliate.
___________________________________________________________________
(page generated 2020-10-08 23:00 UTC)