Saturday 24th August 2024

Good morning everyone, a very happy Saturday to you all, thank you for joining me for today's edition of Cyber Daily. In today's instalment we're covering stories from the FBI misplacing sensitive data storage like they're loose change, to ransomware gangs picking Chrome for their next big score, it’s clear that cybercriminals are upping their game. We’ll also take you inside the courtroom where a Russian hacker is facing justice for his role in a notorious extortion ring.

FBI Fumbles Data Security

The FBI is under fire after a new report from the Department of Justice’s Office of the Inspector General (OIG) exposed serious lapses in handling decommissioned electronic storage media containing sensitive information. The audit revealed that the FBI failed to properly label, track, and secure internal hard drives, thumb drives, and other storage devices extracted from classified systems.

These devices, which contained everything from unclassified law enforcement data to Top Secret national security information, were left stored on pallets with inadequate security at an FBI-controlled destruction facility. The OIG found that nearly 400 individuals, including contractors and task force officers, had access to the facility, heightening the risk of theft or loss. Even more troubling, the FBI couldn't always confirm whether these devices were properly destroyed.

The OIG is urging the FBI to tighten its procedures, improve labeling practices, and enhance physical security at destruction sites to safeguard against potential breaches.

Ransomware Attack Takes Credential Harvesting to a New Level

A recent Qilin ransomware attack has added a dangerous twist to cybercrime: credential harvesting. In a report from cybersecurity firm Sophos, it was revealed that the attackers stole credentials stored in Google Chrome browsers on compromised endpoints, marking a concerning shift in ransomware tactics.

The attack, which took place in July 2024, began with the infiltration of a target network through compromised VPN credentials that lacked multi-factor authentication (MFA). After gaining access, the attackers waited 18 days before executing post-exploitation actions, including deploying a PowerShell script that harvested Chrome credentials via a Group Policy Object (GPO). This script ran each time a user logged in, leading to widespread credential theft.

Users affected by this breach must now change their passwords across all third-party sites. This tactic could signal a broader trend of ransomware groups targeting stored credentials, opening new avenues for future attacks and significantly escalating the threat landscape.

Russian Hacker Charged in US for Cybercrime Role

A Russian national has been extradited to the US and charged for his alleged involvement with the Karakurt cybercrime gang, a group notorious for data theft and extortion. Deniss Zolotarjovs, 33, from Moscow, was arrested in Georgia in December 2023 and extradited to the US earlier this month. He appeared in a Cincinnati federal court this week, facing charges of money laundering conspiracy, wire fraud, and Hobbs Act extortion.

Karakurt, linked to the infamous Conti ransomware group, has been hacking organizations worldwide, stealing data, and demanding ransoms ranging from $25,000 to $13 million in Bitcoin. The gang pressures victims by auctioning stolen data or offering it for download on a leak site. Zolotarjovs allegedly played a key role in laundering the group's illicit cryptocurrency earnings and participated in its extortion activities.