Analyzing leaked internal communication logs, security researchers are piecing together how one of the most notorious ransomware groups infiltrates its victims. Black Basta, one of the most successful ransomware groups over the past several years, had a major leak of its internal communications recently. The logs provide a glimpse into the playbook of a high-profile ransomware group and its preferred methods for gaining initial access to networks, as analysis from security researchers shows.
“Key attack vectors used by Black Basta include scanning for exposed RDP [remote desktop protocol] and VPN services — often relying on default VPN credentials or brute-forcing stolen credentials to gain initial access — and exploiting publicly known CVEs when systems remain unpatched,” researchers from patch management firm Qualys wrote in an analysis of the leaked logs.
Meanwhile, cyber threat intelligence firm KELA has observed correlations between the 3,000 unique credentials present in the leaked logs and previous data dumps from infostealing malware, suggesting relationships with other threat groups who are collecting and then selling such data.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Adversaries like the group being tracked as Storm-2139 are already finding ways to bend and break guardrails around generative artificial intelligence (GenAI) services, and Microsoft is pushing back with a name-and-shame campaign intended to break up their little cybercrime party.
Microsoft’s digital crimes unit named four men — Iranian Arian Yadegarnia, Alan Krysiak from the UK, Hong Kong’s Ricky Yuen, and Phát Phùng Tấn from Vietnam — who were selling unauthorized access to Azure AI services along with step-by-step instructions for generating titillating images of celebrities and others.
This activity is prohibited under the terms of use for our generative AI services and required deliberate efforts to bypass our safeguards,” said Steven Masada, assistant general counsel of Microsoft’s digital crimes unit, in a statement. “We are not naming specific celebrities to keep their identities private and have excluded synthetic imagery and prompts from our filings to prevent the further circulation of harmful content.
Microsoft filed a lawsuit against the group members last month and was able to seize a website behind the operation, he explains. Subsequently, Microsoft attorneys were “doxed,” having personal information posted publicly in retaliation.
Microsoft is responding with an amended complaint along with the public naming of those they believe are behind the cyberattack, known as LLMjacking.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Cybercriminals are increasingly exploiting gen AI technologies to enhance the sophistication and efficiency of their attacks.
Artificial intelligence is revolutionizing the technology industry and this is equally true for the cybercrime ecosystem, as cybercriminals are increasingly leveraging generative AI to improve their tactics, techniques, and procedures and deliver faster, stronger, and sneakier attacks.
But as with legitimate use of emerging AI tools, abuse of generative AI for nefarious ends isn’t so much about the novel and unseen as it is about productivity and efficiency, lowering the barrier to entry, and offloading automatable tasks in favor of higher-order thinking on the part of the humans involved.
“AI doesn’t necessarily result in new types of cybercrimes, and instead enables the means to accelerate or scale existing crimes we are familiar with, as well as introduce new threat vectors,” Dr. Peter Garraghan, CEO/CTO of AI security testing vendor Mindgard and a professor at the UK’s Lancaster University, tells CSO.
Garraghan continues: “If a legitimate user can find utility in using AI to automate their tasks, capture complex patterns, lower the barrier of technical entry, reduced costs, and generate new content, why wouldn’t a criminal do the same?
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
