Ransomware Hackers arrested in Ukraine
Law enforcement agencies have announced the arrest of two “prolific ransomware operators” in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents.
The joint exercise was undertaken on September 28 by officials from the French National Gendarmerie, the Ukrainian National Police, and the U.S. Federal Bureau of Investigation (FBI), alongside participation from the Europol’s European Cybercrime Centre and the INTERPOL’s Cyber Fusion Centre.
One of the two arrestees, a 25-year-old Ukrainian national, allegedly deployed “virus software” by breaking into remote working programs, with the intrusions staged through social engineering campaigns that delivered spam messages containing malicious content to corporate email inboxes, the agency added.
The development comes over three months after the Ukrainian authorities took steps to arrest members of the Clop ransomware gang and disrupt the infrastructure the group employed in attacks targeting victims worldwide dating all the way back to 2019.
A newly discovered data exfiltration mechanism employs Ethernet cables as a “transmitting antenna” to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research.
“It’s interesting that the wires that came to protect the air-gap become the vulnerability of the air gap in this attack,” Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, told The Hacker News.
Dubbed “LANtenna Attack,” the novel technique enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas. The transmitted signals can then be intercepted by a nearby software-defined radio (SDR) receiver wirelessly, the data decoded, and sent to an attacker who is in an adjacent room.
“Notably, the malicious code can run in an ordinary user-mode process and successfully operate from within a virtual machine,” the researchers noted in an accompanying paper titled “LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables.”
UK plans to invest £5 billion cybersecurity
The United Kingdom has revealed plans to invest £5 billion in bolstering national cybersecurity that includes creating a “Cyber Force” unit to perform retaliatory attacks.
As the UK’s Secretary of State for Defense Ben Wallace points out in an interview with The Telegraph, Britain isn’t just looking to strengthen its stance against threats, but also to build up its capacity to launch retaliatory assaults.
One thing to note is that none of the above is novel in the sense that Britain has been engaging in offensive cyber campaigns against the Islamic State, paedophiles, and various foreign hacking groups since at least 2018.
However, the £5 billion investment is meant to build upon these sporadic campaigns and create the ground for permanent deterrent operations against external threats and foreign adversaries.
Click here to read the latest CyberNews