552 by terom | 293 comments on Hacker News.
cyber security & hacking info
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.
For nearly two decades, one of the world’s most infamous hacker groups has operated under the name “Anonymous.” And the mysterious online community is making headlines once again.
After Russia invaded Ukraine at the end of February, a Twitter account with 7.9 million followers named “Anonymous” declared a “cyber war” against Russia and its president, Vladimir Putin. Since then, the group has claimed responsibility for various cyberattacks that disabled websites and leaked data from Russian government agencies, as well as state-run news outlets and corporations.
Often called “hacktivists,” Anonymous employs coordinated cyberattacks against various world governments, corporations or other groups, often in the name of social or political causes. In a Feb. 24 tweet, the “Anonymous” account — which says it “cannot claim to speak for the whole of the Anonymous collective” — called on hackers around the world, including in Russia, to “say ‘NO’ to Vladimir Putin’s war.”
Over the years, actions linked to Anonymous have inspired both Hollywood filmmakers and other hacker groups around the world. Here’s a look at the murky group’s origins, some of its most notable cyberattacks and the philosophy that allegedly steers its decisions:
Anonymous’ origin story begins in the online message forums of 4chan, the anonymous social community website founded in 2003. Even today, posts on 4chan from users who don’t specify a username are labeled as written by “Anonymous.”
In the website’s early days, users often organized group pranks called “raids,” flooding chat rooms in games and other online communities to cause disruptions. 4chan began cracking down on the raids after critics accused participants of cyberbullying and posting offensive content.
Those raids formed the basis of Anonymous’ operations: a decentralized movement of like-minded online users who would communicate in encrypted chat rooms to plan online disruptions. At first, those plans were largely about cheap entertainment. Eventually, they began to revolve around social or political aims.
The cyberattacks, which Anonymous labeled “Project Chanology,” were retaliation for what the hackers deemed as attempted censorship: The church had legally threatened Gawker after the media outlet published a leaked video of actor Tom Cruise speaking enthusiastically about Scientology.
A series of worldwide protests against Scientology soon followed, with many Anonymous-supporting protesters wearing white-and-black Guy Fawkes masks, depicting the 17th century British insurrectionist. Those masks have since become closely associated with hacking group.
Generally, Anonymous opposes governments and corporations that it views as participating in censorship or promoting inequality. Since the group is decentralized, it has no real structure or hierarchy — so there’s often much internal debate about which ideas or causes to support.
A pinned 2019 tweet on the @YourAnonNews Twitter account – which, again, claims not to speak for the collective as a whole – describes Anonymous members as “working class people seeking a better future for humanity.” It lists Anonymous’ guiding principles as “freedom of information, freedom of speech, accountability for companies and governments, privacy and anonymity for private citizens.”
Since “Project Chanology,” Anonymous members have targeted a long list of parties, including:
Authorities around the world have arrested dozens of hackers with alleged ties to Anonymous, including at least 14 people charged with hacking PayPal in 2011. Barrett Brown, a journalist and self-professed Anonymous spokesperson, served more than four years in prison after a 2012 arrest on charges related to cyberattacks and threatening a federal officer.
The collective’s activities trailed off after some of those arrests, but resurfaced last year when Anonymous claimed responsibility for hacks targeting the Republican Party in Texas, in protest of the state’s controversial abortion law. Anonymous also claimed responsibility for a September hack of web-hosting company Epik, which leaked more than 150 gigabytes of data on far-right groups like QAnon and the Proud Boys.
In 2012, Time magazine named Anonymous one of the world’s 100 Most Influential People. Today, millions of people follow Anonymous-affiliated social media accounts.
Jeremiah Fowler, a co-founder of the cybersecurity company Security Discovery, told CNBC last week that Anonymous’ supporters likely view the group as somewhat of a “cyber Robin Hood,” targeting powerful governments and corporations in the name of popular causes.
“You want action now, you want justice now, and I think groups like Anonymous and hacktivists give people that immediate satisfaction,” Fowler said.
But Anonymous definitely has critics. Many believe the group’s vigilante tactics are extreme and potentially dangerous. In 2012, the National Security Agency deemed Anonymous a threat to national security.
Parmy Olson, a journalist who wrote a 415-page book on Anonymous in 2012, stated at the time that even the group’s supporters should consider its legacy a mixed bag.
“Has Anonymous done good for the world? In some cases, yes,” Olson told Radio Free Europe/Radio Liberty, citing Anonymous’ support of pro-democracy demonstrators in the Middle East. “Unnecessarily harassing people? I would class that as a bad thing. DDOSing the CIA website, stealing customer data and posting it online just for sh-ts and giggles is not a good thing.”
Ransomware attacks are a type of cybercrime that have gained significant attention in recent years. These attacks involve the encryption of a victim's computer or network by an attacker, who then demands payment in exchange for the decryption key. The consequences of a ransomware attack can be severe, including the loss of sensitive or personal information, disruption of operations, and financial loss. The FBI, as a federal law enforcement agency, has a vested interest in combating ransomware and other cyber threats. In this article, we will explore the FBI's perspective on ransomware, including how it investigates and responds to these attacks and the measures it takes to prevent them.
The FBI considers ransomware to be a serious and growing threat that affects both individuals and businesses. In response to this threat, the FBI has a number of tools and resources at its disposal. One of these is the Internet Crime Complaint Center (IC3), which is a centralized repository for cybercrime complaints. Through the IC3, individuals and organizations can report a ransomware attack and help the FBI gather intelligence and build cases against those responsible.
In addition to its work through the IC3, the FBI also conducts proactive investigations into ransomware and other cyber threats. This includes working with other government agencies, such as the Department of Homeland Security and the National Cybersecurity and Communications Integration Center, as well as international partners and the private sector. The FBI's National Cyber Investigative Joint Task Force (NCIJTF) brings together more than 20 federal agencies to share information and resources in the fight against cybercrime, while the Cyber Action Team (CAT) is a rapid-response unit that can deploy to the scene of a cyber incident to provide on-the-ground support.
One of the challenges that the FBI faces in combating ransomware is the constantly evolving nature of the threat. Cybercriminals are constantly developing new ways to carry out attacks and evade detection, which can make it difficult for law enforcement and other organizations to keep up. To address this challenge, the FBI has a number of programs and initiatives in place to improve its ability to respond to ransomware and other cyber threats. This includes partnering with industry experts and academics to stay up-to-date on the latest trends and techniques used by attackers.
Prevention is also a key aspect of the FBI's approach to ransomware. While it is not always possible to prevent a ransomware attack, there are steps that individuals and organizations can take to reduce their risk. The FBI recommends a number of best practices, such as keeping software and systems up-to-date, implementing strong passwords and two-factor authentication, and regularly backing up important data. The FBI also works with industry partners to promote the adoption of industry-standard security practices and technologies, such as network segmentation and threat-hunting software.
In conclusion, the FBI views ransomware as a serious and growing threat that requires a multifaceted response. Through its investigations, partnerships, and prevention efforts, the FBI is working to protect individuals and organizations from this type of cybercrime and bring those responsible to justice.
Ransomware has existed for more than 30 years, but it became a lucrative source of income for cyber actors and gangs in the past decade. Since 2015, ransomware gangs have been targeting organizations instead of individuals. Consequently, ransom sums have increased significantly, reaching millions of dollars.
Ransomware is effective because it pressures victims in two, complementary ways. First, by threatening victims to destroy their data. Second, by threatening to publicize the attack. The second threat has an indirect impact, yet it is just as serious (if not more). Publication could trigger regulatory and compliance issues, as well as negative long-term brand effects.
Here are some examples of real ransomware notes:
Ransomware as a Service (RaaS) has become the most widespread type of ransomware. In RaaS attacks, the ransomware infrastructure is developed by cyber criminals and then licensed out to other attackers for their use. The customer attackers can pay for the use of software or they can split the loot with the creators. Etay maor, Senior Director Security Strategy at Cato Networks commented, "There are other forms of RaaS. After receiving the ransomware payment some Ransomware groups sell all the data about the victim's network to other gangs. This means the next attack is much simpler and can be fully automated as it does not require weeks of discovery and network analysis by the attackers."
Some of the major RaaS players, who are notorious for turning the RaaS landscape into what it is today, are CryptoLocker, who infected over a quarter million systems in the 2000s and profited more than $3 million in less than four months, CryptoWall, who made over $18 million and prompted an FBI advisory, and finally Petya, NotPetya and WannaCry who used various types of exploits, ransomware included.
An organization under attack is bound to experience frustration and confusion. One of the first recommended courses of action is to contact an Incident Response team. The IR team can assist with investigation, recuperation and negotiations. Then, the FBI can also help.
Part of the FBI's mission is to raise awareness about ransomware. Thanks to a wide local and global network, they have access to valuable intelligence. This information can help victims with negotiations and with operationalization. For example, the FBI might be able to provide profiler information about a threat actor based on its Bitcoin wallet.
To help ransomware victims and to prevent ransomware, the FBI has set up 56 Cyber Task Forces across its field offices. These Task Forces work closely with the IRS, the Department of Education, the Office of Inspector General, the Federal Protective Service and the State Police. They're also in close contact with the Secret Service and have access to regional forensics labs. For National Security cyber crimes, the FBI has a designated Squad.
Alongside the Cyber Task Force, the FBI operates a 24/7 CyWatch, which is a Watch Center for coordinating the field offices, the private sector and other federal and intelligence agencies. There is also an Internet Crime Complaint Center, ic3.gov, for registering complaints and identifying trends.
Many ransomware attacks don't have to reach the point where the FBI is needed. Rather, they can be avoided beforehand. Ransomware is not a single-shot attack. Instead, a series of tactics and techniques all contribute to its execution. By identifying the network and security vulnerabilities in advance that enables the attack, organizations can block or limit threat actors' ability to perform ransomware. Etay Maor added "We need to rethink the concept that "the attackers need to be right just once, the defenders need to be right all the time". A cyber attack is a combination of multiple tactics and techniques. As such, it can only be countered with a holistic approach, with multiple converged security systems that all share context in real time. This is exactly what a SASE architecture, and no other, offers the defenders".
For example, here are all the steps in a REvil attack on a well-known manufacturer, mapped out to the MITRE ATT&CK framework. As you can see, there are numerous phases that took place before the actual ransom and were essential to its "success". By mitigating those risks, the attack might have been prevented.
Here is a similar mapping of a Sodinokobi attack:
Maze attack mapping to the MITRE framework:
Another way to map ransomware attacks is through heat maps, which show how often different tactics and techniques are used. Here is a heat map of Maze attacks:
One way to use these mappings is for network analysis and systems testing. By testing a system's resilience to these tactics and techniques and implementing controls that can mitigate any risks, organizations reduce the risk of a ransomware attack by a certain actor on their critical resources.
But don't take our word for it. Some ransomware attackers are "kind" enough to provide organizations with best practices for securing themselves from future ransomware attacks. Recommendations include:
Etay Maor of Cato Networks highlights "Nothing in what several Ransomware groups say organizations need to do is new. These best practices have been discussed for years. The reason they still work is that we try to apply them using disjoint, point solutions. That didn't work and will not work. A SASE, cloud native, architecture, where all security solutions share context and have the capability to see every networks flow and get a holistic view of the attack lifecycle can level the playing field against cyber attacks".
Just like brushing your teeth or exercising, security hygiene is an ongoing, methodical practice. Ransomware attackers have been known to revisit the crime scene and demand a second ransom, if issues haven't been resolved. By employing security controls that can effectively mitigate security threats and having a proper incident response plan in place, the risks can be minimized, as well as the attackers' pay day. The FBI is here to help and provide information that can assist, let's hope that assistance won't be needed.