From dispossessor to disposed.

The FBI is the repossessor of Dispossessor. The NCA collars and extradites a notorious cybercriminal. A German company loses sixty millions dollars to business email compromise. DeathGrip is a new Ransomware-as-a-Service (RaaS) platform. Russia blocks access to Signal. NIST publishes post-quantum cryptography standards. DARPA awards $14 million to teams competing in the AI Cyber Challenge. On our Solution Spotlight, N2K President Simone Petrella talks with Lee Parrish, CISO of Newell Brands, about his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security". AI generates impossible code - for knitters and crocheters.

Today is Tuesday August 13th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The FBI is the repossessor of Dispossessor. 

In a major international crackdown, the FBI and partners have dismantled the criminal ransomware group “Dispossessor,” suspected to be a rebranded version of LockBit. The operation, involving the FBI, UK’s National Crime Agency, and German authorities, led to the seizure of over 30 servers and domains across the US, UK, and Germany. Dispossessor, which emerged in August 2023, quickly gained notoriety for its ransomware-as-a-service model, allowing affiliates to launch attacks globally. The group was linked to attacks on 43 companies in various countries. Speculation surrounds Dispossessor’s connection to LockBit, with evidence suggesting a possible rebranding effort. SOCRadar noted that Dispossessor’s website closely resembled LockBit’s, reinforcing these suspicions. The takedown is a significant blow to the group, but with its decentralized structure, law enforcement may still face challenges in fully eradicating their operations. The investigation continues as authorities scrutinize the seized servers.

The NCA collars and extradites a notorious cybercriminal. 

In a coordinated international operation, the National Crime Agency (NCA) has arrested and extradited Maksim Silnikau, a prominent Russian-speaking cybercriminal linked to the notorious cybercrime network that borrowed the name  J.P. Morgan for its branding. Silnikau, operating under various aliases, was apprehended in Spain and extradited to the US to face charges. His network, active since 2011, pioneered ransomware-as-a-service and exploit kits, including the infamous Reveton and Angler Exploit Kit, which extorted millions from victims worldwide. The NCA, working with global partners, traced and dismantled this group’s activities, leading to significant disruptions in their operations. Their malvertising campaigns affected over half a billion victims globally. The investigation continues as authorities review evidence and pursue additional suspects connected to this cybercrime ring.

A German company loses sixty millions dollars to business email compromise. 

Luxembourg-based chemicals and manufacturing giant Orion SA disclosed a $60 million loss due to a criminal wire fraud scheme, likely a business email compromise (BEC) attack. The fraud involved a company employee being tricked into authorizing multiple fraudulent wire transfers to unknown accounts. Despite the significant financial hit, Orion’s operations and data remain unaffected, with no system breaches reported. The company has informed law enforcement and is exploring all options, including insurance, to recover the funds. Orion’s overall financial outlook remains strong despite the incident.

Meanwhile, Swiss manufacturing giant Schlatter Group is investigating a ransomware attack that disrupted its IT network and led to a blackmail attempt. The company, specializing in plant engineering and welding, detected the attack on Friday, initiating security measures and involving law enforcement. Currently, Schlatter has no access to its email system and is assessing potential data theft. While no ransomware group has claimed responsibility, Schlatter’s ICT experts are working to restore systems. The company reported nearly $150 million in sales last year.

DeathGrip is a new Ransomware-as-a-Service (RaaS) platform. 

A new Ransomware-as-a-Service (RaaS) platform, DeathGrip, has emerged, making sophisticated ransomware tools accessible to cybercriminals with limited technical expertise. Promoted on Telegram and underground forums, DeathGrip offers advanced tools like LockBit 3.0 and Chaos Builders, derived from leaked ransomware builders, enabling users to launch effective ransomware attacks with ease. This platform underscores the increasing accessibility of cybercrime tools, raising the threat level for businesses and individuals worldwide. Real-world incidents involving DeathGrip have already surfaced, demonstrating its potential to cause significant harm. The proliferation of such RaaS platforms highlights the urgent need for enhanced cybersecurity measures, including robust security protocols, regular updates, and employee training. Collaborative efforts among governments, private sectors, and cybersecurity experts are crucial in combating this evolving threat and safeguarding sensitive data from ransomware attacks.

Russia blocks access to Signal. 

Russia’s state communications watchdog, Roskomnadzor, has blocked access to the Signal messaging app, citing violations of Russian legislation aimed at preventing its use for terrorist purposes. This move is part of a broader crackdown on dissent and media freedom following Russia’s invasion of Ukraine. The government has previously blocked independent media, Twitter (now X), Facebook, and Instagram. Additionally, YouTube has faced mass outages, which experts believe may be part of the Kremlin’s efforts to limit access to opposition views.

NIST publishes post-quantum cryptography standards. 

NIST has officially published three post-quantum cryptography (PQC) standards—ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (Sphincs+)—with a fourth, FN-DSA (Falcon), chosen for future standardization. These standards aim to protect against quantum computing threats, which could potentially decrypt current asymmetric encryption methods. IBM played a significant role in developing these algorithms and worked with NIST in establishing the PQC framework. While quantum computers pose the most immediate threat, other emerging technologies like AI and optical computing could also challenge current encryption. The new PQC standards, combined with crypto agility—allowing rapid adaptation to new algorithms—offer a stronger, though not absolute, defense against future decryption threats, ensuring data remains adequately secure for the foreseeable future.

DARPA awards $14 million to teams competing in the AI Cyber Challenge. 

DARPA has awarded $14 million to seven teams competing in the AI Cyber Challenge (AIxCC), a competition aimed at developing AI systems that can identify and patch vulnerabilities in open-source software. The semifinalist teams, including 42-b3yond-6ug, Shellphish, and Trail of Bits, received $2 million each and will advance to the final competition in August 2025. The AIxCC, run in collaboration with the Advanced Research Projects Agency for Health (ARPA-H), challenges participants to create Cyber Reasoning Systems capable of automatically finding and fixing vulnerabilities in critical software like the Linux kernel and Jenkins. The competition highlights the potential of AI to secure critical infrastructure and may lead to commercializing and open-sourcing these technologies to enhance cybersecurity across various sectors.

Up next, we’ve got our Solution Spotlight. Today, N2K’s president Simone Petrella speaks with Lee Parrish, CISO of Newell Brands, about his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security." We’ll be right back. 

Welcome back. You can hear Simone’s full conversation with Lee Parrish on our Special Edition podcast. There’s a link in your show notes. 

 

AI generates impossible code - for knitters and crocheters. 

And finally, it’s no shock that scammers would embrace AI—it’s a match made in cyber-heaven for nefarious activities. But here’s a twist: they’ve set their sights on crafters and makers! Yes, the crafty folks on platforms like Etsy are now dealing with AI-generated patterns that can turn your knitting or crochet dreams into a nightmare. Imagine spending weeks on a project only to find out the pattern was flawed from the start, courtesy of AI. From impossibly intricate stitches to bizarre, unusable designs, these fake patterns are causing headaches and wasting time. 

For more on this story I’m joined by our CyberWire special knitting and crocheting correspondent Maria Varmazis.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.