The Good, the Bad and the Ugly in Cybersecurity – Week 12

The Good

As part of its ongoing efforts to disrupt and disable the cybercrime infrastructure that enables ransomware operations, the FBI this week announced the indictment of a Russian individual on charges of operating a darknet marketplace that sold stolen login credentials, personal identifiable information and authentication tools that allowed cyber criminals to unlawfully access the online accounts of victims around the world.

Igor Dekhtyarchuk, a 23-year old Russian national, was indicted in the Eastern District of Texas and added to the FBI’s Cyber Most Wanted list. According to some sources, Dekhtyarchuk was allegedly the mastermind behind the BAYACC marketplace.

According to the indictment, Dekhtyarchuk first appeared in hacker forums in November 2013 under the alias “floraby” and later began advertising the sale of compromised account data in the marketplace around May 2018.

Through March to July 2021, an FBI undercover operation made thirteen purchases from Dekhtyarchuk while accessing the marketplace from the Eastern District of Texas, resulting in access to over 130 accounts. If convicted, Dekhtyarchuk faces up to 20 years in federal prison.

The Bad

It’s been another uncomfortable week for those engaged in public services and trying to stave off ransomware attacks. On Monday, Rehab Group reported that it had been the victim of a cyber attack on some of its systems. Rehab provides services to more than 10,000 people living with disabilities in Ireland.

Details are sparse, with the group saying only that it has been trying to assess the nature and effect of an attack on its servers over the weekend. Forensic investigation work is underway but so far the group says it has no evidence that data was accessed from the servers or that it has suffered any financial loss.

Meanwhile, the impact of a ransomware attack on Greece’s public postal service, ELTA, was far more obvious and immediate.

According to a report, threat actors dropped malware and opened an HTTPS reverse shell on an ELTA workstation by exploiting an unpatched software vulnerability. In order to contain the impact, the organization immediately isolated its entire data center.

As a result, the company is currently unable to process any kind of final transactions, including bill payments, and all postal mail services are suspended. At the time of writing, there is still no timeline as to when normal service will be resumed. At minimum, it is believed there are over 2,500 devices that need to be examined and cleared to ensure any malware has been removed.

The Ugly

There are many human victims of cyber crime, but one we don’t often see or consider is a mother hiding behind her front door and dealing with reporters asking about hacks on global giants like Microsoft, Nvidia and Okta allegedly perpetrated by her teenage son.

This week, a little-known threat actor named Lapsus$ claimed to have made a number of high-profile breaches of three global enterprises. The group appears to operate as a ransomware gang, stealing data and demanding payment in order not to release it, although they do not bother to encrypt files on the victim’s machine.

Throughout the week, Lapsus$ engaged in a series of public taunts, while leaking source code and internal documents of its victims. The group had embarked on a “large-scale social engineering and extortion campaign against multiple organizations”, according to Microsoft, one of the victims that confirmed it had been hacked. Microsoft also said that the group had successfully recruited insiders in order to assist in their hacks.

As cybersercurity researchers began to focus on the group, it quickly emerged that a number of teen hackers were the likely culprits, including at least one in Brazil and one in the UK. The latter, going by the cyber handles of ‘White’ and ‘breachbase’, was outed by other cyber misfits, who published his address and the addresses of his parents on a public forum.

Inevitably, this led to journalists calling at the address in an attempt to interview the alleged hacker, much to the distress of the boy’s unwitting mother.

While the damage done to organizations by hacking groups such as Lapsus$ is the angle that typically makes the headlines, the human cost to the perpetrators’ own family, friends, and indeed themselves, rarely gets attention. We can only hope that drawing attention to it may act as a further deterrent to those tempted to misuse their cyber talents.