Today the United States and United Kingdom sanctioned 11 individuals believed to be responsible for the Trickbot botnet.
They sanctioned Trickbot managers, HR representatives, developers, QA engineers, network administrators and more.
More information: https://home.treasury.gov/news/press-releases/jy1714
They sanctioned Trickbot managers, HR representatives, developers, QA engineers, network administrators and more.
More information: https://home.treasury.gov/news/press-releases/jy1714
U.S. Department of the Treasury
United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang
U.S. Department of Justice Concurrently Unsealing Nine IndictmentsWASHINGTON — Today, the United States, in coordination with the United Kingdom, sanctioned eleven individuals who are part of the Russia-based Trickbot cybercrime group. Russia has long been…
👏18😢10🫡9🤣3❤2😁2👍1
Today Google TAG (Threat Analysis Group) reported they have identified North Korean State-Sponsored Threat Actors targeting security researchers (again).
They identified accounts on both Twitter and Mastodon. 😋
https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/
They identified accounts on both Twitter and Mastodon. 😋
https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/
Google
Active North Korean campaign targeting security researchers
Threat Analysis Group shares findings on a new campaign by North Korean actors targeting security researchers.
🤔32🤣13🤯4😁2🔥1🫡1
Lazarus group, if you're reading this, please give us an autograph. It would be super cool to have. Also, tell Mr. Kim Jong Un we said "Hello"
🤣140🫡32😁11❤7🙏7👍3🤪3😘3
You've successfully identified every phishing attempt made against you or your organization, but then just across the horizon you spot the phishing final boss.
https://chase.com@n9.cl/8bzuupbz
https://chase.com@n9.cl/8bzuupbz
🤣80😁10🤔9👍6🫡6😱5👏3❤🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
🤣179🫡20😱14🤪9❤8👏5😁4🤔4❤🔥3🔥2😘1
August 2023 (version 1.82) of Visual Studio Code now supports Port Forwarding to allow easier access from Threat Actors.
inb4 Visual Studio Code as a C2?
Very cool 👍
More information: https://code.visualstudio.com/docs/editor/port-forwarding
inb4 Visual Studio Code as a C2?
Very cool 👍
More information: https://code.visualstudio.com/docs/editor/port-forwarding
🤣110👏20😁8❤4👍4🔥2😍2🤪2😢1💯1
Let's talk about ransomware for a second.
Ransomware Threat Actors are opportunity driven. They do not have specific targets in mind. If you've got a dollar, they want it.
The reality of the matter, in the ransomware ecosystem, is initial access brokering is cheap and affordable, it is a worthwhile investment for ransomware affiliates to establish a good relationship with an initial access broker.
There is an initial access broker who will sell you roughly 1,000,000 misconfigured VPN's for $1,500. These 'misconfigured' VPNs typically will be companies which have accidentally set a VPN user login to something like 'test' as the username AND password. Although this may sound absurd, or unlikely, these are extremely common as companies may simply overlook small errors. However, these misconfigured VPNs are not curated. Ransomware affiliates might have to spend weeks, or months, sorting through the list determining which companies discovered have:
1. Money
2. Do not violate the rules of the ransomware group
3. Have insufficient security posture
4. Are outside with CIS (ex-soviet countries).
This is often how ransomware groups collide with each other. Two different initial access brokers may have identified (or gotten access) to the exact same organization and then sold this identified vulnerable organization, or access, to two different ransomware groups. There have been stories where ransomware affiliates gain access, only to discover upon entry the organization has already been ransomed!
Companies that have correctly configured EDRs (a detected blue team), a SOC, and have good policy and/or asset control will defeat most ransomware affiliates. More often than not, if an affiliate encounters a company that has a good EDR, or hardened machines, they may simply abandon the target all together (or sell it to a different ransomware operator) because it may not be worth their time. Metaphorically speaking, time is money to the Ransomware Threat Actor.
Regarding targets, there is another aspect often overlooked. Ransomware operators residing outside NATO often do not understand the culture or targets they have identified. For example, we have witnessed ransomware groups target public school systems, failing to understand how the United States allocates money for schools. They mistakenly believe tax-funded schools are ripe with cash and simply do not believe negotiators when they say the victim doesn't have the money. They rely on publicly available information (often wrong information) from places like Wikipedia or ZoomInfo. They see big numbers and believe that this is the profit margins.
tl;dr if you very seriously want to defeat ransomware, security companies need to understand the financial limitations many organizations face. They do not have the money, or man power, larger companies have to combat an ever evolving threat landscape.
NOTE: There are some caveats to this rant. Every ransomware affiliate will seek different avenues of gaining access. Blah, blah, blah.
Thanks for reading. Have a goodnight (or morning).
Ransomware Threat Actors are opportunity driven. They do not have specific targets in mind. If you've got a dollar, they want it.
The reality of the matter, in the ransomware ecosystem, is initial access brokering is cheap and affordable, it is a worthwhile investment for ransomware affiliates to establish a good relationship with an initial access broker.
There is an initial access broker who will sell you roughly 1,000,000 misconfigured VPN's for $1,500. These 'misconfigured' VPNs typically will be companies which have accidentally set a VPN user login to something like 'test' as the username AND password. Although this may sound absurd, or unlikely, these are extremely common as companies may simply overlook small errors. However, these misconfigured VPNs are not curated. Ransomware affiliates might have to spend weeks, or months, sorting through the list determining which companies discovered have:
1. Money
2. Do not violate the rules of the ransomware group
3. Have insufficient security posture
4. Are outside with CIS (ex-soviet countries).
This is often how ransomware groups collide with each other. Two different initial access brokers may have identified (or gotten access) to the exact same organization and then sold this identified vulnerable organization, or access, to two different ransomware groups. There have been stories where ransomware affiliates gain access, only to discover upon entry the organization has already been ransomed!
Companies that have correctly configured EDRs (a detected blue team), a SOC, and have good policy and/or asset control will defeat most ransomware affiliates. More often than not, if an affiliate encounters a company that has a good EDR, or hardened machines, they may simply abandon the target all together (or sell it to a different ransomware operator) because it may not be worth their time. Metaphorically speaking, time is money to the Ransomware Threat Actor.
Regarding targets, there is another aspect often overlooked. Ransomware operators residing outside NATO often do not understand the culture or targets they have identified. For example, we have witnessed ransomware groups target public school systems, failing to understand how the United States allocates money for schools. They mistakenly believe tax-funded schools are ripe with cash and simply do not believe negotiators when they say the victim doesn't have the money. They rely on publicly available information (often wrong information) from places like Wikipedia or ZoomInfo. They see big numbers and believe that this is the profit margins.
tl;dr if you very seriously want to defeat ransomware, security companies need to understand the financial limitations many organizations face. They do not have the money, or man power, larger companies have to combat an ever evolving threat landscape.
NOTE: There are some caveats to this rant. Every ransomware affiliate will seek different avenues of gaining access. Blah, blah, blah.
Thanks for reading. Have a goodnight (or morning).
❤127👍44🫡5🤪5😘4🔥1👏1😱1🙏1💯1
Although this says "17+ verified people", we have little faith in Roblox.
Especially when Roblox sued YouTuber Ruben Sim (in an attempt to silence him) for becoming a whistleblower and exposing Roblox developer Arnold Castillo for his pedophilia
https://www.justice.gov/usao-sdin/pr/new-jersey-man-federally-charged-enticement-minor-and-interstate-transportation-minor
Especially when Roblox sued YouTuber Ruben Sim (in an attempt to silence him) for becoming a whistleblower and exposing Roblox developer Arnold Castillo for his pedophilia
https://www.justice.gov/usao-sdin/pr/new-jersey-man-federally-charged-enticement-minor-and-interstate-transportation-minor
www.justice.gov
New Jersey Man Federally Charged with Enticement of a Minor and
🤯76👍11👏4😁2🤔2😢2❤1😱1😘1
Vodafone Ireland Twitter account compromised and they gave us a shout-out from it 😂😂
https://twitter.com/VodafoneIreland/status/1700519265940508690
https://twitter.com/VodafoneIreland/status/1700519265940508690
🤣80🫡15👏4🔥2🥰2😱2❤🔥1❤1
Our giveaways winners are beginning to receive their books 🥰
🔥98🥰28👍6❤3😱3🤩1
"To get into malware development do I need to learn how to code?"
Uhhhhhhhhhhhhhh
Uhhhhhhhhhhhhhh
🤣155😁17🤔13🫡12👍5😱4