By Joe Fay
US DoJ offers $10 million reward for ransomware bandit. Spyware firm rewards lobbyists. Bots drive digital fraud. China bans memory chipmaker Micron over “network security” and Taiwan hit with cyber nasty barrage.
U.S. DoJ Offers Multimillion Reward for Prolific Russian Ransomware Merchant
The U.S. Department of Justice (DoJ) has put a $10 million bounty on a Russian national accused of conspiring to deploy three key ransomware variants. The agency has accused Mikhail Pavlovich Matveev, aka Wazawaka, aka m1x, aka Boriselcin, aka Uhodiransomwar, of “conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers”. It said Matveev has “participated in conspiracies” to deploy LockBit, Babuk and Hive and attack victims in the U.S. and worldwide. Total ransom demands made by members of the ransomware campaigns amounted to $400 million, the DoJ said, with payments coming in at $200 million. Matveev is currently resident in Russia.
Israeli Firm Spends Big to Get Pegasus Flying Again in U.S.
The Israeli firm behind the Pegasus spyware has been lobbying hard to get itself off a U.S. government blacklist. NSO Group was added to the “entity list” after its tooling was used by foreign governments, including repressive regimes, to maliciously target government officials, journalists, activists, and others. Non-profit research group OpenSecrets said Pegasus was one of Israel’s “top lobbying entities” in the U.S., having spent more than $2.9 million since 2020 to get back in the U.S.’ good books. In March 2023, President Biden signed an order limiting the use of commercial spyware – but this was largely aimed at repressive regimes.
U.K. Government Issues Smart City Cybersecurity Guidance
The U.K.’s Department for Science, Innovation and Technology (DIST), the department recently spun out of what was the Department for Digital, Culture, Media and Sport (DCMS) has issued guidance for local authorities on tackling cybersecurity in “connected places” such as smart cities. DIST’s definition of connected place spans transport, social care settings, environmental monitoring, and critical infrastructure and utilities. It notes that while connected places can enhance quality of life for citizens, they are also vulnerable to cyberattacks without the “necessary protection”. The guide lays out advice for authorities on threat analysis, governance, and procurement, and highlights previously issued National Cyber Security Centre (NCSC) advice on the topic.
LexisNexis Report Shows Bots Driving Digital Fraud as Economies Opened Up
Research by LexisNexis shows that digital fraud rose 20% in 2022, partly due to the reopening of economies. The organization said that “Reports of industrial-scale scam centers and gangs in Asia and Eastern Europe confirm that scams have become the latest organized digital crime, operating professionally and cross-border.” Human initiated attacks were up 20% on the year, while automated bot attacks were up 27%. Bot attacks were particularly hard on the ecommerce sector, up 195% according to the figures.
China Bans Micron, Citing Network Security Risks
U.S. memory giant Micron has said it is looking forward to engaging with authorities in Beijing after the Cyberspace Administration of China (CAC) effectively banned the company’s products from key sectors in the country. The CAC said Micron had failed a network security review and operators of critical infrastructure were now banned from using its products. The review claimed Micron’s products “pose significant security risks to China's critical information infrastructure supply chain, affecting China's national security”. China’s definition of critical is broad, including transport and finance, it added. The ban was announced as G7 countries met in Japan, where Micron has recently announced investment.
China-Taiwan Tensions Mirrored by Spike In Cyberattacks
China’s increasing belligerence towards Taiwan has been paralleled a “noticeable increase in cyberattacks” towards the island state. Researchers at Trellix have reported a surge in email attacks on various industries, particularly networking/IT, manufacturing and logistics, “with the goal of delivering malware and stealing sensitive information”. Trellix also highlighted an increase in detections of PlugX, a remote access tool associated with China-linked threat groups. Taiwan’s central role in the semiconductor industry makes the prospect of conflict in the region particularly worrying for the world economy in general, and tech sector in particular.