Header Ads

Going underground

June 28, 2021

Hi, it's Jamie on the cybersecurity team. There can be such a thing as too much attention. DarkSide and REvil, two of the most prominent ransomware hacker groups out there, have taken to the shadows to escape the spotlight they've garnered in recent weeks, according to analysts who track the groups.

Between the two of them, they have managed to extort tens of millions of dollars from corporations including Colonial Pipeline Co. and JBS SA—and untold other victims who remain silent about the ransoms they've paid.

That the FBI was able to recoup some of DarkSide's winnings and seize some of its servers has cybercriminals rethinking their brazen approach, said Daniel Smith, head of research at cybersecurity firm Radware Ltd.

"Ransomware for the last few months was kind of like drug dealers who were openly standing on the corner, selling drugs. And what has happened is that there is a lot of heat and attention on the corner and the dealers have had to leave," he said.

The groups have altered their tone on the dark web, he said, and when they talk about operations now, they cloak it in terms that suggest other activity, like penetration testing, which many firms carry out to legitimately test the fortitude of their systems.

"There's been a change on these dark net forums, in criminal forums, and they are pulling back into the shadows, not talking directly about targeting victims with ransomware," Smith said.

Some of the Russian hacker forums have banned discussions of ransomware and blocked groups like DarkSide from contributing to conversations, said Jon DiMaggio, chief security strategist at Analyst1, who has long studied Russian cybercriminal activity.

"There is a fear that wasn't there before," he said. "These guys are legitimately concerned right now compared to the normal tone of things."

Some of the conversations DiMaggio shared include chatter about the possibility of extradition to the U.S., how many years a hacker might spend in jail before being eligible for parole and whether the Russian government might turn on them because of political blowback.

Some of that blowback was evident when President Vladimir Putin met with President Joe Biden in Geneva on June 16. Biden asked Putin to consider how bad a pipeline disruption—as happened in the U.S. after the Colonial Pipeline hack—would be on the Russian economy. "He said it would matter," Biden told reporters.

The two leaders agreed to assemble experts to work out what targets might be off limits. Biden said he would be able to track the strength of Putin's commitment by seeing whether he acts against hackers operating within his country's borders.

With all the attention, ransomware groups may be keeping a low profile at present, but Smith predicted it wouldn't last.

"There's way too much money on the table for them to walk away," he said. "All these groups, all these operators and affiliates are making tons of money, and no one's leaving that."Jamie Tarabay

If you read one thing

Apple is exploring bigger iPads, and work continues on development of a car. Meanwhile, Amazon is tinkering with augmented-reality glasses and a foldable Kindle. All of this and more was in the premier issue of Power On by Mark Gurman, a new weekly newsletter from Bloomberg. Sign up here.

And here's what you need to know in global technology news

Amazon and Google face investigations in the U.K. over fake online reviews. Authorities see the content as possible violations of the country's consumer protection rules.

Robinhood was forced to decelerate plans to go public after a prolonged regulatory review in the U.S. The listing, which had been planned for the summer, could slip to the fall.

China crushed Jack Ma, and his fintech rivals are next. An expanding antitrust crackdown from Beijing even threatens the IPO of Didi, the country's dominant ride-hailing provider.

"This is taking longer than I expected," said the CEO of BlackBerry, more than seven years after taking the top job on the promise of a turnaround.

Toshiba shareholders ousted the company's chairman, a rare victory for activist investors targeting a Japanese conglomerate. An expert on corporate governance called it a "hugely shocking result for Japan's business scene."

David Dobrik was the king of YouTube. Then he went too far, according to a story in Rolling Stone that examines how fans turned against the video creator. Dobrik is accused of exploiting his friends' injuries for content.

Like Fully Charged? | Get unlimited access to Bloomberg.com, where you'll find trusted, data-based journalism in 120 countries around the world and expert analysis from exclusive daily newsletters.
You received this message because you are subscribed to Bloomberg's Fully Charged newsletter.
Unsubscribe | Bloomberg.com | Contact Us
Bloomberg L.P. 731 Lexington, New York, NY, 10022

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )