Ransomware, Iranian Hackers & Pornography

Ransomware gangs have increasingly focused on high-profile targets like large corporations and government institutions in the past year, according to Europol’s Internet Organised Crime Threat Assessment 2021 report, and Covid -19 has helped to fuel the increase in cyber crime.

Europol's report offers insights into current cyber crime trends in Europe, revealed that ransomware actors have taken advantage of widespread homeworking to launch more sophisticated and targeted attacks.

The accelerated digitalisation of everyday life related to the pandemic has significantly influenced the development of a number of cyber threats, including:

  • Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks. 
  •  Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication.  
  • Online shopping has led to a steep increase in online fraud. 
  • Explicit self-generated sexual material is an increasing concern and is distributed for profit.
  • Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and crypto-currencies. 

Now, Microsoft researchers have discovered that as many as six different Iranian hacker groups are behind several new waves of ransomware attacks that have been identified every six to eight weeks since the end of 2020. 

The Iranian hackers are allegedly deploying ransomware to disrupt targets or to collect funds. Microsoft says that the hacking groups are persistent and prepared to use aggressive brute-force attacks to achieve their goals. According to Microsoft, the most consistent of the groups tracked by the cybersecurity firm is called Phosphorus or APT35 and they have ben tracking the group for the past two years.

Phosphorus was initially known for cyber espionage, however, the group has shifted towards ransomware attacks using Microsoft’s Windows disk-encryption tool BitLocker to encrypt victim files.

Europol have also highlighted the growing use of multi-layered extortion methods to extort service providers, financial institutions and businesses, such as DDoS attacks. Additionally, they observed that cyber-criminals have increasingly recognised the potential to attack a large number of organisations via supply chain attacks, often targeting the ‘weakest link.’ The Kaseya  and SolarWinds incidents are prominent examples of this trend.  

Another concerning finding in the report was an “alarming” rise in self-produced explicit material of children online.

This has been driven by increased unsupervised internet use by children in the pandemic. The authors said children were frequently lured into producing and sharing explicit material of themselves by offenders using fake identities on gaming platforms and social media sites. Additionally, some offenders recorded or captured victims performing live-streamed sexual acts for them without the victims’ knowledge.

  • Other notable trends in the past year included fraudsters continuing to leverage the COVID-19 crisis and increased online shopping to scam victims.
  • There has also been an evolution in mobile malware, with cyber criminals trying to find ways to circumvent additional security measures such as two-factor authentication.

Microsoft's findings suggest that the adoption of ransomware has supported Iranian hackers' efforts in espionage, disruption and destruction and to support physical operations. Their well-stocked toolbox includes ransomware, disk wipers, mobile malware, phishing, password-spray attacks, mass exploitation of vulnerabilities and supply chain attacks.     

EUROPOL:     ZDNet:   Oodaloop:      Infosecurity Magazine:     BlackWeb:    Microsoft

You Might Also Read: 

Diving Into Th Dark Web:

 

« Cyber Effects On The Legal Profession
Non-Profit Organisations & Cyber Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

Bolster

Bolster

Bolster (formerly RedMarlin) is an AI-based cyber-security platform designed to detect phishing and fraudulent sites in real-time.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

CyberMass

CyberMass

CyberMass provides Cyber Advisory/Consulting, Professional and Managed Services offering complete cybersecurity as a service protection to businesses.

HeroDevs

HeroDevs

HeroDevs is the trusted leader in providing secure, long-term support for deprecated open-source software.