At a glance.
- Inside the Lapsus$ ransomware gang.
- CafePress penalized for customer data breach.
- The undoing of Conti.
- Suspect wanted by FBI arrested in Nigeria.
Inside the Lapsus$ ransomware gang.
The Lapsus$ threat group has taken credit for several recent cyberattacks against high-profile targets like Samsung, Nvidia, and Ubisoft, and Wired offers a glimpse at the gang’s unconventional tactics. Appearing on the scene just last December, Lapsus$’s modus operandi differs from other threat groups’ in that it eschews the typical exfiltrate-encrypt-extort playbook, instead concentrating on the data theft and extortion, and the gang has a flair for the dramatic in its demands. In the attack on Brazilian car rental company Localiza, they redirected the company’s website to an adult media platform. And after accusing chipmaker Nvidia of “hacking back,” Lapsus$ ordered the company to remove an anti-crypto-mining feature from its GPUs and release drivers for its chips. This focus on cryptocurrency mining supports the group’s adamant claims that their motivations are purely financial, not political. Emsisoft threat analyst Brett Callow comments, “It’s all been quite erratic and unusual. My sense is that they are a talented but inexperienced operation. Whether they will seek to expand and bring on affiliates or keep it small and lean remains to be seen.”
CafePress penalized for customer data breach.
The US Federal Trade Commission (FTC) has announced that it’s ordering e-commerce platform CafePress to improve its data security and is requiring that the company’s former owner, Residual Pumpkin Entity, LLC, pay half a million dollars in compensation for a recent data breach. The customized merchandise site allegedly failed to properly protect consumers’ sensitive personal data, and subsequently attempted to cover up the data leak. Director of the FTC’s Bureau of Consumer Protection Samuel Levine explained, “CafePress employed careless security practices and concealed multiple breaches from consumers. These orders dial up accountability for lax security practices, requiring redress for small businesses that were harmed, and specific controls, like multi-factor authentication, to better safeguard personal information.”
Felix Rosbach, VP of product management with data security specialists comforte AG, commented on the lessons the incident holds for users:
“Storing sensitive data such as social security numbers and password reset answers in plain text is not acceptable anymore. Under privacy laws organizations have to protect privacy and thus the data of individuals under all circumstances. Unfortunately many organizations still lack a solid cyber and data security strategy and don’t make use of modern approaches. This will not only result in hefty fines but also in lost consumer trust which might have a long term impact.
"Users should be very careful when choosing password reset answers. Besides the fact that this is not considered a good method of authentication and multi factor authentication should always be favoured, consumers should be aware that those answers might be leaked someday. The best approach is to pick random answers and store them alongside your password in a password manager to ensure a leak of this doesn’t affect other accounts or even worse makes your secrets public.”
The undoing of Conti.
Wired recounts the history of the Conti ransomware group, and how Russia’s invasion of Ukraine led to the gang’s downfall. Shortly after Russian President Vladimir Putin’s troops invaded Ukraine in February, Conti posted a message offering “full support” to Russia and pledging to attack the critical infrastructure of any nations who might retaliate. Though many of Conti’s members reside in Russia, the statement sparked discord among the group, as some of its hackers are opposed to the invasion. The statement caused even further damage as, just days later, a Ukrainian cybersecurity researcher who had infiltrated the group published over 60,000 Conti chat messages, source code, and internal documents on a Twitter account called @ContiLeaks. The leak is the largest of its kind and gave the public unparalleled access to Conti’s inner workings: its corporate-modeled hierarchy headed by “big Boss” Stern, recruitment plans, negotiation tactics, bitcoin addresses, and methods for eluding the authorities. Security researcher Soufiane Tahiri said, “If this information is true, it definitely makes life easier for law enforcement. By dismantling the group behind Trickbot/Conti we can be sure that the whole infrastructure will suffer.”
Suspect wanted by FBI arrested in Nigeria.
The Nigerian Economic and Financial Crime Commission (EFCC) announced Monday that Nigerian authorities had arrested Osondu Victor Igwilo, a suspect on the US Federal Bureau of Investigation’s (FBI) most wanted list for committing wire fraud conspiracy, money laundering, and aggravated identity theft. The Record by Recorded Future reports that Igwilo allegedly headed an email phishing operation in which his network of “catchers” posed as representatives of BB&T Bank offering investment funding to their targets. The group allegedly defrauded approximately $100 million from its victims, then laundered the money through US bank accounts to funnel it to Igwilo. The US Diplomatic Mission Nigeria called the arrest a collaborative effort between the FBI and EFCC on Twitter, stating, "With Justice as our mutual priority, we congratulate @officialEFCC for partnering with the @FBI & arresting long-time wanted suspect Igwilo for fraud conspiracy, money laundering and aggravated identity theft.” Igwilo, along with three other suspects arrested with him, is being detained by the EFCC while he awaits court charges.