Britain’s new cyber command could ‘hunt’ gangs of ransomware

Sir Jeremy Fleming, Director of GCHQ, the British intelligence and cybersecurity agency.

Sir Jeremy Fleming, Director of GCHQ, the British intelligence and cybersecurity agency.
Photography: ROSLAN RAHMAN / AFP (Getty Images)

The United Kingdom wants to use a newly formed cyber command to “hunt” and hack ransomware gangs, a senior government official recently revealed.

Jeremy Fleming, director of the British Signal Intelligence Agency, GCHQ, unveiled plans at this year’s US Cipher Brief threat conference At Monday. Fleming said Britain had experienced a significant increase in ransomware attacks and that the government wanted to use offensive operations to prevent future attacks.

Operations of this kind would likely involve a government using its own exploits to target and disable servers run by criminal gangs, Reported by the Financial Times. The UK’s national cyber forces – a new unified command, created last year – would be the vector for such activities.

In his comments, Fleming insinuated that governments simply did not do enough to impose costs on underground operators.

“It simply came to our notice then [ransomware] proliferates because it works. . . criminals make very good money from it and often feel it [it’s] mostly undisputed, ”he said. “I am quite clear from the perspective of international law and you can certainly ask from the perspective of our domestic law [criminal actors]”, He added.

News of Britain’s plans to “hack hackers” arrives only about a week later Reuters reported first that the United States conducted its own operation in that direction. The FBI and various partners have reportedly recently worked together to hack the servers of REvil – a prominent ransomware gang linked to some of the biggest attacks on U.S. companies. REvil mysteriously disappeared July, shortly after conducting a giant attack about the software company Kaseya. It was unclear at the time what had happened to the criminals – and some speculated that the gang had deliberately shut down its operations. However, Reuters reports that, in reality, the police hacked the gang’s network infrastructure by law enforcement and that some of its servers were co-opted.

The news that the US and UK are involved in such activities seems to signal a new phase of law enforcement tactics in the fight against cybercrime – one in which governments more actively and openly prosecute cybercriminals, not just clean up their mess.

Oleg Skulkin, deputy head of the DFIR Lab at cybersecurity group Group-IB, told Gizmod in an email that the operation against REvil is not the first time the U.S. has worked to disrupt a group of cybercrime.

“There have been reports of such operations in the past,” Skulkin said. “Last year, the American Cyber ​​Team performed the operation in parallel with private sector players to remove the infamous TrickBot botnet on election day to prevent its use to launch attacks on IT systems that support the election process. ”

However, Allan Liska, a senior security architect with a recorded future, told Gizmodo that the recent FBI operation against REvil would appear to be an escalation of what the U.S. is willing to do to launch an attack on ransomware operators.

“While this is not the first time law enforcement has seized the infrastructure of ransomware actors, it appears to be the first time they have used CNA (computer network attack) methods (at least it has been made public),” Liska said. “This is the next logical advance and a sign that the police are taking the threat of ransomware seriously.”

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button