Search This Blog

Showing posts with label Cybersecurity. Show all posts

Trukno: "On A Mission To Deliver Cyber Intelligence, Not Cyber News"

 

Trukno: Virtual Threat Intelligence Analyst to launch their Broad Beta Version on 22nd December. Every second a new attack in cyberspace takes place, according to a report by Acronis 32% of companies are attacked at least once a day and to keep up with these threats and attacks is a mind picking process. There are two ways of keeping up with Cyber Security- a) being updated with cyber blogs or b) hiring your own cyber threat analyst. But Trukno is a platform that provides a virtual threat intelligence analyst for people who want to keep up with cybersecurity, be up to date on recent attacks as well as to know the threat actors and attack landscape trend with their syndicated search engine and threat curator. 

Set to launch their Broad Beta version on 22nd December, for individuals who are full-time cybersecurity analysts as well as for the majority of people who want to know the how and happenings in cybersecurity in a much faster, easier, and detailed way. 

Ehacking news had a discussion with Trukno CEO and Founder Manish Kapoor, Co-Founder Noah Binstock, and Team about their platform, how it works, features and advantages. 

I'm sharing below the details from the interview with you all, read to know about Trukno and how you can set up a beta account for yourself: 

The Story Behind Trukno Mr. Manish (CEO and Founder): We formed Trukno in Oct 2018 in Denver Colorado. Before that I was in Cisco, which is a big networking company also very focused on Cybersecurity, I was there for 10 years and what I did day to day was to help the world’s largest service providers like AT&T, Telstra help them understand the latest going on in cybersecurity and based upon that help them build cybersecurity services they could sell to their enterprise customers using Cisco system products - that was the essence of what my team and I did and when you do that you’re going in front of the world’s largest cybersecurity companies so they know what they’re talking about in cybersecurity and hence I had the constant pressure to keep up with cybersecurity latest threats and how those could be turned into new services and I tell you it’s easier said than done. In preparation, I would blog hop from one blog to another and very quickly I started to realize, there is a difference between keeping up with cyber news vs. keeping up with cyber threats. 

The whole process would take me hours leaving me more confused and that's when I realized something is missing either I don't have the right tools or there must be a better way since then we have probably talked to 504 folks in cybersecurity from Cisco to stock analyst to researchers and we realized that this problem was not just isolated for me that problem exists for the cyber community in general. So what tools that exist today in cybersecurity are targeted for deep-dive practitioners who want to see the bits and bytes and it's a full-time job just to keep up with it and only the largest corporations in the world can hire dedicated threat intelligence analysts and everybody else who wants to keep up with cyber threats really struggles. So that is the problem we are trying to solve, and the mission we are on is to deliver cyber threat intelligence and not cyber security news. We intend to do so in the most efficient comprehensive and affordable way to the masses so that is the story behind Trukno.  

Mr. Noah (Co-founder): We found that when it comes to threat researchers and external strategic analysts there is often one position that is providing these reports for an organization and what we realized is that those reports and those patterns and findings these people are curating; they have benefits of all cybersecurity and not just the organization they are working for, so we are actually trying to find ways to scale that information. The objective information about external threats landscapes and the inner workings and patterns that are occurring in front of our eyes so we can give that to organizations and individuals without access to a dedicated intelligence analyst.

Trukno Breakdown and Features: 

Newsfeed: A news feed that you can create based on your interests; it's basically a news feed from a hundred and fifty sources for people who want to keep up with cybersecurity news at one place and users can create their own feed and have all their news sources at one place 

Dashboard: You can choose your interests of information using filters from industry, Technology, Malware, and actors. The sweet thing about this threat analyst is you can go from shallow to deep in a way that’s organized and detailed. It informs you about threat actors, breach specifics; how many times the threat was used thus the user gets very detailed information in a very short time. 

My Boards (and Team Collaboration):  You can assign Custom Tags to threats, breaches, and discussions; and comment and converse with your team. 

Trukno Vision: Mr. Manish: Our Vision is to get critical vital threat information to the broad cyber community; you don’t have to have PhD. to keep up with cyber threats. That is what we believe. That is the reason we are going to the extent of not only breaking down TTPs (Tactics, techniques, and procedures) but breaking down text associated with that TTPs in each specific breach because we want to make it a ten-second visual that gives you the summary verses a thirty-minute read. 

How it works: Mr. Manish: What we are doing is with all this curation is we are building an automated engine which is AI-driven but with human intervention to maintain quality analysis and to do that we break down every single article until the AI takes over. That is to say, It’s a combination of Artificial and Human Intelligence as 90% of the breaches use the same TTPs and on a day to day basis there are new threats surfacing that have never been seen before and AI is not going to be able to that on its own; it will always be human aided AI. So our AI will become more and more efficient with more training data but it will always be human intelligence aided. 

Next Step: Mr. Manish: Add more sources for people who want more content, people who want details we will give them IUCs, people who want news feed but more flexibility customization we’ll add custom URL capabilities and people who want more collaboration, we’ll be adding integration slack and some basic team capabilities on our side. 

How is this threat intelligence different from MITRE? Mr. Manish: Think of MITRE as a US government organization, and it has created all the rules and regulations but you won’t go to MITRE to know what happened an hour ago, what breach happened, and how that happened in the MITRE framework. So, we are creating a dashboard that uses the MITRE framework to pull all that information together. 

EndNote: Mr. Manish: We are truly on a mission to solve this very critical problem in society, cybersecurity has become one of the biggest problem facing humanity and we think that cybersecurity is not about IT, bigger boxes, and fancy software; it's about threat risk management - the importance of knowing the right threats at the right time is so critical and right now it is so hard to do that we truly believe we can move the needle on this thing with the platform to make it simple, affordable and comprehensive – that’s our mission and that's what we stand for. 

The Trukno broad beta will be open for everyone, to avail go to their website (https://www.trukno.com/). In their Beta version, all features are free for everyone, with the full version coming in the first quarter of next year will have a freemium model that is free News Feed and My Board and subscription-based Dashboard.

Active Cypher: Great Deal of Orchestration of Our Intelligence in AI into Existing Systems

 
Active Cypher: The company is built upon a socially responsible fabric, that provides information security for individuals and corporations in an increasingly complex digital age. The guest speaker for the interview was Mr. Michael Quinn, CEO, and Mr. Caspian Tavallali, COO Active Cypher. Active Cypher’s Ransom Data Guard utilizes a combination of Active Cypher’s proprietary encryption orchestration, smart AI, and advanced endpoint protection. 
 
Please tell us about your company Active Cypher? 
 

I am Michael Quinn, CEO of Active Cypher. We are a data protection company; we have an ethos within a company that the data needs to be able to protect itself wherever it is created. We have built a product line that offers those capabilities of protection against ransomware attacks through protecting data at the file level in the server environment and in the cloud. What our product allows us to do is be crypto agile. We can work with numerous encryption schemes. Once we are installed we basically back out of the situation and allow the client to run and trust their own data. 

 
Your company talked about game-changing software “Ransom Data Guard” that will protect organizations against ransomware threats. Please describe more about it. 
 
What we developed is a capability where understanding what ransomware has to do in order to take control of the device in a user environment. We built a product just before the Covid-19 and work from home culture started and we realized that people are using shared environments on the same device at home. So we basically allow the organization to encrypt the data down to the device level and protect it. The ransomware protection that we provide basically allows us to manage the files in such a way that they are not accessible to external sources like ransomware. We put this product along with our cloud fortress product to make sure that we were meeting compliance regulations. What we found after working with the law firms is we allow the companies to meet compliance through this capability if the product was ransomed or even if it was exfiltrated because we encrypt the data so the actual data itself is useless. On the ransomware side, the beauty of it is we allow a lot of flexibility in how the data can be stored and used. 
 
Besides ransomware protection, what are the other solutions Active Cypher provides? 
 
We do a great deal of orchestration of our intelligence in AI into existing systems, we integrate into Microsoft tools as well as we have APIs that can write to any of the tools that are out there. We don’t bring in to replace anything or add to anybody’s burden, we integrate into it with our information.  
 
Let’s say somebody opens a doc. file or they load up a doc. file which has an exploit. How do you handle that? 

If somebody uploads an exploit or malware and when it’s opened, because of the process we use to interrogate the document for its integrity, we will stop any process that is trying to intervene with the environment and we’ll put a warning out. What will happen is you’ll get an alert from us, let’s say you open up a “wannacry” as an example, you will get a screenshot saying “your device has been ransomed.” The reality is you can still open all your files. What we do is, with our cloud fortress product, we do a real-time backup. 
 
At a time when hospitals and medical institutions are struggling with Covid-19, how has Active Cypher protected them from ransomware threats? 

In most of the hospitals and medical environments, their IT staff lacked the sophistication to understand what was happening. Earlier, the attackers were not really trying to damage the data, they were trying to ransom it and return it. Now what the attackers are doing is, that they are actually getting into the environment and not going after the data because most of the hospitals have upgraded their capabilities along with using our products. Now, the hackers are attacking the IoT (internet of things) at the device level, which is more life-threatening. What we have done to help healthcare institutions is basically putting a “Data Guard” which is the stand-alone ransomware product on devices. 
 
How do you handle the GDPR (General Data Protection Regulation) and Privacy requirements when it’s the home environment? 

With “Data Guard,” the way the product is designed, it can be installed on a consumer device. In that environment it allows people to protect what they have like personal data or business data that they have on their device is protected. And that’s the simplicity of Data Guard, is the fact that it protects your device and the files on it and ensures that ransomware can’t launch successfully.  
 
With cyberattacks rising, is there any advice you can give to our readers on cybersecurity? 

Everybody has to be aware, you don’t have to be afraid. With the stress of work, particularly with this remote work environment, the user has to be more diligent. So, ease of use and awareness are probably the keys to maintaining good data hygiene.

Iranian Hackers Attack Israel Water Facility, Gain Access To HMI Systems

 

An Iranian hacking group gained passage to an unsafe Israeli water facility ICS. The hackers also posted the video on the internet to show the credibility of the attack. Experts from OTORIO, an industrial cybersecurity firm, informed an Iranian hacking group hacked into the HMI (human-machine interface). Taking advantage of the insecure HMI system, hackers gained access and later posted the video. 

In the video published on December 1, 2020, the hackers claim an attack on a recycled water facility in Israel. "The reservoir's HMI system was connected directly to the internet, without any security appliance defending it or limiting access. Furthermore, at the publication time, the system did not use any authentication method upon entry. It gave the attackers easy access to the design and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature, and more. All the adversaries needed was a connection to the world-wide-web and a web browser," reports the OTORIO blog post. 

By gaining access, it might have let the hackers communicate with the water facility's process. For this, the hackers may have modified the parametric values like temperature and water pressure. The administrators secured the system on December 2; however, the system was still unprotected online. OTORIO says, "however, the system is still accessible through the internet without any barrier. Although this may prevent unskilled adversaries from accessing the system, those with a minimal toolbox can most likely compromise the system." 

As of now, experts don't know if the attack caused any damage. Cybersecurity experts believe the hacking group behind the attack is "Unidentified Team," which posted the video on its Telegram channel. The group has also attacked other institutes in the past, including American educational websites. "In the Israeli reservoir case, even minimal steps, such as authentication and restricting access, were not taken. This led to an easy compromise of the system. To fully protect SCADA devices, a more active approach should be applied. This includes secure remote access (e.g., VPN), access restriction based on Firewall rules, and active defense-in-depth methods," says OTORIO.

Experts Discover New macOS Backdoor, Link Attack Campaign to Vietnamese Hackers

 

Cybersecurity experts at Trend Micro found a macOS backdoor, which the experts believe is used by Vietnamese criminal actors named "oceanlotus." Famous as APT32 or "APT-C-00," the backdoor is highly resourced and resolute. Experts say that Ocenlotus targets government agencies and corporate organizations located explicitly in Southeast Asia. At the beginning of 2020, the criminal group launched Covid-19 espionage attack campaigns targeting China. 

After analyzing different C&C domains used by the sample, Trend Micro suggests that organizations not download any suspicious link or open any unknown attachment, keep systems updated, and ensure employee cybersecurity to stay safe. Compared to Oceanlotus' earlier malware variants, the current sample presents correlations in coding and dynamic behavior. The similarity in behavior hints at the sample's link to the criminal group. A file incorporated in the attack campaign shows a Vietnamese name. According to this information, experts believe that the new malware targeted Vietnamese users. 

The new sample pretends to work as a word document, but it is an app packed into a Zip archive in reality. The app uses special characters to avoid detection. According to TrendMicro, the operating system views the app bundle as an unsupported directory. It means that it uses the "open" command is used to administer the file. The cybersecurity experts found two files in the app bundle. A word file that is shown during the execution process and shell script which does malicious tasks routinely. 

According to security week, "the shell script is responsible for deleting the file quarantine attribute for the files in the bundle and for removing the file quarantine attribute of files in the system, copying the Word document to a temp directory and opening it, extracting the second-stage binary and changing its access permissions, then deleting the malware app bundle and the Word document from the system. The second stage payload is responsible for dropping a third-stage payload, creating persistence, changing the timestamp of the sample using the touch command, and deleting itself. Featuring encrypted strings, the third-stage payload contains two main functions: collecting and sending operating system information to the command and control (C&C) servers, receiving additional communication information, and performing backdoor activities."

Interview Spotlight: Israeli Hardware Solutions, Sepio Systems

On 19 November, E-Hacking News conducted an interesting interview with Sepio Systems. The company provides its customers with the highest level of visibility, policy enforcement, and Rogue Device Mitigation capabilities. The guest speaker for the interview was Mr.Bentsi Ben-Atar, CMO, and Co-Founder, Sepio Systems.

Founded in 2016 by veterans from the Israeli Intelligence Community, Sepio HAC-1 is the first platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT, and IoT security programs. Sepio is a strategic partner of Munich Re, the world’s largest reinsurance company, and Merlin Cyber, a leading cybersecurity federal solution provider.

1.       Can you please introduce yourself to our readers?

Bentsi Ben-Atar: I am one of the co-founders for Sepio Systems, the company was founded by a group of founders that have been working together for almost 30 years now. We have a strong background in cybersecurity and “rogue device management” in general.

2.       Can you please tell us about your company Sepio Systems?

The company deals with a very unique domain within the cybersecurity industry and that’s the issue of managing the hardware within the enterprises. What we have built is a solution that provides all the aspects related to hardware access control, we call it “HAC” and our solution is called “HAC-1.

We see that Enterprises are struggling with three elements of hardware access control. The first one is the fact they have limited visibility to whatever is connected and sometimes a very significant gap between what people think is connected and to what is actually connected. So, there are visibility gaps that need to be addressed and they need to be addressed regardless of the device itself.

Once you have visibility and now you are aware of your assets, then you can move to the policy enforcement features of your enterprises. It means that now you can apply certain policies while you are working from home and a different policy while you are at the office.

And once you have these two pillars in place then you can move into the more interesting part of the solution, and those are the security aspects. You know what devices are connected, you know how to disable or mitigate any risk associated with it. Now you need to provide the Rogue Device Mitigation.

 

3.       Please explain to us about Hardware Access Control.

Hardware Access Control is the term used to describe a solution that manages all aspects of hardware devices. Hardware devices may be network elements possibly controlled by NAC (Network Access Control or a USB peripheral connected to an endpoint (controlled by EPS/EDR). HAC does not distinguish devices by its interface and provides an aggregated holistic approach to hardware asset management.

 

4.       What are Rogue Devices and what is their impact on the enterprises?

Rogue devices are devices that are either hardware manipulated or firmware manipulated devices that are introduced into the enterprises. The main channels for the attack vehicles are either the supply chain which is a significant risk for enterprises as hardware screening is a huge challenge. The other popular attack vehicle is the human factor, in that case, human beings will always be the weakest links because people can be threatened, they could be paid off, they could be extorted. I think that history along the way has shown that any human being has a weak point. If you, as a cybercrime organization can extort a certain bank, gain access to a certain system, in most of the cases you will get away with that.

 

5.       Why do you think that these “Rogue Attacks” are on the rise?

We see a growing number of attacks that are based on hardware tools. From the attacker's perspective, they have the option of either going head to head against existing cybersecurity products, or they can find an alternative path to the enterprises. There are a lot of hardware-based attacks happening all around the world on critical infrastructures like banks, data centres, retail, etc. It doesn’t get to the public eye in most cases due to several reasons.

First, companies in most cases are very reluctant to admit the fact that they have been breached through this domain because it also implies on their level of physical security and no one wants to admit that someone was able to plug in a rogue device. On the other hand there are a lot of attacks that create a signature that may be wrongfully attributed to other types of attacks.

One of the demos that we really love to do is using and demoing the vulnerability of wireless keyboards and mouse, these devices can be easily manipulated and spoofed. For example, let’s say you’re sitting in your home or office, there could be a guy sitting in the next building, it doesn’t have to be next to your endpoint. By using a very simple publicly available payload that runs on a raspberry pi, you can actually spoof the communication between that wireless keyboard and mouse. You can do a remote keylogging, and most importantly, you can point that endpoint to a certain URL that a certain piece of malware is waiting to be downloaded.

At the end, you even have to go over the human factor which is convincing the user that this link is not a suspicious link. So, there are a lot of obstacles that need to be dealt with. Compared with the option of coming with out of bound raspberry pi with a spoofing capability, you open up the browser independently, and forensic wise it would look like this was an act of an employee within the organization.

So sometimes it would be attributed to a phishing attack or wrongful doings of an employee while in real life the story is completely different.

 

6.       How do Sepio Systems counter these Rogue Devices?

Sepio Systems HAC-1 “dives deeper” into the the physical layer, revealing the true entity of a given device, not according by what it “says” it is, but for what it is really is.These capabilities are achieved through a unique algorithm, a combination of physical layer fingerprinting and Machine Learning augmentation.

7.       The Data Security Council of India (DSCI) has also talked about your company. Can you please tell us more about this project and ‘Sepio Prime Rogue Device Mitigation Solution?’

Without referring to any specific name (a customer or not), our solution provides enterprises, especially the ones concerned with their data. These enterprises can be financial institutes, government agencies or other entities extremely concerned with the attack vehicles.

We provide them with solutions that cover two main interfaces. One is the USB interface and the other is the Network interface. Our solution actually monitors and analyses the physical layer information. It means that we don’t look into user traffic, user log files. We read out all the physical layer related information by analyzing it with an algorithm which is a combination of physical layer fingerprinting and machine learning. We can actually detect the existence of such passive devices.

One of the coolest features of our solution is that it doesn’t require a baseline or training period. Obviously in today’s cybersecurity atmosphere, no single solution provides a complete seal for the entire enterprise. Therefore, the capability with integrating other solutions is extremely important, and all these solutions are easily integrated with our solutions so that we can actually extend the visibility of the enterprise into the deeper layer.

8.       Can you explain how this Layer-1 solution works?

Our solution is actually comprised of two main functionalities. The first one deals with Network Security and the second one deals with Peripheral Security/ End Point security. The way Network Security works are that we communicate with the existent networking infrastructure by using read-only commands. The only thing the enterprise needs to do is to provide restricted user credentials for our solutions.

Before our deployment, we actually provide a list of commands that we will be using. Once we get the information, we will compile it using an algorithm that is a combination of physical fingerprinting and machine learning enhanced solution. The fingerprinting is extremely important because when we get a hit, we can actually name the attack tool. The deployment process itself is straight forward, it takes less than 24 hours to have everything up and running.

The output and value of this solution are instantly delivered, you can actually see all the rogue devices and visibility. In a very interesting incident, we found a gaming console connected to a secured network, approved by NAC but never reported.

Now, the second part of this solution deals with the peripheral. It is a bit different because in the endpoint case, the endpoints could be offline, and you want to make sure that the mitigation, once a rogue device has been detected or even just a brief of policy. The mitigation needs to be immediately so that the USB device will be blocked. When the attacker comes in, they can configure their attack tools to present the same façade as a legitimate device.

So, the difference between Network Security and End Point Security (algorithm wise) is the fact that on the peripheral we also fingerprint ‘known to be good’ devices, so that we have a full database of good devices and bad devices. One of the nicest features we also have is the ‘threat intelligence database,’ it means that every installation has a local copy of our threat intelligence database which includes a list of all ‘known to be vulnerable devices.’


9.       Tell us more about the leadership team behind Sepio Systems?

Our leadership is something that we take great pride in. We are a U.S-Israel based company, we are headquartered in Rockville, Maryland. We have a very strong all-women U.S board which we take great pride in, led by the current CISO for HSBC. We have interviews posted on social media which I think are a fascinating array of women that bring tremendous value to our company.

We have a strong backup from various industry leaders and veterans from various government agencies. We perceive to be kind of a task force to deal with this domain which was until now significantly underserved.

10.   During the COVID-19 pandemic, everyone has started working from home, sometimes it can be a kid playing a video game on a pc. How does an organization keep the family’s data separate from the employee’s? How do you make sure that the family’s data is not being taken by your systems?

Enterprises first need to have a clear policy about their equipment. Having a policy without the capability of enforcing it is ineffective. First of all, the employee needs to understand the risks associated with it. And for that, we have a very interesting video series called Captain RDM which actually illustrates very serious cases in a non-technical way.

You can do one or two things. As a CSO, we can issue (this is what a lot of enterprises do) a company-issued device for it. If you are in need of an additional keyboard, we will provide you with that. If this is not the case, we make sure to know that if a ‘known to be vulnerable device’ is connected and block it.

For work from home cases, we have allowed the ‘1 + 1’ option, it means that for every license that our user got they were eligible for another license without any additional costs.

11.   On your website, people talked about how Sepio Systems has efficiently countered Rogue Device Threats and Internet of Threats (IoT)? Before we conclude the interview, do you have anything to say about that?

One thing that we’ve learned is never disrespect your opponent. They will always be innovative and smart. They are able to provide attack tools that are cocooned within legitimate looking device in ways that you can only imagine. When there is enough motivation for the attacking party for a specific side, because its specifically lucrative target, they will find a way to get into it even if it’s a data centre, or a highly secured facility, anything can be achieved.

With IoT, smart nations and smart cities coming up, a lot of hardware getting installed all over, and the Covid pandemic making people work from home, this issue becomes more relevant. It is more relevant today than it was yesterday and it is going to get even more relevant as the days go by.

 

 

 


Cyber Attacks in India At A Steady Rise as Per India's Cybersecurity Chief

 

National Cyber Security Coordinator Lt Gen (retd) Rajesh Pant recently discussed cyberattacks in India 'having gone up a multifold' in the current environment and alluded to 'China' as a "major challenge" from a cybersecurity perspective for India.

"In such unprecedented times, you mentioned two Cs the challenge of corona and the challenge of cyber. Actually, at the perch which I sit, there are 3 Cs. The third 'C' of course is on our northern border, which is another challenge that we are facing”, Pant said at an event coordinated by the largest private sector lender HDFC Bank. 

He had assumed control over the role of India's cybersecurity chief, later added that almost consistently, 4 lakh malwares are found and 375 cyber-attacks are witnessed. 

Apart from falling prey to voice call-based frauds, individuals ought to likewise be cautious about the click-baits, which are conveyed to extract data from an internet user. 

"This disease of just clicking on the link, this is another reason where the malware drops,” he stated, requesting everyone to contemplate the ongoing cases of frauds at City Union Bank where an individual entered the core banking system through a simple click, and furthermore the ones at Bangladesh Bank and Cosmos Bank. 

"The issue is some of us get unaware and that's how problems start occurring. It's a question of being conscious all the time, not a question of not knowing," said chief risk officer of HDFC Bank Jimmy Tata, as HDFC Bank launched the 'Mooh Bandh Rakho' campaign with the Bank authorities stating that the objective is to zero in on the youth, to spread awareness through different mediums, including more than 1,000 secure banking workshops and furthermore even a rap-song.

Pant had likewise before called for setting up a dedicated industry forum for cybersecurity to develop trusted indigenous solutions for check cyber-attacks. 

“Last year, our official figures were Rs 1.25 lakh crore lost due to cybercrimes in India. Ransomware attacks are increasing every day and these criminals have been working from home. They have no qualms. They are heartless people. They are attacking hospitals because they know in an emergency hospital will pay,” Pant had said at an event organized by industry body Ficci.

Hackers Use RMS and Teamviewer To Attack Industrial Enterprises

 

In a recent report by cybersecurity firm Kaspersky, experts explained how there were certain modifications in attack campaign strategies and plans against industrial organizations. In 2018, Kaspersky had issued a report describing the use of Teamviewer and RMS (Remote Manipulator System) related to the attack campaign. However, since that attack, the hackers have evolved in techniques and attack strategies, becoming more effective and sophisticated. 

Attack Details 
  • Experts believe that the hackers have been found using fakes of legal documents that work as an instructional manual for industrial enterprises in recent attacks. The records, experts believe, were hacked in the earlier threats that hackers use to target industries. 
  • In a recent threat, hackers targeted various industries in Russia, and their primary target was the energy sector. Besides this, the hackers attacked logistics, mining, construction, engineering, metal industry, manufacturing, and oil sectors. 
  • The hackers use remote control softwares like Teamviewer and RMS for communicating during the attacks. Earlier, hackers used c2c (command-and-control) servers for the attacks. 
  • Hackers use Mimikatz utility and spyware to steal login credentials for the attacks. They also use it to attack other systems in industrial enterprises. 
  • The final aim of hackers is to take out money from industrial organizations. 

Recent attack details 
  • In recent attacks, experts noticed that various APT groups used simple hacking methods that were very effective in targetting industrial infrastructure. 
  • In a recent incident, Hacking group MontysThree APT deployed espionage attacks against an international video production and architecture company. They used PhysXPluginMfx (a third-party MAXScript exploit) and steganography for the attacks. 
  • In a similar espionage attack, hackers used infected payload as a plugin for the attacks against industrial enterprises. 

Summary 
While attacking industrial organizations, threat actors use simple but effective hacking methods that yield brilliant results. The change in hacking methods has put cybersecurity on an alert. To be safe from these attacks, experts recommend organizations to keep their cybersecurity operations updated and make it their priority. Kaspersky says, "Phishing emails used in this attack are, in most cases, disguised as business correspondence between organizations. Specifically, the attackers send claim letters on behalf of a large industrial company."

Ahead of U.S. Presidential Elections, Experts Express Cybersecurity Concerns

 

From the start of this year, according to government agencies, the 2020 U.S. presidential election was said to be one of the "safest" elections to be conducted to date. Compared to the 2016 U.S. elections, voting machines are almost risk-free; the systems leave no trace of the paper record's history. Also, this time, the government has gone all-in to ensure election security from criminal actors. Chris Krebs, director of DHS (Department of Homeland Security) cybersecurity, in an election awareness video said he's never been more sure of a safe election than this. 

Security officials released the video last month, informing about election cybersecurity. However, the harsh reality is, the Russian cyberattacks during the 2016 elections have not entirely disappeared. To avoid the recurrence of that episode, experts suggested that the government spend billions of dollars building a robust cybersecurity system; however, Congress spent only a fraction of that. Meanwhile, social media companies dominate control over influence operations and propaganda on social media; the government seems to take no action. Cybersecurity experts insist the social media is still spreading fake news, and American users in some way have helped the spread of this fake news. 

Potential Vulnerabilities 

According to NPR, "experts agree that actual votes themselves would probably be the most difficult part of an election to hack successfully. The problem has only gotten tougher. In 2016, nearly 28 million voters cast ballots that did not have a corresponding paper trail: a major cybersecurity red flag." Meanwhile, almost every American suspects that some foreign foe may impact the vote count; no evidence suggests that such a thing happened in the 2016 presidential elections. It includes the incident where Russian hackers breached into the registration databases. 

"Stark says that the way officials can demonstrate through public auditing is a process that not every state uses. Even among the countries that do some audit, only a few do what is considered the "gold standard" of post-election audits, called risk-limiting audits. Sen. Ron Wyden, D-Ore., has proposed legislation to mandate such audits nationwide, but election reforms have gained little to no traction with the Republican-controlled Senate," says NPR.

University of Vermont Health Network Suffers Cyberattack, Six Hospitals Affected

 

University of Vermont's health network suffered a cyberattack, which has impacted its network infrastructure. The attack has hit six Vermont and New York hospitals. Spokesperson Neil Goswami says that the FBI is currently working with the network and Vermont department of public safety to look into the issue. President of the University of Vermont Medical Center in Burlington, Dr. Stephen Leffler, in a news conference, said that patients in need are getting the possible health services and treatment is not affected. 

He also said that patient appointments are not affected, and the surgeries are postponed for tomorrow due to the network's disruption. "Patients may experience delays at Central Vermont Medical Center in Berlin and Champlain Valley Physicians Hospital in Plattsburgh, New York, he said. And patients of physician practices at Elizabethtown Community Hospital in Elizabethtown, New York, may experience slight delays," says Dr. Goswami. Earlier, the FBI and other federal agencies had notified that they had probable data confirming an increase in cyberattacks on the healthcare industry in the U.S. 

Cybersecurity experts say that the Ryuk ransomware has attacked at least five hospitals this week and is expected to impact a hundred more. The FBI, however, has not confirmed whether the attack on UVM was caused by ransomware. It is still looking into the issue of a potential cyberattack and local and state agencies. Even Dr. Leffler confirms that he has not been contacted for any ransom to date. UVM Medical Centre had an idea that something wasn't right, and in response, it had closed down its network systems to protect patient information. 

As per Dr. Leffler, no patient information has been leaked, and data is also safe, and that the hospital is looking into the incident. However, it will take some time for the health network to restore and for services to be regular. According to the health department, "Vermonters may continue to get coronavirus testing through Health Department-led clinics, but the results reported through the UVM Medical Center will be affected." Health officials say that no patient data has been compromised, and all records are safe.

U.S Suffers A Massive Wave Of Cyberattacks In Healthcare Industry, FBI Issues Alert

 

Cybercriminals are attacking the U.S. healthcare systems, destroying the network infrastructures, and stealing critical data. The U.S. federal agencies have issued an alarm that healthcare is in great danger of cyberattacks and intrusions. Hackers have become more active in attacking healthcare networks. The rise in hacking attempts had led to a risk of breach of patient privacy, which is a critical issue during the Covid-19 pandemic, as the cases are at an all-time high. 

The FBI and other agencies in a joint report mentioned that they had verified information about cyberattacks on U.S. healthcare providers and hospitals. The warning also emphasized that few criminal groups are now targetting the healthcare industry to steal critical data and disrupt health care services. The ransomware attacks can scramble data into jargon. Only the security keys that the hacker has can reassemble data. The hacker demands payment in turn for providing the security keys. According to cybersecurity experts, the criminal groups had attacked more than five U.S hospitals until this week, and the figures can go up to a hundred. The election is almost near, and a Russian hacking group attacks the healthcare systems. 

According to the Guardian, "The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services." The attack's motive is not clear, but it seems that it was most likely to be money. Cybersecurity firm Mandiant says that this is the most dangerous cyber threat ever witnessed in the U.S. Another firm, Hold Security, states that it is the first time they have seen a massive cyberattack of such scale in the U.S. 

We should note that the attack's timing before the elections and during the pandemic makes it a severe cyber threat. In the past 18 months, the U.S has experienced a wave of ransomware attacks, with targets like schools, government authorities, and cities. "The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October," reports the Guardian.

Russian Hackers Infiltrate U.S Government Networks and Steal Data

 

In a recent cybersecurity incident, the U.S. government issued a statement claiming that state-sponsored Russian hackers attacked the U.S. agencies and successfully breached the government networks. CISA (Cybersecurity and Infrastructure Security Agency) and FBI (Federal Bureau of Investigation) issued a joint report regarding the issue, confirm the U.S. government officials. 

"The Russian-sponsored APT actor is obtaining user and administrator credentials to establish initial access, enable lateral movement once inside the network, and locate high-value assets to exfiltrate data. To date, the FBI and CISA have no information to indicate this APT actor has intentionally disrupted any aviation, education, elections, or government operations. However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize SLTT government entities," reports FBI and CISA. 

According to the U.S. agencies, the hacking group is called Energetic Bear (code name used by the cybersecurity industry). The hacking group is also infamous as Koala, Crouching Yeti, Havex, Dragonfly, TeamSpy, Berserk Bear, and TEMP. Isotope. From February 2020, the hackers targeted multiple US SLTT (state, local, territorial, and tribal) government networks. According to the FBI and CISA, the hackers also attacked aviation industry companies. As per the reports, Energetic Bear was able to attack government network infrastructures. By October 2020, it also stole data from two government servers. The attacks mentioned in the current CISA and FBI reports were also mentioned in a previous joint advisory report. In the earlier report, the agencies revealed how the Energetic Bear attacked the U.S. government's networks using Windows bugs and VPN appliances. 

The present joint report links the attacks to the hacking group. It also provides information about the group's tactics and strategies. As per the experts, the Russian hackers used common vulnerabilities to breach the network gears and exfiltrate data. According to Cyberscoop, "IP addresses used in the hacking were previously employed by the TEMP. Isotope group, according to Mandiant. The hackers exploited a recently revealed vulnerability in a protocol that Microsoft uses to authenticate its users. CISA, on Sept. 18, ordered all federal civilian agencies to update their software to address the flaw because of the risk it carried."

Internet of Things (IoT): Greater Threat for Businesses Reopening Amid COVID-19 Pandemic

 

Businesses have increasingly adopted IoT devices, especially amid the COVID-19 pandemic to keep their operations safe. Over the past year, the number of IoT devices employed by various organizations in their network has risen by a remarkable margin, as per research conducted by Palo Alto Networks' threat intelligence arm, Unit 42. 
 
While looking into the current IoT supply ecosystem, Unit 42 explained the multi exploits and vulnerabilities affecting IoT supply chains. The research also examined potential kinds of motivation for exploiting the IoT supply chain, illustrating how no layer is completely immune to the threat.  

The analysis of the same has been reported during this year's National Cybersecurity Awareness Month (NCSAM), which is encouraging the individual's role in protecting their part of cyberspace and stressing personal accountability and the significance of taking proactive measures to strengthen cybersecurity. 
 
The analysis also noted that supply chain attacks in IoT are of two types – through a piece of hardware modified to bring alterations in a device's performance or from software downloaded in a particular device that has been affected to hide malware. 
 
While highlighting a common breach of ethics, the research mentioned the incorporation of third-party and hardware components without making a list of the components added to the device. The practice makes it hard to find how many products from the same manufacturer are infected when a vulnerability is found on any of the components. Additionally, it also becomes difficult to determine how many devices across various vendors have been affected in general, by the vulnerability.

"The main goals for cyberespionage campaigns are maintaining long-term access to confidential information and to affected systems without being detected. The wide range of IoT devices, the access they have, the size of the user base, and the presence of trusted certificates make supply chain vendors attractive targets to advanced persistent threat (APT) groups..." the report stated. 
 
"In 2018, Operation ShadowHammer revealed that legitimate ASUS security certificates (such as “ASUSTeK Computer Inc.”) were abused by attackers and signed trojanized softwares, which misled targeted victims to install backdoors in their system and download additional malicious payloads onto their machines." 
 
While putting things in a cybercrime perspective, the report noted - "The potential access and impact of compromising a large number of IoT devices also make IoT vendors and unprotected devices popular choices for financially motivated cybercriminals. A NICTER report in 2019 shows close to 48% of dark web threats detected are IoT related. Also in 2019, Trend Micro researchers looked into cybercriminals in Russian-, Portuguese-, English-, Arabic-, and Spanish-speaking marketplaces and discovered various illicit services and products that are actively exploiting IoT devices." 
 
The report stressed the need to "enlist" all the devices connected to a certain network as it will help in identifying devices and their manufacturers, enabling administrators to patch, monitor, or even disconnect the devices when needed. There are instances when all the vulnerable devices are unknown in the absence of a complete list, therefore it is imperative to have complete visibility of the list of all the connected devices in order to defend your infrastructure. 

Impact of Covid-19 Web Threats on Cybersecurity, A Report from Beginning to End

 

Cyberattacks during the Covid-19 pandemic exposed the flawed systems of cybersecurity. We should glance at these attacks and learn new ways to strengthen cybersecurity infrastructure from experience.

Impact of cyberattacks during the pandemic- 

Until the first quarter of 2020, the FBI's cyber division reported a 3-4 times surge in cyberattacks complaints since the start of Covid-19. According to Interpol and FBI data, there has been a massive increase in ransomware, phishing, DDoS and malware attacks; since the coronavirus pandemic. Hackers used email platforms to carry out their web threats. 

Interpol reports, "Cybercriminals are taking advantage of the widespread global communications on the coronavirus to mask their activities. Hospitals, medical centers, and public institutions are being targeted by cybercriminals for ransomware attacks – since they are overwhelmed with the health crisis and cannot afford to be locked out of their systems, the criminals believe they are likely to pay the ransom. The ransomware can enter their systems through emails containing infected links or attachments, compromised employee credentials, or exploiting a system's vulnerability."  

Most of the attacks are disguised under the theme of Covid-19. Hackers copy fake organization platforms like WHO to commit frauds and target victims. Via these platforms, the hackers lure their victims into transferring money, providing banking details, stealing personal user data. All these attacks resulted in making COVID-19 themed attacks the highest in 2020. 

What can we learn from these attacks? 

Hackers use panic and fear to target their victims. The malware and phishing attacks during the Covid-19 pandemic prove that attackers use fear to intimidate their targets. In March alone, experts discovered more than 40000 high risk and 2000 malicious domains. In April 2020, Google reported around 240 million coronaviruses themed malware and spams. Google website says, "Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages. Our ML models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing, and malware from reaching our users."

Deepfake Bots on Telegram, Italian Authorities Investigating

 

Cybercriminals are using a newly created Artificial Intelligence bot to generate and share deepfake nude images of women on the messaging platform Telegram. The Italian Data Protection Authority has begun to investigate the matter following the news by a visual threat intelligence firm Sensity, which exposed the 'deepfake ecosystem' — estimating that almost 104,852 fake images have been created and shared with a large audience via public Telegram channels as of July 2020. 
 
The bots are programmed to create fake nudes having watermarks or displaying nudity partially. Users upon accessing the partially nude image, pay for the whole photo to be revealed to them. They can do so by simply submitting a picture of any woman to the bot and get back a full version wherein clothes are digitally removed using the software called "DeepNude", which uses neural networks to make images appear "realistically nude". Sometimes, it's done for free of cost as well. 
 
According to the claims of the programmer who created DeepNude, he took down the app long ago. However, the software is still widely accessible on open source repositories for cybercriminals to exploit. Allegedly, it has been reverse-engineered and made available on torrenting websites, as per the reports by Sensity. 
 
In a conversation with Motherboard, Danielle Citron, professor of law at the University of Maryland Carey School of Law, called it an "invasion of sexual privacy", "Yes, it isn’t your actual vagina, but... others think that they are seeing you naked."   

"As a deepfake victim said to me—it felt like thousands saw her naked, she felt her body wasn’t her own anymore," she further told. 
 
More than 50% of these pictures are being obtained through victims' social media accounts or from anonymous sources. The women who are being targeted are from all across the globe including the U.S., Italy, Russia, and Argentina.
 
Quite alarmingly, the bot has also been noticed sharing child pornography as most of the pictures circulated belonged to underage girls. The company headquartered in Amsterdam also told that the vicious Telegram network is build up of 101,080 members approximately. 

In an email to Motherboard, the unknown creator of DeepNude, who goes by the name Alberto, confirmed that the software only works with women as nude pictures of women are easier to find online, however, he's planning to make a male version too. The software is based on an open-source algorithm "pix2pix" that uses generative adversarial networks (GANs). 
 
"The networks are multiple because each one has a different task: locate the clothes. Mask the clothes. Speculate anatomical positions. Render it," he told. "All this makes processing slow (30 seconds in a normal computer), but this can be improved and accelerated in the future."

Iran Suffers Largescale Cyberattacks, Two Government Organizations Affected

 

In a recent cybersecurity incident, Iran has confirmed that it suffered two significant cyberattacks. One such attack even targeted Iran's government organizations. IT department of the Iranian government reported that the hackers attacked Iran's two major institutions. However, no hacking group has claimed responsibility for the attack as of now. The Iranian government is yet to confirm whether the actors involved in the breach were domestic or foreign. The earlier target of the attacks happened on Monday and Tuesday is still not confirmed by the government. 

Jerusalem Post reports that the Iranian government made the news of attacks official when the incident started getting heat on social media. Another news agency said that the attacks had damaged Iranian ports' electronic infrastructures. Radio Farda, a US-funded agency, says that the attack targets are likely to be Iran's ports, banks, and maritime organizations; the news, however, isn't confirmed. Tasnim, a quasi-official news outlet, reports that the country's spokesperson said the 'nation's sworn enemies carried out the cyberattacks.' 

The organization reports that the government has blocked the attacks' further efforts and has put a stop to the attacker's ambitions. The spokesperson of the Iranian government's IT department, Abolghasem Sadeghi, says that the attack caused various government institutes to stop their internet services temporarily to aoid further damage. He comments on the episode as 'large scale' and says an investigation has been set up to inquire about the breach. The authorities haven't released other information. 

According to the Jerusalem Post, "Iranian Minister of Communications and Information Technology Mohammad Javad Azari Jahromi claimed that its security shield repelled two of the three attacks in December. Jahromi claimed that the Islamic Republic's national cybersecurity wall, known as Digital Fortress or Dezhfa, helped thwart 33 million cyberattacks against the country in 2019, according to Fars News Service." In a similar attack happened last year, it reported "Intelligence and cybersecurity officials familiar with the incident told the Post that the attack was carried out by "Israeli operatives," possibly in retaliation for an earlier cyber attack on Israel's civilian water system."

Cybersecurity Staff Shortage During Covid-19 Impacts Businesses Worldwide




Covid-19 pandemic has impacted business worldwide, primarily online. Due to this, cybersecurity has become a significant concern for organizations. The threat of cyberattacks and hackers has raised questions and new challenges over the issue of security. The foremost challenge that the industry is facing is the cybersecurity shortage of talent. What the industry needs the most right now are brilliant cyber minds.

ESG's 2019 survey reports that around 53% of business organizations have a deficit of cybersecurity staff. Another research by (ISC)2 says that there is a shortage of about 4 Million cybersecurity staff, meaning that organizations would require a growth rate of 142% to fill the staff deficit in the future. Earlier, there was no exact data to predict how much the COVID-19 problem would impact this issue. However, currently, it is quite clear that the pandemic situation is proving to be problematic. The coronavirus situation has compelled companies and their employees to work from home. 

The WFH trend may be beneficial for the companies, but it also raises attacks from hackers and criminal actors. The issue requires organizations and employees to be cautious while working from home, keeping productive strategies and effectiveness in mind all the time. Working from home, employees have to use safe communication platforms to be safe from cyberattacks and hackers. According to Infosecurity, "the loss of sensitive patient information is not the only cybersecurity threat. Taking advantage of a less secure employee environment, cyber-criminals have intensified their attempts at gaining access to sensitive data by using social engineering techniques. A report from Microsoft states that there are around 30,000 attacks per day that exploit this method." 

Besides this, the most important thing is building secure cyberspace for sharing company files over the internet. "Cybersecurity military officers go through intensive training and acquire a wide range of skills to protect their country from foreign invasion of cyber-capabilities, so it is no wonder big tech companies often seek out the most skilled officers. You should pay attention to military veterans from this field since many of them remain jobless," reports Infosecurity.

Ryuk Ransomware Attacks Union Health Services, Disrupts Hospitals Nationwide



Universal Health Services (UHS) is shut down after a ransomware attack by hackers. Fortune 5oo organization, UHS runs a network of more than 500 hospitals in the nation. Ryuk ransomware is said to be responsible for this attack. The attack took place earlier this week when the employees on Reddit and other platforms reported the issue. According to these discussions on Reddit, it was clear from the comments that many UHS locations took a hit and needed a manual process to re-start.
One user said they had a lot of paperwork as the computers were shut down. Another user said they had to send their patients away, but the lab operations were working fine. However, they didn't have any computer-based access to anything. Another user said that their UHS was shut down. The employees had to handwrite everything and were not allowed to use their computers.

UHS, in its official statement, said, "The I.T. Network across Universal Health Services (UHS) facilities is currently offline, as the company works through a security incident caused by malware. The cyberattack occurred early Sunday morning when the company shut down all networks across the U.S. enterprise. We have no indication that any patient or employee data has been accessed, copied, or misused. The company's U.K. operations have not been impacted." However, UHS has not cleared the type of cyberattack it experienced, but the employees say it is likely to be Ryuk ransomware. 

According to one UHS employee, all the encrypted files had a .ryk extension. Hacked computers also had a ransom note labeled as 'shadow of the universe,' which the Ryuk ransomware uses in its attacks. Employees on Reddit also expressed concern about the health of patients due to the shutdown of the computers. One even said (not verified) that four patients had died due to the delay in care. "We are making steady progress with recovery efforts. Specific applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S.," the UHS statement reads.

Every Organization Should Ask These 8 Questions Before Choosing Their Cybersecurity Provider


Being cybersecurity ready offers many advantages, but your organization can always target hackers unless you do not know critical details. According to a Junior Research report in 2019, the expense of cybersecurity breaches in 2024 will reach to $5 Trillion every year from $3 Trillion currently. The data is helpful, especially for large organizations that depend on third-party cybersecurity services for their day to day operations. Data by Opus and Ponemon Institute shows that 60% of organization attacks happen due to the third-party actors. Data breaches can destroy the brand image of any organization and also result in a financial crisis. To limit data breaches, the organization should have a reliable third-party vendor that it can trust.

Here's why any organization should research while preferring a new provider and why third-party threats are pressing. Fewer vendors mean fewer threats. Currently, companies depend on many vendors to perform their day to day operations. For instance, in 2019, Apple alone had 200 supplier companies. In most of the cases, these threats come from third-party vendors. For instance, hackers attacked Agama, a cryptocurrency app which had vulnerabilities in its third party javascript library.

According to Juniper, "the new research, The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024 noted that while the cost per breach will steadily rise in the future, the levels of data disclosed will make headlines but not impact breach costs directly, as most fines and lost business are not directly related to breach sizes. 

How to choose a reliable vendor? 
  1. Are your vendor's offerings compatible with your organization's needs? 
  2. Your cybersecurity provider should have an excellent cyber score. 
  3. Did your vendor experience any data breach or attack in the past? 
  4. If the provider has an immediate incident response project. 
  5. Whether your cybersecurity provider offers 'right to inquire.' 
  6. If the vendor has an intelligence program for potential threats. 
  7. Whether the vendor has industry certification or not. 
  8. If the third party provider has a chief information security officer or a security contact. 
Answers to these questions will help your organization select third-party cybersecurity provider wisely.

Gamer Alert: More than 10 Billion Attacks On Gaming Industry In 2 Years


According to cybersecurity firm Akamai's recent report titled "State of the Internet/Security," the gaming sector has suffered a big hit in the previous two years. Experts have reported around 10 Billion cyberattacks on the gaming industry between June 2018 and June 2020.

Akamai recorded 100 Billion credential stuffing attacks during this period, out of which 10 Billion amount to attacks on the gaming sector. Besides credential stuffing, Akamai also recorded web application attacks. Hackers targeted around 150 Million web application attacks on the gaming sector.

"This report was planned and mostly written during the COVID-19 lockdown, and if there is one thing that's kept our team san; it is constant social interaction and the knowledge that we're not alone in our anxieties and concerns," says the report. Web application attacks mostly deployed SQL injections and LFI ( Local File Inclusion ) attacks as per the latest published report. It is because hackers can sensitive information of users on the game server using SQL and LFI.

The data can include usernames, account info, passwords, etc. Besides this, experts say that the gaming sector is also a primary target for DDoS (distributed denial-of-service) attacks. Between July 2019 and July 2020, Akamai identified 5,600 DDoS attacks, out of which hackers targeted 3000 attacks on the gaming sector. The increase in the attacks can be because most gamers don't pay much attention to cybersecurity.

According to data, 55% of gamers experienced suspicious activity in their accounts. However, just 20% of these gamers expressed concern about the compromise. Around 50% of hacked players feel that security is a mutual responsibility between gamers and gaming companies. 

Akamai emphasized their concern over the gaming sector becoming an easy target for the hackers. According to Akamai's report, "Web attacks are constant. Credential stuffing attacks can turn data breaches from the days of old (meaning last week) into new incidents that impact thousands (sometimes millions) of people and organizations of all sizes. DDoS attacks disrupt the world of instant communication and connection. These are problems that gamers, consumers, and business leaders face daily. This year, these issues have only gotten worse, and the stress caused by them was compounded by an invisible, deadly threat known as COVID-19."

179 Dark Net Vendors Arrested in a Massive International Sting; 500 kg Drugs Seized


Global police agencies have confiscated over $6.5m both in cash and virtual currencies, 64 firearms, and 1,100 pounds of drugs - arresting 179 vendors across 6 countries including the U.S and Europe in one of the biggest raid on dark web marketplaces. The international sting operation saw considerable co-operation from Law enforcement agencies all over the world including the US, UK, Germany, Europe, Canada, Europe, Sweden, Austria, and the Netherlands.

The 500kg of drugs recovered by investigators during the operation included fentanyl, methamphetamine, oxycodone, ecstasy, cocaine, hydrocodone, MDMA, and several other medicines containing addictive substances, as per the findings.

The authorities dubbed the global sting operation as 'DisrupTor' and while announcing it, they claimed in a press release that the "golden age of the dark web marketplace is over." The roots of the operation go back to May 3, 2019; the day German authorities seized the dark web drug market, "Wallstreet market" and arrested its operators.

"Operations such as these highlight the capability of law enforcement to counter encryption and anonymity of dark web market places. Police no longer only take down such illegal marketplaces – they also chase down the criminals buying and selling illegal goods through such sites." The press release further read.

According to the Justice Department, it was the largest international law enforcement operation that targeted opioid traffickers on the dark web. The investigation witnessed an extensive range of investigators ranging from the FBI, ICE, DEA, Customs and Border Protection (CBP), to the Defense Department.

Commenting on the success of the operation, the head of Europol’s European Cybercrime Centre (EC3), Edvardas Šileris said, “Law enforcement is most effective when working together, and today’s announcement sends a strong message to criminals selling or buying illicit goods on the dark web: the hidden internet is no longer hidden, and your anonymous activity is not anonymous. Law enforcement is committed to tracking down criminals, no matter where they operate – be it on the streets or behind a computer screen.”

“With the spike in opioid-related overdose deaths during the Covid-19 pandemic, we recognize that today’s announcement is important and timely,” said Christopher Wray, FBI director. “The FBI wants to assure the American public, and the world, that we are committed to identifying dark net drug dealers and bringing them to justice.” He further added.