After a year of high-profile cybercrime crimes, a senior Justice Department official said Tuesday that he expects more to happen in 2024.
At the 10th International Cybersecurity Conference in New York this week, several top Justice Department prosecutors spoke about cybersecurity trends throughout 2023 and what this year could bring.
“I anticipate an acceleration in the pace of U.S. government cybersecurity disruption operations,” Sean Newell, chief of the National Security Cybersecurity Section at the Justice Department, said Tuesday.
“A lot of it is public and a lot of it isn’t, but it’s something where… you’ll have regular time operation in 2024.”
Newell highlighted several operations in 2023, including the removal of ransomware gangs like Hive and AlphV, as well as actions against popular botnets like Snake and Qakbot.
His comments come after the U.S. Attorneys for the Eastern and Southern Districts of New York – Breon Peace and Damian Williams – spoke at length about their priorities for the year.
Williams said the Southern District would prioritize cryptocurrency hacking prosecutions after its latest action against Shakeeb Ahmed – a former security engineer who pleaded guilty last month for stealing more than $12 million from hack two decentralized cryptocurrency exchanges.
In addition to thefts from cryptocurrency platforms, his office also investigates other crypto scams and fraudulent coins, he said.
Peace, of the Eastern District of New York, said his office would focus on dismantling the infrastructure around cybercriminal activity as a complement to prosecuting cybercriminals.
“In the past, we have filed complaints directly against the perpetrators of these crimes. In fact, we are actively investigating several ransomware cases in which foreign authorities are literally going door to door trying to find our targets,” he said.
“These are critical prosecutions and they will continue and we will continue to pursue them. But we believe it is just as important to target the individuals and companies that make these crimes possible by providing the services and infrastructure that cybercriminals rely on. Cybercriminals do not act in isolation. They depend on an ecosystem that allows them to thrive.
He mentioned several recent operations, including the withdrawal from the Bizlato platform last month. Bizlato had become “a haven for the illicit transactions of ransomware criminals,” according to the Justice Department. Peace is also referenced the withdrawal of Try2Check in May 2023the leading service offering “card verification” to cybercriminals in the stolen credit card trade.
It is “important to impose the rule of law where market participants can cash in,” Peace said.
He also said law enforcement is considering more disruptions that don’t involve criminal charges, such as Snake Malware Removal in May 2023.
In this case, no prosecution was filed and the activity was not attributed to any specific individual, but they were nonetheless able to stop an effective Russian government espionage campaign, Peace said.
“Attributing cybercriminal activity to specific criminal actors is generally the most difficult part of successful prosecution and when we can act to disrupt criminal activity even without identifying specific criminal actors or pursuing criminal charges, we will do so” , did he declare.
“Disruption is essential in the fight against cybercrime and cyberespionage in particular. »
It’s time to exploit
Peace noted that an alarming trend his office continues to see is that hackers are increasingly exploiting new vulnerabilities.
They continue to opportunistically search for unpatched software with known vulnerabilities, and the time it takes them to exploit them decreases every year.
Both Williams and Peace urged victims of cyberattacks and ransomware incidents to report them to the FBI or DOJ, even if they have paid a ransom, because any information provided is valuable.
Peace noted that in situations where a victim pays a ransom, it is useful for law enforcement to identify the cryptocurrency address it was paid to so the funds can be recovered.
He added that decryption tools developed by the U.S. government, or others, are increasingly available and that coming forward as a victim would allow organizations to get the help they need.
Peace also addressed a new Securities and Exchange Commission rule requiring notification of “significant” cyber incidents within four days. The Justice Department may impose disclosure deadlines for companies important to national security.
Although Peace said disclosure deadlines imposed by the U.S. Attorney General would be “rare and used sparingly,” companies should still come forward to request them.
Easier than ever
Williams and Peace said a worrying trend they are seeing is the falling barriers to entry in cybercrime, allowing less skilled actors to increasingly participate in complex hacks.
Cybercrime tools are becoming cheaper and easier to deploy, helping younger, less experienced people carry out harmful cyberattacks that would have been beyond their reach a few years ago.
“In particular, we see young offenders, some of whom are minors, engaging in acts of crushing, doxing, sim-swapping, sextortion and even soliciting violence for pay,” Peace said.
Cybercrime, Williams said, is more professionalized and accessible to those without technical skills.
“You can really pay someone to hack a target for you or you can pay someone to hold a company’s data ransom,” he said. “The barriers to entry in cybercrime are falling significantly and this is very concerning. »
Future saved
Intelligence cloud.
No previous articles
No new articles
