The US Justice Department has achieved another feat in cyber warfare after dismantling the cybercrime network of Turla, a criminal gang linked to Russia, said to be one of the world’s most sophisticated cyber-espionage groups.

Federal authorities announced on Tuesday that the cybersecurity and intelligence agencies of all Five Eyes member countries have removed infrastructure used by the Snake cyber-espionage malware operated by Russia’s Federal Security Service (FSB).

The DOJ also reported neutralizing the Snake malware used by the group. Reports claim it was found on computers in 50 countries and was previously labeled by US intelligence as “one of the most sophisticated malware sets used by Russian intelligence services”.

Malicious cyber actors used Viper to access and infiltrate sensitive international relations documents and other diplomatic communications through a victim in a NATO country. In the US, the FSB has targeted industries including educational institutions, small businesses, and media organizations.

Critical Infrastructure Hit by Aging Snake Malware

According to the Cyber ​​Security and Infrastructure Security Agency (CISA) report, critical infrastructure sectors such as local government, finance, manufacturing and telecommunications have also been affected. CISA is the lead agency responsible for protecting the country’s critical infrastructure from physical and cyber threats.

Takedown’s announcement took some cybersecurity experts by surprise due to its aging nature. Until the takedown the FSB was still using Snake. The Snake backdoor is an older framework that was developed in 2003 and linked to the FSB several times by several security vendors, according to Frank van Overen, manager of Threat Intelligence and Security Research at Fox-IT, part of the NCC Group.

“Normally, you would expect nation-state actors to burn down the framework and start developing something new. But Snake itself is sophisticated and well put together, which shows that the framework is being developed.” how much time and money was spent in it,” he told TechNewsWorld.

high profile victory

Assistant Attorney General of the Justice Department’s National Security Division, Matthew G. “For 20 years, the FSB has relied on the Snake malware to conduct cyber espionage against the United States and our allies – that ends today,” Olsen said.

Obviously, the operators of the snake backdoor made some mistakes. Van Overen explained that cyber sleuths often manage to pull off takedowns this way.

“Over the past few years, several takedowns were carried out on backdoors/botnets of the Russian intelligence service, which shows some degree of amateurishness. But Turla has shown his skill and creativity [throughout]And it should not be underestimated,” he said.

According to NCC Group’s Fox-IT team, the Snake backdoor is only used for high-profile targets, such as governments, the public sector, or organizations working together with the two.

“This backdoor is used solely for espionage and to stay under the radar for as long as possible,” he said.

hiding in plain sight

A few years ago, Van Overen’s security team worked on an incident response case where Snake malware was observed. During this case, Turla went undetected for some years and was only found by pure luck, van Ooveren explained. The backdoor was used to falsify sensitive documents belonging to the victim organization.

“Turla will most likely continue with a different structure, but it’s always a wonder what the group will do,” he offered.

In recent days, the Russian intelligence service has created a number of backdoors in various programming languages, Van Overen said. This shows their willingness to develop new tools for their operations, and they hope that they will now develop a similar toolkit in a different programming language.

“Don’t underestimate groups using the snake backdoor. As we’ve seen before, it’s persistent and usually goes undetected for years before it’s discovered on the target network,” he warned. Gave.

Snake victims should always deal with well known incident response firms. He warned that these attacks and backdoor access are too sophisticated to handle on our own.

stay safe

James Lively, endpoint security research specialist at Tanium, advised that organizations can take several steps to protect themselves from malware attacks such as Snake malware. These efforts include ensuring that the organization has an accurate inventory of assets, that systems are patched and updated, phishing campaigns and training are conducted, and that strong access controls are implemented.

“International cooperation to combat cybercrime can also be improved by encouraging information sharing and signing agreements and NDAs and conducting joint investigations,” he told TechNewsWorld.

The biggest cyber security threat facing organizations today is the insider threat. Organizations can do little to prevent a disgruntled employee or someone with high access from causing catastrophic damage.

“To combat this threat, organizations should limit access to resources and give users the minimum permissions they need to perform their duties,” Lively suggested.

The key lesson to be learned from the Snake malware network disruption is that it only takes one unpatched system or one untrained user to click on a phishing link to compromise an entire organization, he explained. Taking the low-hanging fruit or the route of least resistance is often the attacker’s first goal.

“A prime example of this is an old unpublished system that is publicly facing the Internet and has been forgotten by the organization,” he offered as an example.

international cooperation required

Taking down an extensive network run by a state-level security agency is undoubtedly a major undertaking. But even with that, it’s still surprising that the Snake malware was able to operate for as long as it did, observed Mike Parkin, senior technical engineer at enterprise cyber risk remediation firm Vulkan Cyber.

Threat actors can use a number of different attack vectors to land their malware payloads, so there’s never just one thing. That said, user education is important because an organization’s users are its widest and most complex threat surface.

According to Parkin, organizations also need to ensure that their operating systems and applications are kept up to date with a consistent and effective patch program – and ensure that applications are deployed to industry best practices with secure configurations. went.

“Dealing with international politics and geopolitical issues, cooperating effectively across borders can be a real challenge. Most Western countries can work together, although jurisdictional challenges often get in the way. And obtaining cooperation from nations that may be uncooperative and actively hostile can make some threat actors impossible to deal with,” he told TechNewsWorld.

A new analysis of data from the FBI’s Internet Crime Complaint Center (IC3) shows that Nevada has the most cybercrime victims by a larger margin than any other state in the union – 801 per 100,000 Internet users, four times the national average. .

An analysis by Surfshark, a privacy protection toolset developer based in Lithuania, states that the most common cybercrime committed in Nevada is identity theft, which may be because it is home to Las Vegas.

“With Nevada, it is easy to predict that identity thieves are targeting tourists who gamble,” said Mike Parkin, a senior technical engineer at Vulkan Cyber, a SaaS for enterprise cyber risk prevention in Tel Aviv, Israel. one provider told TechNewsWorld.

In 2021, Surfshark analysts said, there were 9,054 victims of identity theft in Nevada or 49% of all cybercrime victims.

Other states with high cybercrime victim rates per 100,000 Internet users include Iowa (342), Alaska (322), and Florida (293).

“These statistics from the FBI’s IC3 division help paint the overall picture of identity crimes committed each year in the US,” said James E. Lee, chief operating officer of the Identity Theft Resource Center (ITRC) in San Diego.

“When you add up the more than 1.4 million reports of identity theft filed with the FTC in 2021, the 15,000 ID crime victims who contacted the ITRC in 2021, and the 190 million victims of data compromise tracked by the ITRC in 2021, So you start to look at the enormity of the problem presented by identity crimes,” Lee told TechNewsWorld.

“The bottom line is this: There are more identity theft crimes reported each year in the US than all other crimes except theft combined,” he said. “And the volume and velocity of identity crimes continue to increase, along with their financial impact.”

purp hotbed

Nevada is also a hotbed for cybercriminals, with 150 cybercriminals per 100,000 Internet users, nearly three times the national average, according to analysts.

He explained that although threat actors outside the United States commit many cyber crimes, the FBI has identified a significant number of cyber criminals within US borders. In most cases, the FBI can identify the specific state where a cybercriminal is located, allowing them to see which states have the most cybercriminals per capita.

Only two other states reached triple digits in percentage per 100,000 Internet users: Delaware (120) and Maryland (113).

“It is interesting that Nevada had both the highest victims and highest offenders, while Nevada was in the bottom three in terms of victim harm,” Parkin observed.

According to analysts, the average victim of cybercrime in Nevada loses $4,728 per scam, while scammers average $4,280 per swindled in West Virginia and $3,820 in Iowa.

“Without a deeper analysis, it is difficult to say why the numbers are trending this way,” Parkin continued, “although Nevada is unique in demographics, local culture, and major industries, which may all play a role.”

badlands bad men

“Cybercrime is a growing concern in Nevada and across the country,” said John T. Sandler, spokesman for Nevada Attorney General Aaron D. Ford.

“Our office has conducted extensive campaigns to educate Nevadans about the many different ways scammers like to target residents in their daily lives,” Sandler told TechNewsWorld. “These include phishing, romance, solicitation, gift card, holiday and government fraud scams.”

“AG Ford also joins a bipartisan coalition of attorneys general urging the FTC to adopt a national rule targeting impersonation scams,” he said.

While Nevada has the lowest losses for cybercrime victims, North Dakota has the highest losses at $31,711 per scam.

Analysts said studies have shown that the two most vulnerable age groups to cybercrime are youth under 25 and people 75 and older. He argued that 41% of North Dakota’s population is in those age groups which may contribute to that high loss figure.

However, Parkin pointed out that North Dakota’s small population, 774,948, may have influenced the statistics in the analysis.

Although the most profitable cybercrimes nationally are fund transfers via email and fake investment schemes, this is not the case in North Dakota, where 50% of money lost in cybercrime – $12.1 million – was committed by pretending to be friends or family. Lost to bandits, or romantic online relationships.

Other states with high per capita losses from cybercrime include New York ($19,266), South Dakota ($19,065), and California ($18,302).

Seniors most targeted

The analysts also revealed that the average cyberthief clears $14,048 per scam, but that too, from a state between Colorado ($33,605), Louisiana ($31,064), New York ($29,919) and Wyoming ($27,918) There can be a lot of ups and downs in other states. Highest. Among the lowest were West Virginia ($2,630), Nebraska ($4,148), Montana ($4,327), and Connecticut ($4,394).

In states where criminals commit the most thefts, cybercriminals are increasingly targeting small to medium-sized businesses with financial capital, analysts said.

He said the most profitable cybercrime in New York was investment scams, accounting for 34% of all money lost due to cybercrime in 2021. By comparison, only 19% of all money swindled through cybercrime nationwide in 2021 were investment scams.

Analysts said that the age group most prone to cyber crimes are seniors. In 2021, $1.7 billion is expected to be paid to 92,371 Americans age 60 and older.

Analysts say that while senior citizens have been the worst hit by cybercrime, other age groups have been disproportionately victimized. For example, people in the 40 to 49 year old group represent only 12.4% of the population, but account for 20.8% of all cybercrime victims in the United States. On the other side of the coin, people under the age of 20 represent 24.8% of the population, but only 3.5% of cybercrime victims.

There are also some variations by state, analysts said. For example, in 16 states, the most targeted age group was 59 and under, and in Iowa, the most targeted group was 20 to 29-year-olds.

“From a ‘who can I steal from’ perspective,” Parkin said, “children and the elderly are probably easier targets than people in the 40 to 49 range, but they are likely to have fewer resources to target.”

Analyzing cyber crime on a state-by-state basis can be useful for criminals, he said. “Understanding victims and target demographics can be used to develop specific techniques to help prevent attacks,” he added. “It may also help to understand why attacks are more or less effective in different regions.”