https://safirsoft.com Fancy Bear imposters are on a hacking extortion spree

Nice looking website you've got there. It'd be a shame if someone DDoSed it.

Ransomware attacks that tear through corporate networks can bring massive organizations to their knees. But even as these hacks reach new popularity highs—and new ethical lows—among attackers, it's not the only technique criminals are using to shake down corporate victims. A new wave of attacks relies instead on digital extortion—with a side of impersonation.

On Wednesday, the Web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28. The communications threaten that if the target doesn’t send a set number of bitcoin—typically equivalent to tens or even hundreds of thousands of dollars—the group will launch powerful distributed denial of service attacks against the victim, walloping the organization with a fire hose of junk traffic strategically directed to knock it offline.

https://safirsoft.com Fancy Bear imposters are on a hacking extortion spreeThis type of digital extortion—give us what we’re asking for and we won’t attack you—has resurfaced repeatedly throughout the last decade. But in recent months, criminals have attempted to capitalize on fear about high-profile nation-state attacks, combined with anxieties related to rising ransomware attacks, to try to make some extra money.

“Like a good salesperson, they follow up on the first message to convince the victim to pay before actually going to the trouble of executing an attack,” says Pascal Geenens, director of threat intelligence at Radware. “Of course, these criminals would prefer the easy money and not having to go through the process of running an attack. However, if the threat actors want to keep their campaign credible, not attacking is not an option.”

Though the attacks don’t seem to target certain regions in particular, Radware did find that hackers tended to pose as Lazarus Group when attempting to extort money from financial organizations and as Fancy Bear when threatening technology and manufacturing victims.

In another recent example, researchers from the security firm Intel471 reported on Tuesday that hackers pretending to be Lazarus Group sent an extortion letter to the currency exchange company Travelex in late August. Attackers demanded 20 bitcoin (more than $200,000 at the time) and said that the ransom would increase by 10 bitcoin for every day that elapsed after the initial deadline. Travelex had previously suffered a damaging ransomware attack on New Year’s Eve and reportedly paid hackers $2.3 million to decrypt the data.

“It’s a small price for what will happen when your whole network goes down,” the extortion DDoSers wrote in their email to Travelex. “Is it worth it? You decide!”

Fancy Bear imposters are on a hacking extortion spree
fancy-bear-imposters-are-on-a-hacking-extortion.html

https://safirsoft.com Hacker lexicon: What is a supply chain attack?

Hacker lexicon: What is a supply chain attack?

From NotPetya to SolarWinds, it’s a problem that’s not going away any time soon.

Cybersecurity truisms have long been described in simple te...

https://safirsoft.com Amazon to buy MGM, touts “treasure trove of IP,” including James Bond

Amazon to buy MGM, touts “treasure trove of IP,” including James Bond

Amazon announces purchase, promises "greater access" to historic studio's films.

Amazon today announced a definitive agreement to buy MGM (Metro...

https://safirsoft.com Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

Stopping payments would go a long way to stopping ransomware.

Nearly a week after a ransomware attack led Colonial Pipeline to halt fuel distrib...

https://safirsoft.com Ireland’s healthcare system taken down after ransomware attack

Ireland’s healthcare system taken down after ransomware attack

Doctors left unable to access patient records after "very sophisticated" attack.

Ireland has shut down most of the major IT systems running its ...

https://safirsoft.com Biden signs executive order to strengthen US cybersecurity

Biden signs executive order to strengthen US cybersecurity

Move comes after high-profile hacks, including attack on crucial fuel pipeline.

Joe Biden signed an executive order on Wednesday in an attempt t...

https://safirsoft.com Security researcher successfully jailbreaks an Apple AirTag

Security researcher successfully jailbreaks an Apple AirTag

Successful jailbreak increases existing AirTag security and privacy concerns.

This weekend, German security researcher stacksmashing declared s...