Cybercrime gangs are recruiting like never before
Some of the top cybercrime groups have been observed recruiting new members at an alarming rate, new reports warn.
Avast’s recent Q3 2022 Threats report shows that some threat actors have failed to initiate recruitment, others have been squashed by cybersecurity researchers.
The LockBit team, for example, is known for ransomware Variations of the same name, the researchers said, were “very active this quarter”.
New project
One of the ways Avast sees the team recruiting new members and affiliates is by using the new bounty program.
At the end of June 2022, LockBit released a new version of the encryptor and to ensure that it remains private, offering $50,000 to anyone who finds a vulnerability in the encryption of the base files big data. There are also other bonuses offered. For example, whoever finds out the name of the affiliate boss will get a million dollars.
There are also high payouts for weaknesses found in the encryption process, vulnerabilities in LockBit’s website, or vulnerabilities in TOX messenger or the TOR network.
Furthermore, it offers $1,000 to anyone who gets the LockBit logo tattooed on their body.
Hacking group NoName057 (16), which suffered a massive blow after its main Bobik C2 server was taken down and its botnet down, began recruiting for a new project in mid-August this year, Researchers have discovered more. Suspect they need fresh blood to keep working DDoS attacks, the researchers observed that the threat agent opened a new group dedicated to the DDDOSIA project. By the end of last month, the group had more than 700 members.
The project allows hackers to download identity binaries, allowing them to launch DDoS attacks in exchange for cryptocurrency.
In addition to LockBit and NoName057 (16), Avast has also identified nearly a dozen botnet operators that are actively looking for new members. These include the dreaded Emotet and Ursnif, but also Phorpiex, Tofsee, MyloBot, Nitol, Dorkbot, MyKings and Amadey.
- Check out our recap of best firewall (opens in a new tab) now