A round-up of this week’s digital forensics news and views:
BreachForums seized by FBI for 2nd time
In a significant move against cybercrime, the FBI has once again seized control of BreachForums, a notorious online platform linked to cybercriminal activities. The homepage now displays a seizure notice, with the FBI urging those with knowledge of illicit activities on the forum to come forward. This marks the second takedown of the forum, highlighting the persistent challenge law enforcement faces as such platforms often resurface under new domains. The event underscores the essential need for robust international cooperation and enhanced cybersecurity measures to effectively counter these continually adapting online threats.
How quantum cybercrime is already happening
Quantum technology is poised to greatly increase the potential threats in cybercrime, as highlighted by EU policymakers. This technology’s emergence is setting the stage for more advanced and complex cyberattacks, emphasizing the urgent need for enhanced cybersecurity measures to address future challenges.
First LockBit, now BreachForums: Are cops winning the war or just a few battles?
In a recent surge against cybercrime, the FBI and international law enforcement agencies have successfully taken down BreachForums, a notorious ransomware brokerage site. This comes shortly after actions against the LockBit ransomware group, including sanctions against its leader and infiltration of its website. The takedown of BreachForums, which was similarly targeted in June 2023, signals ongoing efforts to combat digital criminal networks. The site boasted control by the FBI, even displaying the profile pictures of key admins, Baphomet and ShinyHunters, marking a significant but perhaps incremental victory in the broader war on cybercrime.
A hybrid artificial intelligence framework for enhancing digital forensic investigations of infotainment systems
Infotainment systems in vehicles contain data that can provide valuable insights for forensic investigations, but analyzing this data is challenging due to variations across manufacturers and noise in the data. The paper proposes a hybrid AI framework combining unsupervised learning clustering and language model analysis to improve extraction of forensically relevant information from infotainment system data. When applied to sample Hyundai and Mitsubishi datasets, the hybrid approach enhanced recall of data like contact names, phone numbers, and song names while also enabling discovery of additional forensic information compared to clustering alone.
Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware
Cybercriminals are exploiting Microsoft’s Quick Assist tool to launch social engineering attacks that distribute Black Basta ransomware. Microsoft has acknowledged the issue and is enhancing Quick Assist’s security features, including adding warnings to alert users about potential tech support scams. The company also recommends that organizations disable or remove Quick Assist and similar remote management tools if they are not in use to mitigate the risk of such attacks.
Lana Ramjit, Director Of Operations, Clinic To End Tech Abuse
Lana has a background in computer science and sexual violence response, and now serves as Director of Operations at the Clinic To End Tech Abuse which provides services to survivors of intimate partner violence involving technology-facilitated abuse. The Clinic instruments their services to conduct research on tech abuse patterns and give feedback to technology platforms, while the Technology Abuse Clinic Toolkit aims to help set up new clinics. As technology rapidly advances, the Clinic works to stay ahead of emerging abuse tactics involving AI, deepfakes, and other evolving threats.
Shady hideouts, fake SIMs, low tolerance for ‘snitches’ — how Nuh turned into cybercrime hotbed
Nuh, a region long affected by poverty and underdevelopment, has become a notorious hub for cybercrime, rivaling Jamtara in Jharkhand. Cybercrime here operates almost like a cottage industry where minimal investment and basic technological skills suffice to engage in illegal activities. This has provided a perverse form of livelihood in an area with limited economic opportunities, where even those not directly involved in crimes show little tolerance for informants. The allure of quick money and a flashy lifestyle continues to attract participants, embedding cybercrime deeply into the local socio-economic fabric.
The FBI’s Brett Leatherman on LockBitSupp’s unmasking; a spyware reckoning in Poland
In a significant cybercrime breakthrough, the FBI, alongside international agencies, recently revealed the identity of LockbitSupp, the notorious figure behind the leading LockBit ransomware. Dmitry Yuryevich Khoroshev, allegedly operating as LockbitSupp, faces indictment for his role in managing this widespread ransomware service. In discussion with Elias Groll, FBI’s Brett Leatherman details the agency’s strategies against LockBit and broader cybercrime challenges. Additionally, CyberScoop’s Tim Starks explores Poland’s pioneering efforts in addressing spyware misuse, highlighting a push towards greater accountability in the digital realm.
Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments
The UK government plans to tackle ransomware more aggressively by introducing a policy that mandates victims to report such attacks and requires them to obtain a government license before paying any ransoms. This move aims to shed light on the actual frequency of ransomware incidents, which currently remains unclear due to underreporting. The National Cyber Security Centre and the Information Commissioner’s Office have expressed increasing concern over the secretive nature of ransomware reporting, noting a record number of data breaches linked to these attacks in 2023.
Cybercrime in the AI era
A finance worker was tricked into performing a secret transaction involving 200 million Hong Kong dollars after a video call featuring deepfake images of the CFO and other senior staff, highlighting the growing sophistication of AI-based social engineering scams. As organizations increasingly restrict generative AI tools over data privacy concerns, cybercriminals are leveraging AI to enhance their phishing tactics, while businesses consider AI to alleviate cybersecurity skill shortages and burnout among cybersecurity professionals.