Digital Forensics Round-Up, May 22 2024

A round-up of this week’s digital forensics news and views:


BreachForums seized by FBI for 2nd time

In a significant move against cybercrime, the FBI has once again seized control of BreachForums, a notorious online platform linked to cybercriminal activities. The homepage now displays a seizure notice, with the FBI urging those with knowledge of illicit activities on the forum to come forward. This marks the second takedown of the forum, highlighting the persistent challenge law enforcement faces as such platforms often resurface under new domains. The event underscores the essential need for robust international cooperation and enhanced cybersecurity measures to effectively counter these continually adapting online threats.

Read More (SC Media)


How quantum cybercrime is already happening

Quantum technology is poised to greatly increase the potential threats in cybercrime, as highlighted by EU policymakers. This technology’s emergence is setting the stage for more advanced and complex cyberattacks, emphasizing the urgent need for enhanced cybersecurity measures to address future challenges.

Read More (Silicon Republic)


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.



First LockBit, now BreachForums: Are cops winning the war or just a few battles?

In a recent surge against cybercrime, the FBI and international law enforcement agencies have successfully taken down BreachForums, a notorious ransomware brokerage site. This comes shortly after actions against the LockBit ransomware group, including sanctions against its leader and infiltration of its website. The takedown of BreachForums, which was similarly targeted in June 2023, signals ongoing efforts to combat digital criminal networks. The site boasted control by the FBI, even displaying the profile pictures of key admins, Baphomet and ShinyHunters, marking a significant but perhaps incremental victory in the broader war on cybercrime.

Read More (The Register)


A hybrid artificial intelligence framework for enhancing digital forensic investigations of infotainment systems

Infotainment systems in vehicles contain data that can provide valuable insights for forensic investigations, but analyzing this data is challenging due to variations across manufacturers and noise in the data. The paper proposes a hybrid AI framework combining unsupervised learning clustering and language model analysis to improve extraction of forensically relevant information from infotainment system data. When applied to sample Hyundai and Mitsubishi datasets, the hybrid approach enhanced recall of data like contact names, phone numbers, and song names while also enabling discovery of additional forensic information compared to clustering alone.

Read More (Science Direct)


Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

Cybercriminals are exploiting Microsoft’s Quick Assist tool to launch social engineering attacks that distribute Black Basta ransomware. Microsoft has acknowledged the issue and is enhancing Quick Assist’s security features, including adding warnings to alert users about potential tech support scams. The company also recommends that organizations disable or remove Quick Assist and similar remote management tools if they are not in use to mitigate the risk of such attacks.

Read More (The Register)


Lana Ramjit, Director Of Operations, Clinic To End Tech Abuse

Lana has a background in computer science and sexual violence response, and now serves as Director of Operations at the Clinic To End Tech Abuse which provides services to survivors of intimate partner violence involving technology-facilitated abuse. The Clinic instruments their services to conduct research on tech abuse patterns and give feedback to technology platforms, while the Technology Abuse Clinic Toolkit aims to help set up new clinics. As technology rapidly advances, the Clinic works to stay ahead of emerging abuse tactics involving AI, deepfakes, and other evolving threats.

Read More (Forensic Focus)


Shady hideouts, fake SIMs, low tolerance for ‘snitches’ — how Nuh turned into cybercrime hotbed

Nuh, a region long affected by poverty and underdevelopment, has become a notorious hub for cybercrime, rivaling Jamtara in Jharkhand. Cybercrime here operates almost like a cottage industry where minimal investment and basic technological skills suffice to engage in illegal activities. This has provided a perverse form of livelihood in an area with limited economic opportunities, where even those not directly involved in crimes show little tolerance for informants. The allure of quick money and a flashy lifestyle continues to attract participants, embedding cybercrime deeply into the local socio-economic fabric.

Read More (The Print)


The FBI’s Brett Leatherman on LockBitSupp’s unmasking; a spyware reckoning in Poland

In a significant cybercrime breakthrough, the FBI, alongside international agencies, recently revealed the identity of LockbitSupp, the notorious figure behind the leading LockBit ransomware. Dmitry Yuryevich Khoroshev, allegedly operating as LockbitSupp, faces indictment for his role in managing this widespread ransomware service. In discussion with Elias Groll, FBI’s Brett Leatherman details the agency’s strategies against LockBit and broader cybercrime challenges. Additionally, CyberScoop’s Tim Starks explores Poland’s pioneering efforts in addressing spyware misuse, highlighting a push towards greater accountability in the digital realm.

Read More (Cyberscoop)


Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments

The UK government plans to tackle ransomware more aggressively by introducing a policy that mandates victims to report such attacks and requires them to obtain a government license before paying any ransoms. This move aims to shed light on the actual frequency of ransomware incidents, which currently remains unclear due to underreporting. The National Cyber Security Centre and the Information Commissioner’s Office have expressed increasing concern over the secretive nature of ransomware reporting, noting a record number of data breaches linked to these attacks in 2023.

Read More (The Record)


Cybercrime in the AI era

A finance worker was tricked into performing a secret transaction involving 200 million Hong Kong dollars after a video call featuring deepfake images of the CFO and other senior staff, highlighting the growing sophistication of AI-based social engineering scams. As organizations increasingly restrict generative AI tools over data privacy concerns, cybercriminals are leveraging AI to enhance their phishing tactics, while businesses consider AI to alleviate cybersecurity skill shortages and burnout among cybersecurity professionals.

Read More (IT Web)

Leave a Comment