Ransomware, Iranian Hackers & Pornography

Ransomware gangs have increasingly focused on high-profile targets like large corporations and government institutions in the past year, according to Europol’s Internet Organised Crime Threat Assessment 2021 report, and Covid -19 has helped to fuel the increase in cyber crime.

Europol's report offers insights into current cyber crime trends in Europe, revealed that ransomware actors have taken advantage of widespread homeworking to launch more sophisticated and targeted attacks.

The accelerated digitalisation of everyday life related to the pandemic has significantly influenced the development of a number of cyber threats, including:

  • Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks. 
  •  Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication.  
  • Online shopping has led to a steep increase in online fraud. 
  • Explicit self-generated sexual material is an increasing concern and is distributed for profit.
  • Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and crypto-currencies. 

Now, Microsoft researchers have discovered that as many as six different Iranian hacker groups are behind several new waves of ransomware attacks that have been identified every six to eight weeks since the end of 2020. 

The Iranian hackers are allegedly deploying ransomware to disrupt targets or to collect funds. Microsoft says that the hacking groups are persistent and prepared to use aggressive brute-force attacks to achieve their goals. According to Microsoft, the most consistent of the groups tracked by the cybersecurity firm is called Phosphorus or APT35 and they have ben tracking the group for the past two years.

Phosphorus was initially known for cyber espionage, however, the group has shifted towards ransomware attacks using Microsoft’s Windows disk-encryption tool BitLocker to encrypt victim files.

Europol have also highlighted the growing use of multi-layered extortion methods to extort service providers, financial institutions and businesses, such as DDoS attacks. Additionally, they observed that cyber-criminals have increasingly recognised the potential to attack a large number of organisations via supply chain attacks, often targeting the ‘weakest link.’ The Kaseya  and SolarWinds incidents are prominent examples of this trend.  

Another concerning finding in the report was an “alarming” rise in self-produced explicit material of children online.

This has been driven by increased unsupervised internet use by children in the pandemic. The authors said children were frequently lured into producing and sharing explicit material of themselves by offenders using fake identities on gaming platforms and social media sites. Additionally, some offenders recorded or captured victims performing live-streamed sexual acts for them without the victims’ knowledge.

  • Other notable trends in the past year included fraudsters continuing to leverage the COVID-19 crisis and increased online shopping to scam victims.
  • There has also been an evolution in mobile malware, with cyber criminals trying to find ways to circumvent additional security measures such as two-factor authentication.

Microsoft's findings suggest that the adoption of ransomware has supported Iranian hackers' efforts in espionage, disruption and destruction and to support physical operations. Their well-stocked toolbox includes ransomware, disk wipers, mobile malware, phishing, password-spray attacks, mass exploitation of vulnerabilities and supply chain attacks.     

EUROPOL:     ZDNet:   Oodaloop:      Infosecurity Magazine:     BlackWeb:    Microsoft

You Might Also Read: 

Diving Into Th Dark Web:

 

« Cyber Effects On The Legal Profession
Non-Profit Organisations & Cyber Security »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Allen & Overy

Allen & Overy

Allen & Overy is an international law firm. Practice areas include Cybersecurity and Data Protection.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

CYBERPOL

CYBERPOL

CYBERPOL is the leading Public Utility Agency for investigating cyber crimes and cyber attacks by criminals, international adversaries.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

AppViewX

AppViewX

AppViewX is a global leader in the management, automation and orchestration of network services in data centers.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

National Cyber Security Authority (NCA) - Saudi Arabia

National Cyber Security Authority (NCA) - Saudi Arabia

The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

X Technologies

X Technologies

X Technologies provide world-class engineering, information technology, information security, program management and repair services to Federal, State and commercial customers.

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Redblock

Redblock

Redblock's mission is to eliminate the drudgery and repetitive 'eye on the glass' work done by Security Teams.