Ransomware, Iranian Hackers & Pornography

Ransomware gangs have increasingly focused on high-profile targets like large corporations and government institutions in the past year, according to Europol’s Internet Organised Crime Threat Assessment 2021 report, and Covid -19 has helped to fuel the increase in cyber crime.

Europol's report offers insights into current cyber crime trends in Europe, revealed that ransomware actors have taken advantage of widespread homeworking to launch more sophisticated and targeted attacks.

The accelerated digitalisation of everyday life related to the pandemic has significantly influenced the development of a number of cyber threats, including:

  • Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks. 
  •  Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication.  
  • Online shopping has led to a steep increase in online fraud. 
  • Explicit self-generated sexual material is an increasing concern and is distributed for profit.
  • Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and crypto-currencies. 

Now, Microsoft researchers have discovered that as many as six different Iranian hacker groups are behind several new waves of ransomware attacks that have been identified every six to eight weeks since the end of 2020. 

The Iranian hackers are allegedly deploying ransomware to disrupt targets or to collect funds. Microsoft says that the hacking groups are persistent and prepared to use aggressive brute-force attacks to achieve their goals. According to Microsoft, the most consistent of the groups tracked by the cybersecurity firm is called Phosphorus or APT35 and they have ben tracking the group for the past two years.

Phosphorus was initially known for cyber espionage, however, the group has shifted towards ransomware attacks using Microsoft’s Windows disk-encryption tool BitLocker to encrypt victim files.

Europol have also highlighted the growing use of multi-layered extortion methods to extort service providers, financial institutions and businesses, such as DDoS attacks. Additionally, they observed that cyber-criminals have increasingly recognised the potential to attack a large number of organisations via supply chain attacks, often targeting the ‘weakest link.’ The Kaseya  and SolarWinds incidents are prominent examples of this trend.  

Another concerning finding in the report was an “alarming” rise in self-produced explicit material of children online.

This has been driven by increased unsupervised internet use by children in the pandemic. The authors said children were frequently lured into producing and sharing explicit material of themselves by offenders using fake identities on gaming platforms and social media sites. Additionally, some offenders recorded or captured victims performing live-streamed sexual acts for them without the victims’ knowledge.

  • Other notable trends in the past year included fraudsters continuing to leverage the COVID-19 crisis and increased online shopping to scam victims.
  • There has also been an evolution in mobile malware, with cyber criminals trying to find ways to circumvent additional security measures such as two-factor authentication.

Microsoft's findings suggest that the adoption of ransomware has supported Iranian hackers' efforts in espionage, disruption and destruction and to support physical operations. Their well-stocked toolbox includes ransomware, disk wipers, mobile malware, phishing, password-spray attacks, mass exploitation of vulnerabilities and supply chain attacks.     

EUROPOL:     ZDNet:   Oodaloop:      Infosecurity Magazine:     BlackWeb:    Microsoft

You Might Also Read: 

Diving Into Th Dark Web:

 

« Cyber Effects On The Legal Profession
Non-Profit Organisations & Cyber Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

National Response Centre for Cyber Crime (NR3C) - Pakistan

National Response Centre for Cyber Crime (NR3C) - Pakistan

National Response Centre for Cyber Crime (NR3C) is a law enforcement agency in Pakistan dedicated to fighting cyber crime.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

FirstPoint

FirstPoint

FirstPoint has developed the market’s most advanced solution for securing cellular devices, including mobile phones and IoT products, by blocking malicious data leakage.

National Cybersecurity Society (NCSS) - USA

National Cybersecurity Society (NCSS) - USA

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

Blue Lance

Blue Lance

Blue Lance is a global provider of cybersecurity governance solutions. Our software solutions automatically collect and store the information necessary for investigations, audit and compliance.

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

BIO-key

BIO-key

BIO-key is a pioneer and innovator, we are recognized as a leading developer of fingerprint biometric authentication and security solutions.

Cognyte

Cognyte

Cognyte is a global leader in investigative analytics software that empowers a variety of government and other organizations with Actionable Intelligence for a Safer World.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

Sendmarc

Sendmarc

Sendmarc automates the process of protecting your domain from being used in email impersonation and phishing attacks.

Eficens Systems

Eficens Systems

Eficens Systems is a global IT services and consulting company. We specialize in empowering businesses to harness the potential of Information Technology as a strategic asset.

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Auto-ISAC provides a forum for companies to analyze and identify threats sooner and share solutions that enhance vehicle cybersecurity.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.

Cyber Intell Solution (CIS)

Cyber Intell Solution (CIS)

Cyber Intell Solution provide expert consulting, specialized products, and tailored operational services to governmental and corporate industry worldwide.

Quantum Bridge

Quantum Bridge

Our unbreakable key distribution technology ensures the highest level of protection for your critical infrastructure and sensitive data in an evolving digital landscape.

Cyber Castle

Cyber Castle

Linux Demands Sophisticated, Purpose-Built Security. Cyber Castle is the solution. A safe, deployable platform down to the edge device for monitoring Linux security anywhere across the globe.