‘Criminals will resurface’ after FBI takedown of $100m ransomware gang

Until law enforcement capture the criminals, there is a high chance they will resurface under a new identity,’ warns Mark Lamb, CEO of HighGround after the FBI’s ‘digital stakeout’ of the Hive ransomware gang. 

The ransomware-as-a-service gang is thought to have earned $100m by targeting 1500 victims in 80 countries including hospitals and schools – but then the FBI struck back.

The FBI gained access to the gang’s networks and captured decryption keys which were distributed to victims, saving a further $130 million in ransoms before closing in on the gang’s Californian servers.

But the cybercriminals remain at large, warns Lamb. He says, “The infrastructure is just one element of the gang’s success, and until law enforcement capture the criminals, there is a high chance they will resurface under a new identity with brand new infrastructure ready to terrorise again. Do DarkSide or BlackMatter ring any bells?” 

“While the takedown and seizing of the decryption keys is brilliant and a major win for law enforcement, the threat of ransomware still looms.”

HighGround.io CEO & Founder was featured in Info Security Magazine with his views on the Hive ransomware gang https://www.infosecurity-magazine.com/news/global-dismantles-hive-ransomware/

The worlds of CyberSecurity & Swifties meet

Swiftie in Chief and CEO of HighGround.io Mark Lamb had this to say to Hack Read about the Ticketmaster bot-driven attack .

‘Public events that attract a wide audience will always prompt a surge in cybercrime,’ says  Mark Lamb, CEO of HighGround.io, after a bot attack prevented thousands of Taylor Swift fans buying tickets.

Ticketmaster usually controls bot issues using a pre-registration system, but was overwhelmed with ‘three times the amount of bot traffic … we had ever experienced’, the company announced in a statement about the November 2022 attack.

Lamb says, ‘Ticketmaster appears to have suffered from a bot-driven attack where a malicious threat actor used automated attack tools to overflow the website with traffic, with the intention of taking systems offline and disrupting purchases.

‘Event sites must use the incident as a reminder of the importance of focusing on network resilience before ticket sales go live, particularly when events are going to attract a high volume of purchasers. Bot mitigation tools and DDoS protections are two critical elements of this resilience.’

Why not tune in to our panel discussion next Wednesday: ‘Who would win in a technology smackdown – the IT or cyber department?’ at Barcelona Cyber Security Congress 2023

HighGround.io to speak at the Barcelona Cyber Security Conference.

Who would win in a technology smackdown – the IT or Cyber department?

We’re off to Barcelona Cyber Security Congress 2023 in less than a week’s time, to debate the above – and yes, you’re allowed to be a little bit jealous.

Together our CEO Mark Lamb, and HighGround.io ambassador and Offensive Cyber Security Leader, Cristian Cornea are headed for the Hacking Village at Fira Barcelona, where they’ll be miked up to debate some of the more controversial aspects of what it means to exist and succeed in their roles. I mean, we wouldn’t expect anything less from these two.

We’ll be sharing their firsthand insights and experiences once they’ve touched back down on home soil. In the meantime, why not share your tried and tested tips for getting the most out of industry events? We used to swear by taking a packed lunch and a picnic stool…why is finding somewhere civilised to sit for lunch alwaysthe biggest challenge?!

Check us out as part of this year’s unmissable line-up on Wed 1st 15:20

Bumper crop of Microsoft patches is ‘sadly becoming the norm’

‘Bumper crop of Microsoft patches is ‘sadly becoming the norm’

In days gone by, this would have been a wakeup call, possibly even a major event,’ warns Mark Lamb, CEO of HighGround.io after Microsoft revealed a bumper crop of vulnerabilities in its first Patch Tuesday of 2023.

Microsoft’s first Patch Tuesday of the year included an alarming 98 vulnerabilities, including eleven rated ‘critical’ and one actively exploited zero-day vulnerability.

The number beats the previous year’s 97 vulnerabilities patched in January 2022.

Lamb says, ‘Sadly this is becoming the norm. These are serious vulnerabilities, and there are a high number of them. Even missing one is a serious concern, but could you imagine if you missed 2 or 3 patch cycles like this? It serves as a powerful reminder that cybersecurity problems are here to stay. We must remain vigilant and continue to do these basics right, as poor patching is still one of the most significant causes of cyberattacks.’

What are you doing to implement a more proactive cyber resilience strategy for 2023? Read the full article here in Spiceworks.