LockBit update, Signal usernames, NSA Cyber Director retires
LockBit takedown update
Following up on a story we brought to you yesterday on Cyber Security Headlines , authorities released additional details Tuesday related to “Operation Cronos,” the coordinated global effort which took down the formidable LockBit ransomware operation. LockBit’s leak site was seized and now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates. Authorities say their months-long operation compromised LockBit’s primary platform and took down 34 servers across eight countries. Authorities also seized 200 cryptocurrency accounts and over 1,000 decryption keys which will be used to begin helping victims recover their encrypted data. Additionally, the DOJ unsealed indictments against two alleged Russian LockBit members, Artur Sungatov and Ivan Kondratyev. A total of five LockBit members have now been charged for their participation in LockBit operations since last May.
(Krebs on Security and DoJ )
Signal finally lets you keep your phone number private?
The end-to-end encrypted chat platform announced Tuesday that users no longer have to give up their phone number to chat with others. Instead, Signal users can now pick unique usernames and will be able to share a unique link or QR code to connect with other users. Unlike other platforms, Signal’s usernames will not be displayed in a user’s profile and can be changed at any time. Usernames are launching in beta and will be rolling out to all users in the coming weeks.?
NSA’s Cybersecurity Director Rob Joyce to retire
On Tuesday, the National Security Agency (NSA) announced that Rob Joyce will retire at the end of March after a 34 year career at the agency. Joyce held the position since 2021, spearheading agency efforts to work with public and private sectors on cyber defense initiatives. Joyce also served as the NSA’s deputy director of the agency’s former Information Assurance Directorate and the leader of the elite NSA hacking unit known as Tailored Access Operations. He was also the cybersecurity advisor to former President Donald Trump.
(The Record )
Anatsa banking trojan resurfaces
Researchers from ThreatFabric have observed the Anatsa Trojan campaign gaining momentum and targeting European banks including Slovakia, Slovenia and Czechia. The campaign reemerged in November 2023, focusing on Samsung devices and employing sophisticated methods such as AccessibilityService abuse and multi-staged infection processes. Anatsa’s droppers can circumvent Android 13 restrictions to dynamically download malicious executable files from command-and-control (C2) servers. Despite Google Play’s recently bolstered security measures, the new Anatsa droppers have 100,000 total installations. Financial institutions are urged to educate customers about the risks associated with installing applications from official stores and enabling AccessibilityService unnecessarily.?
领英推荐
Huge thanks to our sponsor, Conveyor
Hacked Iraqi voter information for sale online
Researchers have uncovered a 21.58GB database containing Iraqi voter cards and personally identifiable information available for sale on the dark web. The data appears to have been swiped from Iraq’s Independent High Electoral Commission (IHEC) in 2019. The stolen data was confirmed as legitimate by Iraqi law enforcement and includes voter names, dates of birth, polling stations, and registration centers. Researchers believe the breach resulted from an IT supply chain compromise. There are growing concerns that miscreants could employ the leaked voter data in campaigns aiming to disrupt Iraq’s 2025 elections.
(Dark Reading )
Vietnam to collect biometrics and DNA for new ID cards
Starting July 1, Vietnam’s Ministry of Public Security will collect and store iris scans, voice samples, and actual DNA, in accordance with amendments to Vietnam’s Law on Citizen Identification which passed last November. The biometric information will be stored in a national database and linked to Vietnam’s new identity cards which will serve as health and social insurance cards, driver’s licenses, birth certificates, and marriage certificates. The ID cards will use a QR code to link to the identifying information. The ID cards will be issued to anyone over the age of 14 and will be optional for citizens between the ages of 6 and 14. Given that there are 70 million adults in Vietnam, collecting the information will be no small task.
(The Register )
New typosquatting and repojacking tactics uncovered on PyPI
ReversingLabs has uncovered two suspicious packages (NP6HelperHttptest and NP6HelperHttper) on the Python Package Index (PyPI). The packages are employing typosquatting and repojacking which are look-alike techniques that aim to deceive developers into incorporating them into their applications. Once installed, the malicious packages enable DLL sideloading so threat actors can discreetly execute code while evading detection. While DLL sideloading has been around for years, up until now its use in open-source packages like PyPI has been relatively rare.
Median ransomware demands grow to $600K?
According to a new report from Arctic Wolf, median initial ransom demands spiked 20% to $600,000 in 2023 compared to the prior year. Manufacturing was the most targeted vertical while legal, government, retail, and energy sectors saw the highest median demands of $1 million or more. Three main ransomware gangs, LockBit 3.0, BlackCat/ALPHV, and Cl0p, carried out the lion’s share of cyberattacks. The 2024 ransomware landscape may look different, however, due to law enforcement efforts to disrupt BlackCat back in December and their takedown of LockBit operations this week.
(Dark Reading )