Cybersecurity Snapshots #24 - Cybercriminals Feeling the Heat From Law Enforcement
Cybersecurity Snapshots #24 -
Cybercriminals Feeling the Heat From Law Enforcement
Researchers at SonicWall discovered that the number of ransomware attacks in the first three quarters of 2021 surged 148% year-on-year to reach 470 million. This makes 2021 already the worst year on record for attacks, the researchers stated. This year, there has also been an increase in Business Email Compromise (BEC) attacks, and the FBI claimed that BEC has been the highest-grossing cybercrime category over the past three years. Even though cyberattacks are increasing, law enforcement is getting better at tracking and arresting adversaries who perform cyberattacks.
Irish police, during an 18-month long operation, were able to arrest over 400 suspects behind BEC attacks. The investigators were able to reveal links between an Ireland-based gang and notorious Nigerian crime syndicate Black Axe, which also focuses on BEC scams. Interpol's Global Financial Crime Task Force (IGFCTF) provided on-the-ground support to the Irish Garda National Economic Crime Bureau (GNECB) to help share intelligence with international forces. Interpol also helped Irish police with digital forensic work, downloading data and call records from seized devices, and analyzing the evidence "through a global lens." This has already triggered cooperative investigations with police in the US and South Africa, Interpol said. Interpol claimed that arrests and prosecutions outside of Ireland are foreseen as ongoing investigations unfold. Interpol also recently announced the arrest of six members of the Clop (aka Cl0p) ransomware group. Clop ransomware group has conducted ransomware attacks on numerous private and public organizations in Korea, the US, and elsewhere.
Twelve threat actors were singled out by Europol last week in a significant ransomware operation targeting multiple organized crime groups. The unnamed suspects are believed to have been involved in deploying the LockerGoga, MegaCortex, and Dharma variants or laundering the proceeds, the trans-national policing group claimed. It is not clear whether the 12 have been arrested or charged. Europol would only say that they are "high-value targets" under investigation in multiple high-profile cases in different jurisdictions. Police from Norway, France, the Netherlands, U.K., Ukraine, Germany, Switzerland, and the US worked alongside Europol and Eurojust, the European Union Agency for Criminal Justice Cooperation, to help identify the twelve threat actors.
Europol also recently announced that law enforcement agencies in several countries arrested seven people allegedly linked to REvil and GrandCrap ransomware operations. The arrests have been carried out since February. Three suspects were arrested in South Korea, one in Kuwait, two in Romania, and one in an unnamed European country. Five of the suspects are believed to have been involved in cyberattacks that leveraged REvil (aka Sodinokibi) ransomware, while the other two have been linked to GandCrab attacks.
Even though the number of cyberattacks encountered each year is growing, there is still a good amount of hope as law enforcement gets better at tracking and arresting cybercriminals. Interpol's director of cybercrime, Craig Jones, stated that "despite spiraling global ransomware attacks, this police-private sector coalition saw one of global law enforcement's first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly." Chief data scientist Bob Rudis at Rapid7 stated that it is encouraging to see what can be done when policy meets enablement and authorities are given support and resources to take decisive action. He also said that "I'm hopeful that as more criminals are caught and prosecuted, and as their ill-gotten gains are recovered, we will finally start to see attackers move on to other, less risky business models (or go away completely, but that is more of a dream than likelihood)."