Industry News: Factbox: DarkSide hackers in focus after Toshiba attack

Factbox: DarkSide hackers in focus after Toshiba attack

 

A unit of Japan's Toshiba Corp (6502.T) said on Friday it had been hacked in Europe by the DarkSide ransomware group widely believed to have been behind a crippling fuel pipeline attack in the United States this week. read more

WHO ARE DARKSIDE?

Experts who have tracked DarkSide said it emerged in the middle of last year and appears to be composed of veteran cybercriminals who are focused on squeezing as much money as they can from targets.

"They're very new but they're very organized," Lior Div, the chief executive of Boston-based security firm Cybereason, said this week when asked about the Colonial Pipeline attack.

"It looks like someone who's been there, done that."

It seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.

HOW DOES IT WORK?

DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.

DarkSide uses the method of double extortion, which involves demanding separate sums for both a digital key needed to unlock any files and servers, and a separate ransom in exchange for a promise to destroy any data stolen from the victim, according to the specialist blog KrebsonSecurity.

Bloomberg reported that Colonial Pipeline paid nearly $5 million in ransom. read more

The Krebs blog also said DarkSide offers to tip off investors about its victims in advance to allow them to short stocks and benefit from the price fall when the hack becomes public.



OTHER VICTIMS?

After being blamed for the Colonial Pipeline attack, DarkSide this week claimed responsibility for breaking into three more companies, saying it was publishing hundreds of gigabytes of data from a Brazilian battery firm, a Chicago-based tech company, and a British engineering firm.

Reuters was not immediately able to verify the claims.

Experts said DarkSide has unleashed a digital crimewave.

"It's as if someone turned on the switch," said Div, who noted that more than 10 of his company's customers have fought off break-in attempts from the group in the past few months.



HALL OF SHAME

DarkSide's site on the dark web features a Hall of Shame-style gallery of leaked data from victims who haven't paid up, advertising stolen documents from more than 80 companies across the United States and Europe.

In some ways DarkSide is hard to distinguish from the increasingly crowded field of internet extortionists.

It also has a public relations program, as others do, inviting journalists to check out its haul of leaked data and claiming to make anonymous donations to charity.



TECH ISSUES

Its tech savvy is nothing special, according to Georgia Tech computer science student Chuong Dong, who published an analysis.

According to Dong, DarkSide's code was "pretty standard ransomware."

Div said that what does set them apart is the intelligence work they carry out against their targets beforehand.

Typically "they know who is the manager, they know who they're speaking with, they know where the money is, they know who is the decision maker," said Div.

https://www.reuters.com/business/autos-transportation/darkside-hackers-focus-after-toshiba-attack-2021-05-14/

Share this post

Leave a comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Latest Articles

  • 02 Aug

    Online Education Opportunities Offering Free CPE

    We're happy to announce that we are offering four new webcasts and will continue to record new risk management content over the next several months. In addition, we are offering a wide selection of self-study courses leased from Checkpoint Learning. And as a reminder, all of our CPE is ava... read more

  • 12 Jul

    Malpractice Risks Increase During Difficult Economic Times

    In CAMICO's 35 years of experience, economic conditions have had a significant impact on CPA professional liability claims. In light of the current economic challenges, now more than ever, CPAs will need to be prepared and vigilant to minimize the potential of additional liability exposure... read more

  • 09 Jul

    Creditworthiness Verifications and PPP Loans

    CPA firms receiving requests from lenders for creditworthiness verifications for clients who had requested Paycheck Protection Program (PPP) loans were often unsure of how to respond. The advice CAMICO gave CPAs assisting their clients with PPP loan applications is valid for similar circum... read more

  • 07 Jul

    War Story 119

    Subject: Business Management Services; Wire Transfer Fraud

    John Duval, CPA, had been engaged for several years by a high-net-worth client, Ed Robertson, who developed commercial and residential real estate. Duval provided business management and bill-paying services, which inclu... read more