Cybercrime

Social media platforms asked to tackle cybercrimes in Malaysia

Malaysia is urging social media platforms to strengthen their efforts in combating cybercrimes, including scams, cyberbullying, and child pornography. The government has seen a significant rise in harmful online content and has called on companies like Meta and TikTok to enhance their monitoring and enforcement practices.

In the first quarter of 2024 alone, Malaysia reported 51,638 cases of harmful content referred to social media platforms, surpassing the 42,904 cases from the entire previous year. Communications Minister Fahmi Fadzil noted that some platforms are more cooperative than others, with Meta showing the highest compliance rates—85% for Facebook, 88% for Instagram, and 79% for WhatsApp. TikTok followed with a 76% compliance rate, while Telegram and X had lower rates.

The government has directed social media firms to address these issues more effectively, but it is up to the platforms to remove content that violates their community guidelines. Malaysia’s communications regulator continues highlighting problematic content to these firms, aiming to curb harmful online activity.

Europol predicts a surge in AI-assisted cybercrimes across the EU

Europol’s latest report predicts a surge in AI-assisted cybercrimes across the EU. The ‘Internet Organised Crime Threat Assessment 2024’ highlights how AI tools are enabling non-technical individuals to execute complex online crimes. These tools, such as deep fakes and false advertisements, are making it easier for bad actors to engage in cybercrime.

The agency stresses the need for law enforcement to enhance their capabilities to counter these threats. Europol’s Executive Director, Catherine De Bolle, emphasises the importance of building robust human and technical resources. Future advancements in deepfake technology could lead to severe cases of sexual extortion, requiring sophisticated detection tools.

Concerns also extend to the cryptocurrency ecosystem. Europol’s report flags the potential for increased fraud involving non-fungible tokens (NFTs) and Bitcoin exchange-traded funds (ETFs). As more people adopt these financial instruments, those without extensive cryptocurrency knowledge may become prime targets for scammers.

Recently, Europol seized €44.2 million in cryptocurrency assets from ChipMixer, linked to money laundering. This operation underscores the growing challenges law enforcement faces in combating sophisticated financial crimes facilitated by emerging technologies.

Chinese national behind 911 S5 botnet arrested in Singapore

The US Department of Justice (DOJ) announced the arrest of a Chinese national, Wang Yunhe, in an international operation targeting cybercrime. Wang, aged 35, was apprehended in Singapore on 24 May for allegedly creating and using malware responsible for cyberattacks, large-scale fraud, and child exploitation. This arrest comes on the heels of a similar high-profile sweep last August, involving 10 Chinese citizens charged with laundering over $2 billion through Singapore.

According to the US Treasury Department, the botnet, known as ‘911 S5,’ was used by criminals to compromise personal devices to further conduct identity theft, financial fraud, and child exploitation.

The Treasury’s Office of Foreign Assets Control has now imposed sanctions on three Chinese nationals behind the platform—Yunhe Wang, Jingping Liu, and Yanni Zheng—and on three entities owned or controlled by Yunhe Wang. FBI Director Christopher Wray described the ‘911 S5’ botnet as likely the world’s largest, comprising malware-infected computers in nearly 200 countries.

According to the DOJ, Wang and unnamed accomplices developed and distributed malware that compromised millions of residential Windows computers worldwide. From 2018 to July 2022, Wang accrued $99 million from selling access to hijacked IP addresses, facilitating cybercriminals in bypassing financial fraud detection systems. These criminals committed fraud, resulting in losses exceeding $5.9 billion, including 560,000 fraudulent unemployment insurance claims.

Wang used the illicitly obtained proceeds to acquire assets globally, spanning properties in the USA, Saint Kitts and Nevis, China, Singapore, Thailand, and the UAE. His possessions included luxury sports cars, numerous bank accounts, cryptocurrency wallets, luxury watches, and 21 properties across multiple countries. Matthew S. Axelrod from the US Department of Commerce’s Bureau of Industry and Security described the case as resembling a screenplay, highlighting the extensive criminal enterprise and lavish expenditures financed by nearly $100 million in profits.

The operation is a collaborative effort led by law enforcement agencies from the US, Singapore, Thailand, and Germany. It underscores the international cooperation required to combat cybercrime effectively.

The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from infected devices.

FBI, CISA, and HHS warn against ALPHV/BlackCat ransomware targeting US healthcare sector

The FBI, CISA, and the Department of Health and Human Services (HHS) have issued a joint advisory to healthcare organisations across the United States warning against targeted ransomware attacks orchestrated by the ALPHV/Blackcat group.

In the notice, the agencies alerted of the escalating threat posed by ALPHV/Blackcat affiliates, particularly targeting the healthcare sector. This warning is the latest in a wave of notifications detailing the emergence of the BlackCat cybercrime gang. Others include an FBI flash alert in April 2022 and an advisory in December 2023.

Since its inception in November 2021, the BlackCat group, suspected to be a rebrand of the DarkSide and BlackMatter ransomware gangs, has been linked to over 60 data breaches and has amassed a staggering $300 million in ransoms from more than 1,000 victims as of December 2023.

Most concerning is the recent surge in ransomware attacks against healthcare organisations, with the ALPHV/Blackcat group targeting hospitals in retaliation to operational disruptions and infrastructure crackdowns by international police forces. The agencies have underscored the urgent need for critical infrastructure organisations to implement robust mitigation measures to against the risk of Blackcat ransomware attacks.

Today’s advisory comes in the wake of a cyberattack on UnitedHealth Group subsidiary Optum, leading to an ongoing outage affecting Change Healthcare, a pivotal payment exchange platform in the US healthcare system. Although UnitedHealth Group has refrained from confirming the BlackCat link, forensic experts investigating the incident have identified the group’s involvement.

The attack, exploiting the critical ScreenConnect authentication bypass vulnerability (CVE-2024-1709), underscores the urgent need for heightened vigilance and proactive measures to safeguard against ransomware threats.

While the FBI has taken steps to disrupt BlackCat’s operations, including dismantling its Tor negotiation and leak sites, the group persists. The State Department has offered substantial rewards for information leading to the identification or location of BlackCat leaders, emphasising the severity of the threat posed by ransomware groups.

Chainalysis issues the 2023 cryptocurrency crime report

Private US company Chainalysis is a leading company in collecting and analyzing data used on cryptocurrency blockchains. In its annual report on cryptocurrency-related crime, they point out that illicit cryptocurrency volumes reach all-time highs amid a surge in sanctions and hacking. 

‘Overall, the share of all cryptocurrency activity associated with illicit activity has risen for the first time since 2019, from 0.12% in 2021 to 0.24% in 2022.’ The company assesses that an equivalent of $20.6B is used for illicit activities. 

A big part of that sum comes from the offenses related to the economic sanctions on Russia. This shows that a strict regime of sanctions is efficiently imposed on cryptocurrency exchanges, by the US department of the treasury, and international financial institutions. The report describes methods that are used for money laundering and fund transfers. As a key takeaway, Chainalisys points out that the impact of crypto sanctions depends on the jurisdiction and technical constraints.

Ransomware crypto payments

The report shows a decline in ransomware from 2021. Chainalisys claims that ransomware victims increasingly refuse to pay the ransom money hence pushing the criminals out of this scheme. The report is stating that “meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts”  In 2021, the US Office of Foreign Assets Control (OFAC) issued an advisory document about the risk of ‘sanction crimes’ that can rise from ransomware payments. OFAC advises all US companies to report ransomware to the FBI prior to any action. This is also considered to be one of the factors for the drop in ransomware payments. In addition, ransomware lifespan is significantly shorter. From 470 days in 2019, it is down to 70 days in 2022.

Money laundering

The report is stating a rise in money laundering activities from $14.2B in 2021 to $23.8B in 2022. The report is stating ‘underground money laundering services’ are a growing concern. Such groups use private channels on messaging apps to set and organise private transactions that are hard to track.

Cryptocurrency scams

Cryptocurrency scams and the use of cryptocurrency on darknet markets are on the decline compared to previous years.

University student pled guilty to cyberstalking

Iván Santell-Velázquez pled guilty before the United States District Court Judge Silvia Carreño-Coll, to cyberstalking. The defendant hacked 100 student email accounts and stole their personal information while studying at the University of Puerto Rico at Cayey. Additionally, in the years between 2019 and 2021, the defendant hacked the Snapchat accounts of several women, who were studying at the University of Puerto Rico, and harassed them by sharing their intimate pictures on Twitter and Facebook.

US Attorney Muldrow stated that this case shows how crucial it is to protect personal information, especially in response to suspicious SMS messages and emails. On October 12, 2022, the sentencing hearing is expected to take place.

British Army’s social media accounts were hacked

British Army’s Twitter and YouTube accounts were hacked. The name of the Army’s Twitter account was changed, while videos on cryptocurrency, and posts related to NFTs appeared on their feed. The British Army stated there is no evidence as to who may be behind the hacking of the accounts. The accounts were restored to normal while investigations regarding the hacks are still ongoing. Army’s spokesperson stated that there will not be any further comments on the incident until the investigation is complete.