www.trustwave.com
Open in
urlscan Pro
52.151.96.240
Public Scan
URL:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/law-enforcement-collaboration-has-eastern-european-cybercr...
Submission: On December 09 via api from US — Scanned from GB
Submission: On December 09 via api from US — Scanned from GB
Form analysis 4 forms found in the DOM
<form><span class="fieldset">
<p><input type="checkbox" value="check" id="chkMain" checked="" class="legacy-group-status optanon-status-checkbox"><label for="chkMain">Active</label></p>
</span></form>GET /en-us/search/
<form method="get" target="_self" action="/en-us/search/">
<div class="mb-7">
<input type="text" class="form-control" id="q" name="q" placeholder="Search trustwave.com">
</div>
</form>GET https://www2.trustwave.com/Subscription-Center-Subscribe.html
<form method="get" target="_blank" action="https://www2.trustwave.com/Subscription-Center-Subscribe.html">
<div class="row g-7">
<div class="col-md-6 col-lg-7">
<input type="text" class="form-control" name="Email" placeholder="Email Address">
</div>
<div class="col-md-6 col-lg-5">
<button class="btn btn-primary w-100" type="submit">Subscribe</button>
</div>
</div>
</form><form></form>Text Content
Cookie Notice
We use cookies to provide you a relevant user experience, analyze our traffic,
and provide social media features. Privacy Policy
Close
GOT IT
* Your Privacy
* Strictly Necessary Cookies
* Performance Cookies
* Functional Cookies
* Targeting Cookies
* Privacy Policy
Privacy Preference Centre
Active
Always Active
Save Settings
Allow All
* Services
Services
*
Managed Detection & Response Eradicate cyberthreats with world-class intel
and expertise
*
Managed Security Services Expand your team’s capabilities and strengthen
your security posture
*
Consulting & Professional Services Tap into our global team of tenured
cybersecurity specialists
*
Penetration Testing Subscription- or project-based testing, delivered by
global experts
*
Database Security Get ahead of database risk, protect data and exceed
compliance requirements
*
Email Security Catch email threats others miss and prevent data loss
View All Trustwave Services
* Solutions
Solutions
BY INDUSTRY
* Education
* Financial Sector
* Government
* Healthcare
* Hotels
* Legal
* Payment Services
* Restaurants
* Retail
BY REGULATION
* Data Privacy
* CMMC
* FISMA
* GDPR
* GLBA
* HIPAA
* ISO
* PCI
* SOX
BY TOPIC
* Microsoft Exchange Server Attacks Stay protected against emerging threats
* Rapidly Secure New Environments Security for rapid response situations
* Securing the Cloud Safely navigate and stay protected
* Securing the IoT Landscape Test, monitor and secure network objects
* Why Trustwave
Why Trustwave
* The Trustwave Approach A focus on threat detection and response
* Trustwave SpiderLabs Team Researchers, ethical hackers and responders
* Trustwave Fusion Platform Unprecedented security visibility and control
* SpiderLabs Fusion Center Our cybersecurity command center
* Security Operations Centers Distributed worldwide defense nodes
* Partners
Partners
* Technology Alliance Partners Key alliances who align and support our
ecosystem of security offerings
* Trustwave PartnerOne Program Join forces with Trustwave to protect against
the most advance cybersecurity threats
* Register
Login
* Resources
Resources
BLOGS
* Trustwave Blog
* SpiderLabs Blog
UPCOMING
* Webinars
* Events
MEDIA & ASSETS
* Document Library
* Video Library
* Analyst Reports
* Webinar Replays
* Case Studies
* Trials & Evaluations
NOTICES
* Security Advisories
* Software Updates
HELP
* Contact
* Support
* Login
Login
Fusion Platform Login
What is the Trustwave Fusion Platform?
* MailMarshal SEG Login
* Legacy TrustKeeper Login
* Incident Response
Incident Response
EXPERIENCING A SECURITY BREACH?
Get access to immediate incident response assistance.
24 HOUR HOTLINES
* AMERICAS
+1 855 438 4305
* EMEA
+44 8081687370
* AUSTRALIA
+61 1300901211
* SINGAPORE
+65 68175019
Recommended Actions
Loading...
BLOGS & STORIES
SPIDERLABS BLOG
Attracting more than a half-million annual readers, this is the security
community's go-to destination for technical breakdowns of the latest threats,
critical vulnerability disclosures and cutting-edge research.
LAW ENFORCEMENT COLLABORATION HAS EASTERN-EUROPEAN CYBERCRIMINALS QUESTIONING
WHETHER THERE IS A SAFE HAVEN ANYMORE
access_timeDecember 08, 2021
person_outlineTrustwave SpiderLabs
share
*
*
*
Through the active Dark Web research that Trustwave SpiderLabs conducts for its
clients, we have observed new communications on various Dark Web forums between
Eastern-European cybercriminals.
Based on the conversations that we’ve collected, a segment of cybercriminals is
now worried that the Russian authorities may be actively hunting them down. One
of the forum members on the Dark Web even went as far as to state that they
believed there were “recent secret negotiations on cybercrime between the
Russian Federation and the United States.”
Все решается втихаря, в кабинетах.
А кто какие игры ведет в закулисье ..- бессмысленно гадать. Мы не знаем (всего).
Кстати, вот - недавние тайные переговоры о киберпреступности РФ и США тому
пример."
Everything is decided on the sly, in the offices.
And who and which game is actually playing in the backstage ..- it is pointless
to guess. We don't know (everything).
Incidentally, there are the recent secret negotiations on cybercrime between the
Russian Federation and the United States. "
10 Nov 2021, 10:09 PM, Forum: Exploit
Other cybercriminals, however, are still living large, according to recent news.
A REvil hacker wanted by the FBI for ransomware and money laundering activities,
Yevgyeniy Igoryevich Polyani, was seen in Barnaul driving a $74,000 Toyota Land
Cruiser and owns a BMW worth up to $108,000.
HACKERS HAVE PICKED UP ON CURRENT EVENTS
Back on June 16, 2021, U.S. President Joe Biden met with Russian President
Vladimir Putin in Geneva, Switzerland. Part of their conversation was reportedly
the growing number of ransomware attacks on U.S. companies and critical
infrastructure.
After Biden publicly stated he expected to see results from his conversations on
ransomware with Putin in June, forum threads dedicated to recent arrests almost
immediately began focusing on potential takedowns, and later, the possibility of
one of their own cooperating with law enforcement.
Just months prior, these forum members would joke about being caught and
arrested. But now, these same forum members are discussing how to prepare
themselves for the possibility of being captured or potential sentences for
crimes. Others, meanwhile, refuse to be scared.
“никто рансомварщиков в ру не будет закрывать, максимум попросят быть тише и
делиться не нагоняй жути”
“no one will put to the jail the ransomware gang members in RU, maximum you will
be asked to be quieter and to share, do not be scared “
17 June 2021, 7:41 AM, Forum: h0st
--------------------------------------------------------------------------------
В политике часто личности становятся разменной монетой (от древнего Рима). Нет
никаких гарантий, что 272 ст.УК РФ никогда не будет применена из-за чернухи к
тем, кто работает по юсе.
и да, ВВП не вечен. Кто придет на смену и какие будут внешнеполитические
договоренности, отношения, да и внутренние акценты в правоприменительной
практике, никто не знает.”
In politics, individuals often become a bargaining chip (from ancient Rome).
There are no guarantees that Article 272 of the Criminal Code of the Russian
Federation will never be applied because of the criminal operations to those who
work in the US.
and yes, Putin is not eternal. Who will replace and what will be the foreign
policy agreements, relations, and the internal accents in law enforcement
practice, no one knows.”
8 Nov 2021, 9:39 PM, Forum: Exploit
--------------------------------------------------------------------------------
Весь вопрос в том, к чему вы готовы, если начнется охота. За вами.
Вот мне на днях отвели два месяца жизни - и это на самом деле несерьезно.
Ресурсов не хватит, у того кто угрожал.
Но призадумалась.... а если бы серьезно?
Отсюда и вопрос - кто что делать будет, если из уютной норы начнут тянуть?”
The whole question is, what are you ready for if the hunt begins on you.
So the other day I was given two months of life - and this is actually not
serious. The resources won't be enough, the one who threatened.
But it makes me wonder .... and if it were serious?
Hence the question - who will do what if they start pulling from a cozy hole?”
9 Nov 2021, 5:16 AM, Forum: Exploit
On July 2, shortly after the June meeting between Biden and Putin, the Kaseya
VSA attacks occurred – a mass-scale ransomware campaign that was attributed to
Russia-based cybergang REvil.
On July 9, Biden pressed Putin on a phone call about the attacks again.
“I made it very clear to [Putin] that the United States expects, when a
ransomware operation is coming from their soil even though it’s not, not,
sponsored by the state, that we expect them to act,” said Biden.
On July 13, the REvil gang began to disappear from the Internet (before briefly
reappearing and then seemingly shut down in October), and more arrests were made
due to the collaboration between several law enforcement agencies
internationally.
DARK WEB FORUMS SHINE A LIGHT ON THE MINDS OF CYBERCRIMINALS
Dark Web forums are very much a window into the soul of the cybercriminal
community, and it is the place threat actors can create a society.
By regularly monitoring the Dark Web, security professionals can gain valuable
insights into emerging trends and specific threat intelligence to improve their
defensive techniques. They can leverage chatter on Dark Web forums as an early
warning system, alerting them to new bots, viruses or malware that have appeared
on the scene. Monitoring the Dark Web can provide early notification of an
attack on a specific organization(s) too. Chatter on the Dark Web mentioning
some form of access or the sale of credentials, names of executives and other
information that is specific to an organization can be a giveaway you’re under
attack or are being highly targeted.
This early warning gives security professionals time to harden their defenses
and update their response playbooks, enabling them to mitigate the risk of the
threat being used against their organization or respond more quickly if an
attack does occur. If they see a discussion of a new social engineering
technique or phishing lure, they can proactively update their email security
settings and warn employees to be on the lookout.
A wide variety of activities take place in these extremely active Dark Web
forums. The topics cover everything from discussing rumors and gossip – to
selling malware or commercial secrets, data stolen by ransomware attacks, hiring
developers to write a new malware, and recruiting. The chat rooms are also a
place where those looking to break into the underground can find work and build
their reputation amongst local gangs.
Other activities include posting translations of publications, including press
reports on ransomware arrests and activity. There are even news sites for
cybercriminals – with information on the latest occurrences and other
information that may be useful for threat actors. If you are new to the
cybercriminal world, you can study the field you’re interested in joining and
possibly get brought in to start doing some entry-level criminal activity.
THE NEXT MOVE FOR ORGANIZED CYBERCRIMINALS
Eastern-European ransomware operators are increasingly trapped. It appears they
may no longer be entirely safe in their own country, and they cannot physically
pick up their operations and move to another location with extradition treaty
agreements in place with other countries.
In just the last few months, we have seen some results of geopolitical
collaboration efforts. Getting a handle on ransomware and bringing
cybercriminals to justice seems to be becoming a global priority. And this
should scare threat actors.
We will likely see groups toggle ‘offline’ and ‘online’ – as we’ve seen with
REvil before – in order to cover their tracks when law enforcement gets too
close. We may also see some gangs go dark and close their business, and other
groups emerging to pick their share.
We anticipate that these organized gangs will likely physically stay put in
their home countries because even though it is not as ‘safe’ as it once was for
cybercrime, cyber gang members are still less likely to be caught on their ‘home
turf’. Many of these cybercriminals want to stay where they belong, where their
families and friends reside, and where the local language is familiar, and many
of their contacts exist.
Also, the corruption in many Eastern European countries means cybercriminals
have a better chance of escaping even if they do get into trouble.
WHAT ORGANIZATIONS CAN DO TO DEFEND AGAINST TARGETED RANSOMWARE ATTACKS
Ransomware will not stop. We do not expect a decline in ransomware attacks
because the rewards are too great for those involved. Organizations of all sizes
need to be prepared – but especially those in manufacturing, critical
infrastructure, finance and healthcare. These types of organizations hold
sensitive data and are seen as more willing to pay a ransom due to the vital
services they provide.
Having a strong cybersecurity posture across your various networks and
infrastructures by ensuring your organization executes best security practices
is critical to avoid becoming a ransomware gang victim. Here’s a short list of
actions that we recommend all organizations follow to ensure they are prepared
for targeted ransomware attacks.
* Run supported versions of software
* Always patch and do it quickly
* Maintain regular air-gapped backups. Practice restores from these backups
* Use effective security email gateways and endpoint protection
* Enforce strong password policy and use multi-factor authentication (MFA)
* Deploy network and data segmentation
* Pen-test your environment and minimize access rights (e.g. RDP)
* Use Dark Web monitoring of your assets (domains, executive names, etc.)
* Have a plan for a ransomware attack
* Refrain from paying ransoms
RELATED SPIDERLABS BLOGS
2 weeks ago
MODSECURITY DOS VULNERABILITY IN JSON PARSING (CVE-2021-42717)
SpiderLabs Blog
1 month ago
CRYPKEY LICENSE SERVICE ALLOWS PRIVILEGE ESCALATION
SpiderLabs Blog
1 month ago
BLACKBYTE RANSOMWARE – PT. 1 IN-DEPTH ANALYSIS
SpiderLabs Blog
* About
* Contact
* Support
* Careers
* News Releases
STAY INFORMED
Sign up to receive the latest security news and trends from Trustwave.
Subscribe
SERVICES
* Managed Detection & Response
* Managed Security Services
* Consulting & Professional Services
* Penetration Testing
* Database Security
* Email Security
* All Services
WHY TRUSTWAVE
* The Trustwave Approach
* Trustwave SpiderLabs
* SpiderLabs Fusion Center
* Trustwave Fusion Platform
* Securing Operation Centers
PARTNERS
* Global Technology Partners
* PartnerOne Program
* Become a Partner
* PartnerOne Portal Login
COMPANY
* Leadership Team
* Our History
* Awards & Accolades
* Global Locations
* Careers
* Media Coverage
* News Releases
SOLUTIONS BY TOPIC
* Microsoft Exchange Server Attacks
* Securing the Cloud
* Rapidly Securing New Environments
* Securing the IoT Landscape
SOLUTIONS BY INDUSTRY
* Education
* Financial Sector
* Government
* Healthcare
* Hotels
* Legal
* Payment Services
* Restaurants
* Retail
SOLUTIONS BY REGULATION
* Data Privacy
* CMMC
* FISMA
* GDPR
* GLBA
* HIPAA
* ISO
* PCI
* SOX
BLOGS
* Trustwave Blog
* SpiderLabs Blog
UPCOMING
* Webinars
* Events
MEDIA & ASSETS
* Document Library
* Video Library
* Analyst Reports
* Webinar Replays
* Case Studies
* Trials & Evaluations
NOTICES
* Security Advisories
* Software Updates
HELP
* Contact
* Support
English German (Deutsche) Japanese (日本語)
* Legal
* Terms of Use
* Privacy Policy
Copyright © 2021 Trustwave Holdings, Inc. All rights reserved.
Loading
HELP US STOP THE ROBOT UPRISING
This is a bot-free zone. Please check the box to let us know you're human.
THANK YOU
Download Now
--------------------------------------------------------------------------------
Read complimentary reports and insightful stories in the
Trustwave Resource Center
THANK YOU
One of our sales specialists will be in touch shortly.
--------------------------------------------------------------------------------
Read complimentary reports and insightful stories in the
Trustwave Resource Center