Global Law Enforcement Shatters LockBit Cybercrime Network: Seizes Infrastructure and Aids Victims in Unprecedented Operation
In a win for the good guys, the UK’s National Crime Agency (NCA) has successfully infiltrated LockBit, the notorious cybercrime group, by taking over its main administrative and leak platforms on the dark web. The move disrupts the group's ability to orchestrate attacks and publicise stolen data. Instead, the NCA plans to use the site to reveal LockBit's inner workings. Crucial intelligence, including the LockBit platform’s source code and data on its operations and affiliates, has been seized.
The operation, codenamed Operation Cronos, is a collaborative effort between the NCA, FBI, and international partners from ten countries, aimed at dismantling LockBit's infrastructure and arresting key figures. The operation has already resulted in the seizure of servers in three countries, the arrest of two LockBit members, and the freezing of over 200 cryptocurrency accounts. The US Department of Justice has charged individuals linked to LockBit, emphasizing the international resolve to combat cybercrime.
The NCA has also secured decryption keys to aid victims, underscoring the commitment to not only disrupt but also to aid recovery from LockBit's ransomware attacks. The operation signifies a major victory against cybercriminals, highlighting the effectiveness of international law enforcement collaboration.
FBI Director Accuses China of Major Cyber Espionage Against US Infrastructure Amid Global Security Tensions
FBI Director Christopher Wray raised alarms over China's alleged cyber intrusions into critical US infrastructure, labelling the threat unprecedented in scale.
Speaking at the Munich Security Conference on Monday, Wray emphasized the FBI's dedication to neutralizing what he views as a significant threat to US national security. He highlighted the agency's efforts to collaborate with partners to counteract these cyber threats with agility and awareness.
In contrast, China's Foreign Ministry spokesperson Mao Ning criticized the accusations, denying any cyber-attacks from China and accusing the US of distorting facts. Mao referenced reports from China's cyber security agencies and the 360 Security Group, which allege long-term cyber espionage by US agencies against China, showcasing the deepening cyber conflict between the two superpowers.
Germany’s PSI Software SE Hit by Ransomware Attack, Swift Action Limits Damage to Internal Systems
PSI Software SE, a leading German software company for energy and logistics sectors, confirmed its recent cyber disruption was a result of a ransomware attack. The global firm, employing over 2,000, faced significant operational challenges following the February 15th cyberattack, leading to a shutdown of IT systems including email to prevent data breaches. The attack specifically targeted PSI's internal infrastructure, with the company actively investigating the breach's origin. Initial findings indicate no customer systems were compromised. PSI responded swiftly, isolating affected systems and working closely with the Federal Office for Information Security for incident response since February 16th .
New report unveils surge in cyberattacks using legitimate user accounts as primary entry point
IBM's 2024 X-Force Threat Intelligence Index highlights a shift in cybercriminal tactics, with attackers increasingly using legitimate user accounts to breach corporate networks. The report, drawing from monitoring over 150 billion security events daily across 130 countries, shows a preference for exploiting existing credentials over direct hacking attempts.
In the UK, 50% of cyberattacks involved compromised accounts, with a significant rise in attacks across Europe. IBM's analysis also revealed a 266% surge in info stealing malware, emphasizing the critical threat posed by credential theft. With valid account use making detection and response more challenging, IBM advises reinforcing foundational security and enhancing identity management.
The findings underscore the urgent need for businesses to strengthen defences against sophisticated account exploitation, highlighting the critical role of strategic security measures in combating cyber threats.
Anonymous Sudan launched DDoS attacks on UK universities in political protest, disrupting academic networks
Several UK universities experienced disruptions due to a DDoS attack claimed by Anonymous Sudan.
The University of Cambridge’s Clinical School Computing Service announced on X that internet access was affected starting 15:00 GMT on February 19th, impacting "multiple universities."
Although the network disruption largely subsided by February 20th, some systems continued to face issues. The attack, which also affected the University of Manchester, targeted the Janet Network, essential for UK research and education sectors.
Anonymous Sudan justified the attack as a response to the UK government's stance on conflicts in Gaza and Yemen.
The attacks highlight the growing cyber-threat to UK academic institutions.
