The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months.
The cybersecurity community should know that cybercriminals aren't reliable narrators, but lately, all ransomware groups seem to need is a Dark Web post claiming to have breached an organization, plus a couple of key re-tweets, and presto ... a full blown cyber investigation has ensued; no matter whether any breach has actually occurred or not.
Two specific incidents from the last days of January highlight this growing trend among ransomware groups, according to ransomware expert and threat researcher Yelisey Bohuslavskiy with RedSense: alleged attacks on Technica and on Europcar.
As an example of the kinds of deeply sensitive data the company is handling, Technica is currently recruiting on LinkedIn for an open systems administrator position at Langley Air Force Base.
Technica also provides IT support for the Federal Bureau of Investigation.
If Technica were indeed breached by ALPHV, the group could conceivably be in possession of top secret stuff, and could pose a serious US national security threat.
Based on the number of security clearances presumably necessary to work for defense contractor Technica, it's no surprise that the organization did not publicly comment on the ALPHV claims.
Several requests for comment from Dark Reading went unanswered, for instance.
There's is no credible evidence Technica was ever compromised beyond a few screen shots shared by ALPHV, according to Bohuslavsky, who tracks the group closely.
The group was able to claim a big win among competitive ransomware cybercrime circles, as well as a bit of revenge on the FBI. In December, the FBI seized ALPHV's infrastructure and took down the ransomware operation's leak sites, hobbling the entire business.
For the ransomware group to be seen as trading shots with law enforcement, with a compromise of the Feds' own IT vendor, it boosts their reputation among the cybercrime set, as well as would-be affiliates.
Europcar Wasn't Breached Either, Despite Claim Car rental company Europcar likewise fell victim to false data breach claims by an anonymous person offering to sell the data of more than 48.6 million people in a hacking forum in the waning days of January.
Europcar flatly denied the ransomware breach and pointed out that the sample data shared in the Dark Web forum was clearly faked.
Thanks to new tools leveraging artificial intelligence and machine learning, it's easier than ever to falsify allegedly stolen data, leaving it up to humans to fact-check these ransomware group claims and stop them from spreading.
Ransomware in Decline, Groups Chasing Clout False claims like these have always been part of the ransomware ecosystem, but there are a few factors making misinformation even more attractive for these groups these days, according to Bohuslavskiy.
As mentioned, the first is the overall success of cybersecurity defenses in making cybercrime harder, Bohuslavskiy explains.
Cybersecurity Pros Spreading Ransomware Fake News Like most misinformation campaigns, false ransomware claims rely on others to spread them and be taken seriously.
Bohuslavskiy urges the native English speaking cybercommunity to stop amplifying these messages; even the simple act of translating the lie into English makes it seem more believable, he warns.
Researchers at Dragos noted in their recent ransomware report that these groups are increasingly refining their media and public relations techniques, courting interviews with journalists and sending out press releases, as well as collaborating to share business tips.
Thus, enterprise cybersecurity teams need recognize and respond with the new ransomware misinformation communications strategy in mind.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 31 Jan 2024 22:55:19 +0000