A round-up of this week’s digital forensics news and views:
Testing a hybrid risk assessment model: Predicting CSAM offender risk from digital forensic artifacts
Researchers conducted a feasibility study for a hybrid risk assessment model that combines traditional tools with digital forensic artifacts to predict child sexual abuse material (CSAM) offender risk. The study analyzed seven closed cases, examining factors such as pornography collections and evidence of networking activities on offenders’ devices. The hybrid model accurately predicted offender categories and risk levels in 6 out of 7 cases, suggesting that incorporating digital forensic artifacts into risk assessments is promising and warrants further investigation.
Europol says mobile roaming tech is making its job too hard
Europol has released a position paper expressing concerns about SMS home routing technology, which allows mobile users to access services while abroad but is hindering criminal investigations. The agency argues that privacy-enhancing technologies (PETs) used in home routing setups make it difficult for law enforcement to access unencrypted data from foreign suspects, even when crimes are committed in their jurisdiction. Europol is calling for solutions, including potentially banning PETs in home routing, to retain investigatory powers while balancing security and privacy concerns.
Technology and cyber crime: how to keep out the bad guys
Cyber crime is increasingly concerning for governments and businesses, with anticipated costs reaching $9.5tn in 2024. Ransomware attacks, data breaches, and social engineering tactics are prevalent, targeting various sectors but particularly finance. To combat these threats, organizations are advised to implement strict security protocols, collaborate on information sharing, adopt zero-trust systems, and educate employees on cyber risks.
The Wiretap: This Company Raised $21 Million To Build An AI Assistant For Data Breach Investigations
Command Zero, a new cybersecurity startup, has emerged from stealth with $21 million in seed funding to use AI for helping companies recover from data breaches. The startup employs large language models to assist cyber investigators in analyzing company networks after attacks, providing easy-to-understand answers and guiding them through potential avenues of investigation. Rather than replacing incident response teams, Command Zero aims to significantly reduce the time spent on manual tasks, with early adopters reportedly resolving complex cases in minutes instead of hours.
Setting The Standard For Image And Video Forensics In The US With Amped Software
Blake Sawyer from Amped Software joins the Forensic Focus Podcast to discuss video and image forensics in the US. He shares insights on the challenges of working with low-quality CCTV footage and how Amped Software has grown and been adopted in the US market. The conversation delves into the role of the Scientific Working Group on Digital Evidence (SWGDE) in developing best practices for the field and how these standards influence product development. It also covers Amped’s new DeepPlate technology for license plate recognition and emphasizes the importance of error margins in AI-assisted forensic analysis.
New ransomware group uses phone calls to pressure victims, researchers say
A new ransomware group named Volcano Demon has been discovered, targeting manufacturing and logistics companies with at least two successful attacks in the past two weeks. Unlike other ransomware groups, Volcano Demon doesn’t use a public leaks website but instead employs threatening phone calls to negotiate payments with victim organizations. The group uses a previously unknown ransomware called LukaLocker and employs a double extortion technique, exfiltrating data before encrypting it to maximize chances of payment.
Victims of cyber extortion and ransomware increase in 2024
A new report by Orange Cyberdefense reveals a significant increase in ransomware victims over the past year, with 4,374 new victims detected across 75% of monitored countries. The research highlights a 77% year-on-year growth from 2023, with small businesses being particularly vulnerable. The study also identified over 200 cases of “re-victimization,” where victims were targeted multiple times, often within a few months. This trend of repeat attacks is becoming more prevalent, with the largest detection of re-victimization occurring in Q1 2024.
Scotland biometrics commish wants ICO to look into cops use of cloud
The Scottish biometrics watchdog has called for an investigation into Police Scotland’s use of Microsoft’s cloud services after Microsoft revealed it could not ensure UK policing data would remain in the UK. This issue affects the £33 million Digital Evidence Sharing Capability (DESC) system, which includes sensitive data like biometrics. Concerns were raised due to the lack of formal consultation with the UK’s Information Commissioner Office (ICO) and potential non-compliance with UK data protection laws.
Europol coordinates global action against criminal abuse of Cobalt Strike
Law enforcement and private sector partners collaborated to combat the misuse of the Cobalt Strike red teaming tool by criminals, targeting older, unlicensed versions through a coordinated Europol operation from June 24-28. The effort, led by the UK National Crime Agency and involving international authorities, resulted in flagging 690 IP addresses associated with criminal activity, with 593 addresses disabled by the end of the week. The operation, part of a complex investigation begun in 2021, underscores the importance of private sector cooperation in enhancing cybersecurity and disrupting cybercriminal activities.