Feb 222019
 

LawFuel reports:

Geoffrey S. Berman, the United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced that STANISLAV VITALIYEVICH LISOV, a/k/a “Black,” a/k/a “Blackf” (“LISOV”), pled guilty today to conspiring to deploy and use a type of malicious software known as NeverQuest to infect the computers of unwitting victims, steal their login information for online banking accounts, and use that information to steal money out of the victims’ accounts.  NeverQuest has been responsible for millions of dollars’ worth of attempts by hackers to steal money out of victims’ bank accounts.  LISOV pled guilty before United States District Judge Valerie E. Caproni.

Read more on LawFuel.   The full press release from SDNY appears below.

Geoffrey S. Berman, the United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced that STANISLAV VITALIYEVICH LISOV, a/k/a “Black,” a/k/a “Blackf” (“LISOV”), pled guilty today to conspiring to deploy and use a type of malicious software known as NeverQuest to infect the computers of unwitting victims, steal their login information for online banking accounts, and use that information to steal money out of the victims’ accounts.  NeverQuest has been responsible for millions of dollars’ worth of attempts by hackers to steal money out of victims’ bank accounts.  LISOV pled guilty before United States District Judge Valerie E. Caproni.

U.S. Attorney Geoffrey S. Berman said:  “As he admitted today, Stanislav Vitaliyevich Lisov used malware to infect victims’ computers, obtain their login credentials for online banking accounts, and steal money out of their accounts.  This type of cybercrime extends across borders, poses a malicious threat to personal privacy, and causes widespread financial harm.  For his audacious crime, this Russian hacker now faces justice in an American court.”

FBI Assistant Director William F. Sweeney Jr. said:  “’In addition to creating and maintaining a botnet infected with NeverQuest malware, Stanislav Lisov, a Russian national, gathered personally identifiable information of NeverQuest victims and discussed illegally trafficking that information.  As today’s plea should demonstrate, the FBI and our partners will continue to bring these actors to justice, regardless of where they may hide.”

According to the Indictment, Complaint, and other statements made during public court proceedings:

NeverQuest is a type of malicious software, or malware, known as a banking Trojan.  It can be introduced to victims’ computers through social media websites, phishing emails, or file transfers.  Once surreptitiously installed on a victim’s computer, NeverQuest is able to identify when a victim attempts to log onto an online banking website and transfer the victim’s login credentials – including his or her username and password – back to a computer server used to administer the NeverQuest malware.  Once surreptitiously installed, NeverQuest enables its administrators remotely to control a victim’s computer and log into the victim’s online banking or other financial accounts, transfer money to other accounts, change login credentials, write online checks, and purchase goods from online vendors.

Between June 2012 and January 2015, LISOV was responsible for key aspects of the creation and administration of a network of victim computers known as a “botnet” that was infected with NeverQuest.  Among other things, LISOV maintained infrastructure for this criminal enterprise, including by renting and paying for computer servers used to manage the botnet that had been compromised by NeverQuest.  Those computer servers contained lists of millions of stolen login credentials – including usernames, passwords, and security questions and answers – for victims’ accounts on banking and other financial websites.  LISOV had administrative-level access to those computer servers.

LISOV also personally harvested login information from unwitting victims of the NeverQuest malware, including usernames, passwords, and security questions and answers.  In addition, LISOV discussed trafficking in stolen login information and personally identifiable information of victims.

On January 13, 2017, LISOV was arrested in Spain pursuant to a provisional arrest warrant.  On January 19, 2018, LISOV was extradited from Spain to the United States.

*                *                *

LISOV, 33, a citizen of Russia, pled guilty to one count of conspiracy to commit computer hacking, which carries a maximum sentence of five years in prison.  The statutory maximum sentence is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.  LISOV’s sentencing is scheduled for June 27, 2019 at 11:00 a.m. before Judge Caproni.

Mr. Berman praised the outstanding investigative efforts of the FBI.  Mr. Berman also thanked the DOJ Office of International Affairs for its assistance in this case.

The matter is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant U.S. Attorney Michael D. Neff is in charge of the prosecution.

Feb 222019
 

I’ve  been told that at times, I can be tough on those who have had breaches.  But I actually do feel sympathy for some victims.

Read this notification from Martin Hutchison & Hohman, a firm of certified public accountants in Eureka,  California. I found it actually painful to read.  When conscientious people fall for scams, it reminds us that “there but for the grace….”

The breach occurred on Feb.15 and notification was submitted to the California Attorney General’s Office on Feb. 21.

MHH Security Breach
Feb 202019
 

Danny Bradbury reports:

The average ransomware payment is growing as criminals become more sophisticated in their attacks, according to a report released by ransomware incident response company Coveware.

According to Coveware’s Q4 2018 Global Ransomware Marketplace Report, the average ransom increased by 13% to $6733 in Q4 2018 compared to Q3’s $5973.

It’s difficult to judge the statistical margin of error for these figures because the company, which bases the data on ransomware cases handled by its support team, doesn’t divulge the exact number of ransomware cases that it has dealt with. However, it says that the increase is probably down to the more targeted nature of recent attacks.

Read more on Infosecurity Magazine.

Feb 202019
 

Cameron Houston and Anthony Colangelo report:

A cyber crime syndicate has hacked and scrambled the medical files of about 15,000 patients from a specialist cardiology unit at Cabrini Hospital and demanded a ransom.

The attack is now the subject of a joint investigation by Commonwealth security agencies.

Melbourne Heart Group, which is based at the private hospital in Malvern, has been unable to access some patient files for more than three weeks, after the malware attack crippled its server and corrupted data.

So this is a situation in which we might understand why an entity would pay the demanded ransom, but in this case, the ransom may have been paid but the data were reportedly corrupted when the entity went to decrypt.

Read more on The Age.

Feb 202019
 

Michael P. Rellahan reports:

A breach of Chester County government’s computer system via an internet bug led to intense work by county computer specialists over the Presidents Day weekend, but apparently has not led to any compromise of users’ information, a county spokesperson said Tuesday.

Chester County’s Department of Computing and Information Services (DCIS) detected and late last week responded to potential malware activity on the county’s computer network, getting assistance from third-party cybersecurity consultants, said Chester County Communications Coordinator Rebecca Brain.

Read more on The Daily Local.  In response to the incident, the county sounds like it is really tightening up its security in some respects, and no longer allows employees to use county computers or the county network for personal use, etc.