Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label FBI Investigation. Show all posts

Estes Declines Ransom Demand Amidst Personal Data Breach and Theft

 

Estes Express Lines, a major private freight shipping company in the United States, has notified over 20,000 customers about a security breach where their personal information was stolen by unknown hackers.

The company revealed that on October 1, 2023, unauthorized individuals gained access to a part of their IT network and deployed ransomware. Despite the standard advice from the FBI and financial regulators, Estes chose not to pay the ransom demanded by the attackers. 

Initially disclosed in early October as a "cyberattack" affecting their IT infrastructure, Estes later announced the full restoration of their system capabilities by October 24 through a video posted by their chief operating officer, Webb Estes.

A group known as Lockbit claimed responsibility for the breach a month later and disclosed that they leaked data taken from the company on November 13. On New Year's Eve, Estes filed a data breach notice with the Maine Attorney General, providing further insights into the digital intrusion, now confirmed to be a ransomware attack.

According to Estes, they are collaborating with the FBI in the investigation. While the forensic analysis confirmed that personal information was stolen, the specifics of the accessed data were not explicitly mentioned in the sample notification letter. 

However, the Maine filing indicated that it involved names or other personal identifiers combined with Social Security numbers, suggesting a broader scope of compromised information.

Estes has not provided immediate responses to inquiries regarding details about the breach, such as the stolen data specifics, the initial network access point for the hackers, the ransom amount demanded, and the rationale behind the decision to refrain from paying the ransom. 

This decision has sparked a contentious debate encompassing practical considerations like effective backups and financial implications, along with broader ethical concerns such as potential support for criminal activities like human trafficking, terrorism, or future cybercrimes through ransom payments.

Both paying and not paying ransoms have proven to be financially burdensome for affected entities. Caesars Entertainment allegedly paid $15 million to a ransomware group to decrypt their data and prevent customer information leakage after a September breach, while MGM Resorts, despite not paying the ransom in a similar attack, suffered losses surpassing $100 million.

While the US government advises against ransom payments, some voices advocate for a complete ban on such extortion payments. Despite the breach, Estes has stated that they are not currently aware of any instances of identity theft, fraud, or financial losses stemming from the incident. Additionally, they plan to offer affected individuals 12 months of free identity monitoring services through Kroll.

Two-Year Chase: FBI Relaunches Search for Cybercriminals

 


The usage of sophisticated e-mail schemes by hackers to hack into the systems of law firms and public relations companies is on the rise, with hacker groups targeting law firms and public relations companies in an attempt to steal sensitive information often related to large corporations operating overseas. 

There has been an increase in attempts by cybercriminals to hack into law firms' computers as of late. According to a recent FBI advisory, the trend began as much as two years ago but has grown dramatically in recent months. 

After the FBI and its European allies announced they had taken down the multimillion-dollar cybercrime group's computer systems more than two years ago, the agency has now intensified its search for members of the group, according to newly released court documents reviewed by CNN and found to have stolen identities. 

Hacking tools associated with the group, whose operations have previously been linked to eastern Ukraine, have stalked the internet for and hacked the computers of over 100 million users since the year 2000, costing thousands of victims millions of dollars, and resulting in a disruption attack on the school in the US last year. 

There is a persistent and increasingly sophisticated threat of malicious cyber campaigns attacking America's public and private sectors, a threat that threatens the American people's security, privacy, and ultimately the economic well-being of the country. There is a need for the Federal Government to improve the speed and effectiveness with which it identifies, deters, protects against, detects, and responds to these kinds of actions and actors.   

A major cyber incident can also pose challenges to the Federal Government in terms of examining what happened and applying lessons learned in the aftermath. There is no doubt that government action is essential to cybersecurity, but it must go further than that. For the Federal Government to be able to provide comprehensive protection for the Nation from cybercrime, private-sector partnerships are essential.   

Private sector companies must adapt to the constantly changing threat environment in which they operate, ensuring the security of their products is built into their designs and that they are operated securely, and partnering with the Federal Government to protect cyberspace. 

To conclude, users should be able to place a significant amount of trust in a company's digital infrastructure only if that infrastructure is trustworthy and transparent, as well as if the consequences of putting this trust in the wrong place will be severe and costly for the company. 

Ukraine War Investigation Leads 


There was a statement made by the FBI alongside the Dutch, British and other European law enforcement agencies in January 2021, announcing they had successfully penetrated Emotet's servers to stop hackers from getting into the computer systems of their victims. Several computers are also said to have been seized by the Ukrainian authorities as part of the investigation. 

Although the group's infrastructure has been rebuilt, the hackers have continued to launch spam emails from its network, and they launched another campaign in March, according to researchers who are investigating the group. According to CNN, security experts who follow the group haven't seen any activity from Emotet for months, raising questions as to where the group might pop up next - or if law enforcement agencies are closing in on them as a result of their operations being crippled. 

It was announced last month that the FBI and a coalition of European allies have dismantled a network reminiscent of Emotet, called Qakbot, which comprises infected computers and monitors. The FBI's investigation of Qakbot and related activity is ongoing, as a senior FBI official was quoted as saying by CNN at the time. 

Besides revealing the extent to which the war in Ukraine has caused chaos in the country, the new court documents also demonstrate that the FBI has faced significant challenges, resulting from the chaos unleashed by the war in Ukraine.

When Russia entered the Ukrainian nation in February 2022, a Ukrainian cyber researcher leaked a collection of confidential communications between members of the Conti cybercriminal gang, a cybercrime organization that is alleged to have ties with the Russian government. 

In the new court documents, the FBI has perhaps revealed what he believes to be the first public confirmation of Conti leaks. The FBI agent affirmed in an affidavit filed in the Emotet case that the leaks were authentic and that at least one of the hackers of the group was administrating its malicious code before and even after the arrest of law enforcement officials in January 2021. 

Hackers usually install software in networks to search for, collect, copy, and send files to a computer server, usually located in another country once they are in the network. Additionally, hackers can use the program as a back door, allowing them to get back in later on, as well as to create back doors to the computer system. Several types of attachments or links can resemble anything from a photo to an executable program. The FBI warned that this could happen. 

Companies need to start re-evaluating what they put on their networks as hackers are getting more sophisticated. This message was delivered through Bleier and other U.S. cyber officials at a conference held by the American Bar Association on Friday. 

As Chris Painter, the acting cybersecurity director of the White House, explained, cyber attackers are no longer mostly lone perpetrators but are increasingly joining transnational organized crime networks. Several law firms and public relations companies have been targeted in recent months by the FBI as a result of ongoing investigations.

The FBI Investigates Cybercriminal Group Involved in Nationwide Wave of Swatting

nationwide swatting incidents

The FBI is investigating a cybercriminal group known as "the Comm" for their alleged involvement in a series of swatting incidents targeting schools and universities across the United States. Swatting involves making false emergency calls to law enforcement, leading to the deployment of SWAT teams to unsuspecting victims' locations.

According to court records reviewed by Motherboard, the FBI has made at least one arrest related to the group's activities, shedding light on their operations and their impact on innocent individuals.

The Nationwide Swatting Wave

The investigation was triggered when the Ambler Police Department in Pennsylvania alerted the FBI about numerous bomb threats made in the name of a 15-year-old girl, referred to as Victim A in the FBI's affidavit.

These threats, sent via email, caused significant disruptions to schools and universities, coinciding with graduation ceremonies. Victim A's sister, known as Victim B, informed investigators that the swatting attacks were connected to the Comm group.

The Activities of the Comm Group

According to the complaint, the Comm group utilizes messaging platforms like Discord and Telegram to engage in criminal activities. These include SIM swapping (a technique used to hijack phone numbers), cryptocurrency theft, swatting, and corporate intrusions.

Shockingly, the group has even been linked to real-life acts of violence, such as firebombings, shootings, and kidnappings. A Comm, ACG subgroup has been actively involved in these crimes since at least the summer of 2021.

The Arrest of Braiden Williams

Braiden Williams, an alleged member of the Comm group, was arrested by the FBI in May. He is accused of collaborating with ACG to perform SIM swaps, stealing large sums of money, and laundering the proceeds.

Williams admitted to his involvement in these activities during an interview with FBI agents. He confessed to using the illicit funds to finance extravagant purchases, including luxury cars and a European trip.

Escalation of Harassment

Following his arrest, Williams was released with certain restrictions on his internet access. However, the alleged harassment against Victim A began soon after his release. FBI agents discovered that Williams's phone was actively participating in a Discord call named "ACG MEETING" while he was staying in a halfway house.

The harassment against Victim A intensified, with unsolicited food deliveries, unauthorized access to her online accounts, and acts of vandalism targeting her and her neighbors' homes.

The Impact on Victims

Victim A's ordeal illustrates the distress and fear experienced by those targeted by cybercriminals. Despite her decision to cut off contact with Williams, she was subjected to a relentless campaign of harassment. Threats of violence were against her, further exacerbating her anxiety and safety concerns. These incidents highlight the urgent need for law enforcement agencies to address cybercrime and protect innocent individuals from such attacks.

The FBI's Ongoing Investigation

The perpetrators of these swatting incidents have caused significant disruption and anxiety among educational institutions and communities nationwide. Law enforcement agencies and prosecutors diligently work to bring the culprits to justice. The FBI's Kansas City Field Office has been leading the investigation into the Comm group, but they have declined to provide additional information.

The rise of cybercriminal groups like the Comm highlights the evolving nature of crime in the digital age. Their activities, including swatting, SIM swapping, and online fraud, pose significant threats to individuals and organizations.

Law enforcement agencies must continue to combat such crimes, employing technological expertise and collaboration to dismantle these networks. By doing so, they can protect innocent victims and ensure a safer digital environment for everyone.