Friday, November 13, 2015

The good life of cybercriminals

“The first impression of the Brazilian cybercriminals is they love boast of the money stolen and the good life of being a criminal. They compared themselves to Robin Hood”. That’s the beginning of an interesting report about the Brazilian computing underground, made by Fabio Assolini. Today we talk about other criminals too, like the criminals who rent ransomware services, or those who make DDoS attacks and ask for a rescue. We found a lot of different people in this world, even managers from Apple who don’t need criminals to create a great chaos. 

The report “Beaches, carnival and cybercrime: a look to the Brazilian underground” by Kaspersky Lab makes a conscientious analysis about one of the older, more creative and more colorful cybercriminal communities of the world, specialized in bank Trojans and phishing campaigns. During many years, Brazilian laws didn’t contemplate the cybercrime, which has made grown up this community with a high sentiment of impunity. So, they boast about the money stolen, their luxury life and the prostitutes who hire in the pics the show on social networks. Interesting reading.

Ramsonware as a service

We don’t leave the underworld of cybercrime because a new service of ransomware is announced in the black market: the client pays a bail of 50 dollars and he compromises to give 10% of the booty to sellers. In exchange, he receives a custom ransomware. And for a little bit more, they offer exploits to attack the machines where the virus will be installed too. A similar service, the only known until now, ask for the 30% of their clients booty, which allows to predict the great success to the new one.

DDoS against mail providers

And we keep talking yet about the “bad guys” activities because in the last 15 days they have crushed the tiny providers of mail service: ProtonMail, HushMail, RunBox, VFEmail, Zoho and yesterday FastMail have suffered strong denial of service attacks. The schedule was always the same: the service receives a message warning they’ll suffer a DDoS attack in the next hours, unless they pay a rescue between 10 and 20 Bitcoins. Nobody paid except ProtonMail, who discovered that making it didn’t avoid the DDoS.

Apple´s forgetting

We should be remember anyway that security begins by oneself, and not always people with bad reputation and desires to earn money have the blame. The perfect example of this is what happened with Apple: nobody remembered to renovate the security certificates that avoids piracy and suddenly all the apps downloaded from Mac Apple Store stopped working. The mess was monumental. 

This is how we finish this week full of security incidents, as usual. We remind our readers the Sunday they’ll enjoy our weekly interview, this time with  Juan Antonio Calles, from Flu Project.


Post a Comment