Ransomware demands are working, fueling an increase in attacks

Infoblox DNS Threat Index finds criminals are creating more ransomware-domains than ever, and predicts a continuing increase in attacks as more criminals rush to cash in. 

 

Emboldened by the wave of successful ransomware attacks in early 2016, more cybercriminals are rushing to take advantage of this lucrative crime spree.

Networking company Infoblox’s quarterly threat index shows cybercriminals have been busy in the first quarter of 2016 creating new domains and subdomains and hijacking legitimate ones to build up their ransomware operations.

The number of domains serving up ransomware increased 35-fold in the first three months of 2016 compared to the end of 2015, according to the latest Infoblox DNS Threat Index. The index doesn’t measure actual attack volumes but observes malicious infrastructure — the domains used in individual campaigns. Criminals are constantly creating new domains and subdomains to stay ahead of blacklists and other security filters. The fact that the attack infrastructure for ransomware is growing is a good indicator that more cybercriminals are shifting their energies to these operations.

“There is an old adage that success begets success, and it seems to apply to malware as in any other corner of life,” Infoblox researchers wrote in the report.

The threat index hit an all-time high of 137 in the first quarter of 2016, compared to 128 in fourth quarter 2015. While there was a lot of activity creating infrastructure for all types of attacks, including malware, exploit kits, phishing, distributed denial-of-service, and data exfiltration, the explosion of ransomware-specific domains helped propel the overall threat index higher, Infoblox said in its report. Ransomware-related domains, which include those hosting the actual download and those that act as command-and-control servers for infected machines, accounted for 60 percent of the entire malware category.

“Again in simple terms: Ransomware is working,” the report said.

Instead of targeting consumers and small businesses in “small-dollar heists,” cybercriminals are shifting toward “industrial-scale, big-money” attacks on commercial entities, said Rod Rasmussen, vice president of cybersecurity at Infoblox. Cybercriminals don’t need to infect several victims for $500 each if a single hospital can net them $17,000 in bitcoin, for example.

The latest estimates from the FBI show ransomware cost victims $209 million in the first quarter of 2016, compared to $24 million for all of 2015. That doesn’t cover only the ransoms paid out — it also includes costs of downtime, the time required to clean off the infection, and resources spent recovering systems from backup.

Toward the end of 2015, Infoblox researchers observed that cybercriminals appeared to have abandoned the “plant/harvest cycle,” where they spent a few months building up the attack infrastructure, then a few months reaping the rewards before starting all over again. That seems to be the case in 2016, as there was no meaningful lull in newly created threats and new threats — such as ransomware — jumped to new highs. The harvest period seems to be less and less necessary, as criminals get more efficient shifting from task to task, from creating domains, hijacking legitimate domains, creating and distributing malware, stealing data, and generally causing harm to their victims.

 

“Unfortunately, these elevated threat levels are probably with us for the foreseeable future — it’s only the nature of the threat that will change from quarter to quarter,” Infoblox wrote.

Ransomware may be the fastest-growing segment of attacks, but it still accounts for a small piece of the overall attack infrastructure. Exploit kits remain the biggest threat, accounting for more than 50 percent of the overall index, with Angler leading the way. Angler is the toolkit commonly used in malvertising attacks, where malicious advertisements are injected into third-party advertising networks and victims are compromised by navigating to websites displaying those ads. Neutrino is also gaining popularity among cybercriminals. However, the lines are blurring as Neutrino is jumping into ransomware, as recent campaigns delivered ransomware, such as Locky, Teslacrypt, Cryptolocker2, and Kovter, to victims.

Recently, multiple reports have touted ransomware’s rapid growth, but what gets lost is that ransomware isn’t the most prevalent threat facing enterprises today. Organizations are more likely to see phishing attacks, exploit kits, and other types of malware, such as backdoors, Trojans, and keyloggers. Note Microsoft’s recent research, which noted that in 2015, ransomware accounted for less than 1 percent of malware. The encounter rate for ransomware jumped 50 percent over the second half of 2015, but that is going from 0.26 percent of attacks to 0.4 percent. Even if there are 35 times more attacks in 2016, that’s still a relatively small number compared to all other attacks.

The good news is that staying ahead of ransomware requires the same steps as basic malware prevention: tightening security measures, keeping software up-to-date, and maintaining clean backups.

“Unless and until companies figure out how to guard against ransomware — and certainly not reward the attack — we expect it to continue its successful run,” warned the report.

 

Source:  http://www.infoworld.com/article/3077859/security/ransomware-demands-are-working-fueling-an-increase-in-attacks.html

Attackers Clobbering Victims with One-Two Punch of Ransomware and DDoS.

Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.

As if ransomware weren’t bad enough, attackers are now making the most of their attacks by adding victimized machines to distributed denial of service (DDoS) botnets at the same time that they’re encrypted and held hostage, according to warnings from several security research organizations in the last week.

This one-two punch is a natural “Gimme” for profit-minded attackers and one which security pundits expect will be standard issue for most ransomware kits in the near future.

Adding DDoS capabilities to ransomware is one of those ‘evil genius’ ideas,” says Stu Sjouwerman, CEO of KnowBe4, which today issued an alert that a new variant of Cerber ransomware has added DDoS capabilities to its payloads. “Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. You can expect [bundling] it to become a fast-growing trend.”

 

The new trend was first detailed by researchers with Invincea last week, which found attackers using weaponized Office documents to deliver the threat via a Visual Basic exploit that allows them to conduct a file-less attack. That delivers malware with the underlying binary, giving the bad guys “two attacks for the price of one,” says Ikenna Dike of Invincea.

“First, it is a typical ransomware binary that encrypts the user’s file system and files while displaying a ransom note. Second, the binary could also be used to carry out a DDoS attack,” Dike said in a post. “The observed network traffic looks to be flooding the subnet with UDP packets over port 6892. By spoofing the source address, the host could direct all response traffic from the subnet to a targeted host, causing the host to be unresponsive.”

Seen by many as a perfect example of the mercenary nature of cybercrime, ransomware’s evolution has been driven entirely by black market ROI. According to the FBI, by the end of the year the ransomware market is expected to net the crooks at least $1 billion.

“Relatively high profit margins coupled with the relatively low overhead required to operate a ransomware campaign have bolstered the appeal of this particular attack type, fueling market demand for tools and services corresponding to its propagation,” explained FireEye researchers in an update last week on ransomware activity.

FireEye’s data shows that there was a noticeable spike in ransomware in March this year and that overall figures are on track for ransomware to exceed 2015 levels. This latest trend of DDoS bundling once again shows the lengths to which the criminals will squeeze every last bit of profitability and efficiency from ransomware attacks. It also offers fair warning to enterprises that even with backups, ransomware can pose threats to their endpoints and networks at large.

Even if data is restored on systems plagued by ransomware, there’s no guarantee that a system wouldn’t be used to continue to remain a part of the botnet or be used as a foothold for further attacks if the threat isn’t properly contained.

Source:  http://www.darkreading.com/endpoint/attackers-clobbering-victims-with-one-two-punch-of-ransomware-and-ddos/d/d-id/1325659

‘Anonymous’ Declares War On Corrupt Mainstream Media

As of June 1st, Ghost Squad Hackers – the same group leading #OpIcarus – have launched a series of coordinated attacks against leading members of the corporate mainstream media. Giving credit where credit is due, Tec.mic and Softpedia were the first to report the operation. But their reports only tell a portion of the whole story, we will explain why in a moment.

 

Broadly speaking, the goal of the #OpSilence is to attack all the corrupt major news networks that mislead and censor information from the general public. More specifically, the news agencies who conceal the crimes of Israel, while misleading the population about the mistreatment of the Palestinian people. The operation is off to a quick start, Ghost Squad has successfully” carried out DDoS attacks on CNN and FOX News” already just this month. More attacks are promised, NBC and MSM appears to be their next target.

 

https://t.co/T7LxqJjzQN “FOXNEWS” Email server has been crashed for 8+ hours by #GhostSquadHackers #OpSIlencepic.twitter.com/uS5zWm75SQ

— s1ege (@s1ege_) June 1, 2016

 

 

When Tech.mic and Softpedia presented their coverage of the hacks, they included images and references directly to Anonymous. But upon reading these articles, Ghost Squad had a message of their own that they want everyone to hear:

 

ALL OF THE MEDIA WHO REPORTS ON OUR ATTACKS #OPSILENCE IS GSH OP NOT ANONOP WE ARE NOT AND I REPEAT NOT ANONYMOUS

— s1ege (@s1ege_) June 1, 2016

 

 

It is no secret Ghost Squad has a close affiliation with Anonymous; I am sure this is how the group got started in the first place. The group insists they speak for themselves, they are essentially trying to get their own reputation – credibility.

 

But there is a second layer to this discussion highlighting the recent divide within Anonymous. There has been a “Civil War” of sorts in recent months, and the reputation of the Anonymous collective as a whole has been damaged. Last winter, prominent hacktivist group Ghostsec also cut their ties with Anonymous. In a statement they said “Anonymous has a habit of shooting in every direction and asking questions later.” In other interviews they imply that Anonymous has developed a reputation for behaving immature – more concerned with silly DDoS’ing attacks than changing the world.

 

Since the quarreling of #OpWhiteRose many people have splintered off, or left Anonymous entirely – just another in the long list of strange effects Donald Trump has had on the entire world. Ghost Squad is one of the groups effected by this ‘Civil War.’ In the time since this happened last March, the group has exploded onto the scene, quickly becoming one of the most influential and talked about hacking groups in the entire world in 2016.

 

I have no doubt about the origins of this operation though, this goes back to#OpMediaControl which began last June. The operation called for the hacking of every major news network in the United States, testing their email systems, DDoS’ing web sites, attempting to hack in teleprompters or live feeds – anything you could think of. Last I heard back in December, they were still trying to recruit people to join them for an event this summer. Sound familiar to what Ghost Squad is doing right now?

 

For the purposes of accuracy, AnonHQ News reached out to our contacts in #OpMediaControl. We gave them a preview of the article and asked them what they thought. They showed us a press release dating May 28, 2016, a video proclaiming that#OpMediaControl has been re-engaged. Of course, #OpSilence proceeded to begin June 1st. In another interesting note, earlier last month Anonymous Resistance Movement, one of the groups behind #OpMediaControl, conducted an interview with GhostSquad. So as you can see, the two groups are well acquainted with one another – these operations are no coincidence.

Ghost Squad may be stepping up from the pack here, but make no mistake, this operation has been in the making for over a year and Anonymous led the way.

 

Source:  http://macedoniaonline.eu/content/view/29562/61/

HACKERS TARGET CZECH REPUBLIC GOV’T SITES OVER PLANS TO BLOCK GAMBLING DOMAINS

Hackers have attacked Czech Republic government websites to protest the country’s decision to block the domains of unauthorized online gambling operators.

Last week, the Czech senate overwhelmingly approved the country’s new gambling legislation, which would open up the market to international online operators for the first time, while imposing blocks on the domains of sites not holding a Czech license.

On Tuesday, Novinky.cz reported that the Senate’s official website Senat.cz had been knocked offline Monday night following a distributed denial of service (DDoS) attack by someone claiming to be associated with the Anonymous hackers collective.

An English-language statement accompanying the attack claimed that the Senate’s website had been targeted “because you passed a law to prevent free access to the Internet.” The statement warned that this wasn’t the last time the government would hear from the hackers on this issue.

The Czech News Agency reported that the attack also affected websites belonging to the Interior Ministry and its affiliated police and firefighters’ organizations, as well as the Social Democratic Party (CSSD), which holds a majority in the Czech parliament.

A CSSD spokesman dismissed the disruption as “no massive, dangerous or successful attack,” while claiming that the average visitor to the party’s website wouldn’t have noticed anything was amiss.

The Interior Ministry brushed off the “unsuccessful attempts” at public disruption, saying they’d managed to restore their website’s functionality within a few hours. The ministry said its information systems weren’t affected and steps were being taken to ensure defenses were in place against future attacks.

The Canadian province of Quebec may wish to take similar precautions. Last month, the province approved the Ministry of Finance’s proposal to block unauthorized gambling sites in a bid to bolster the bottom line of EspaceJeux, the online gambling site of provincial gaming monopoly Loto-Quebec.

Loto-Quebec’s plans, which have no precedent in Canada, have been condemned by free-speech advocates, who wonder what other types of websites might be next on the province’s blacklist.

 

Source:  http://calvinayre.com/2016/06/01/business/hackers-target-czech-republic-plans-gambling-domains/

Anonymous DDoS and shutdown London Stock Exchange for two hours

Anonymous hacktivists take down the London Stock Exchange website for more than two hours as part of protest against world’s banks

The online hacktivist group, Anonymous reportedly shut down the London Stock Exchange (LSE) website last week for more than two hours as part of a protest against world’s banks and financial institutions.

According to the Mail on Sunday, the attack was carried out by Philippines unit of Anonymous on June 2 at 9am. Previous targets have included the Bank of Greece, the Central Bank of the Dominican Republic and the Dutch Central Bank.

The newspaper says: “Anonymous claims the incident was one of 67 successful attacks it has launched in the past month on the websites of major institutions, with targets including the Swiss National Bank, the Central Bank of Venezuela and the Federal Reserve Bank of San Francisco.”

A spokesperson for the LSE declined to comment on the incident, however, the attack most likely took the form of a distributed denial of service (DDoS) attack, meaning trading would not have been affected and no sensitive data would have been compromised.

In the 24 hours before the LSE site went down, the group also claims that the attack on the LSE was the latest in a series that has also seen it target the websites of NYSE Euronext, the parent company of the New York Stock Exchange and the Turkey Stock Exchange, as part of a campaign called Operation Icarus.

According to the newspaper, City of London Police said it was not informed that the LSE website had gone down and had no knowledge of the attack.

However, the latest attack may not be a complete surprise.

In a video posted to YouTube on May 4, a member of the amorphous group announced in that “central bank sites across the world” would be attacked as part of a month-long Operation Icarus campaign.

The video statement said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous.”

By using a distributed-denial-of-service (DDoS) cyberattack, the group also successfully disrupted the Greek central bank’s website.

In light of that event, a separate video was posted to YouTube on May 2.

The masked individual representing Anonymous group said: “Olympus will fall. How fitting that Icarus found his way back to Greece. Today, we have continuously taken down the website of the Bank of Greece. Today, Operation Icarus has moved into the next phase.”

The Anonymous spokesperson added: “Like Icarus, the powers that be have flown too close to the sun, and the time has come to set the wings of their empire ablaze, and watch the system their power relies on come to a grinding halt and come crashing down around them. We must strike at the heart of their empire by once again throwing a wrench into the machine, but this time we face a much bigger target – the global financial system.”

Source:

http://www.techworm.net/2016/06/anonymous-ddos-shutdown-london-stock-exchange-two-hours.html

Hayden: Russian cyber sophistication derives from criminal groups

Russia is one of the most sophisticated nation-states in cyberspace in part because of its ability to enlist cyber-criminal groups to do its bidding, said retired Gen. Michael Hayden, former head of the CIA and National Security Agency.

“The Chinese have scale, the Russians have skill,” Hayden said May 24 at a conference in Washington hosted by Gigamon. That assessment echoes what Adm. Michael Rogers, the current NSA director, has told Congress.

Hayden likened Russian President Vladimir Putin’s alleged sponsorship of criminal hackers to the patronage Don Vito Corleone provides associates in the popular film The Godfather.

“Don Vladimir has allowed the criminal gangs to survive and flourish without legal interference as long as they go outward,” Hayden said. “And from time to time the Don then has need of their services.”

Analysts and U.S. lawmakers have pointed to close ties between the Russian government and cybercriminal groups to the point of blurring the lines of attribution. Some have blamed Russia for a December hack of the Ukrainian power grid, which affected 225,000 customers.

The different bilateral relationships Washington has with Moscow and Beijing have dictated different U.S. policy responses to alleged state-sponsored cyber operations.

The U.S. and China last September agreed to not “knowingly support cyber-enabled theft of intellectual property,” something U.S. lawmakers have long accused China of doing. But with the U.S. government already heavily sanctioning Russia, such a bilateral agreement with Moscow seems unlikely.

“The relationship with Russia is such [that] I don’t know how you do that,” Hayden said.

In an April Senate hearing, Rogers, the current NSA director, told lawmakers that of nation-states, Russia “probably has the most active criminal element with … the greatest capability.” Asked if the Russia government was doing anything to combat cyber criminals on its turf, Rogers replied with a smile, “I would only say it doesn’t appear to be getting much better.”

Analysts such as NSS Labs CEO Vikram Phatak have argued that in a relatively lawless field, the U.S. government should embrace hackers who otherwise wouldn’t pass a background check. Although U.S. military and intelligence agencies have talented personnel, they don’t have “the kind of operational experience that the Russian mob has or the Chinese mob has,” Phatak told FCW earlier this year.

When asked if the U.S. government should give its computer operatives freer rein to go after Russian targets, Hayden was circumspect. “You cannot create symmetric effects in the Russian economy compared to what they can do in our economy,” he told FCW after his remarks.

Stuxnet a ‘poster child’ for certain hacks

Hayden’s remarks underscored the legal and normative ambiguity in cyberspace.

The United States is “incredibly aggressive in the cyber domain. We steal other nations’ data,” but not for commercial gain, he said.

U.S. officials suspect Chinese hackers were behind the breach of at least 22 million U.S. government records at the Office of Personnel Management. Hayden indicated he was jealous of that data heist.

“If I could have done this against a comparable Chinese database when I was director of NSA, I would have done it in a heartbeat,” the former Air Force general said.

During his remarks, Hayden described Stuxnet, the computer worm reportedly developed by the U.S. and Israel to destroy Iran’s nuclear centrifuges, as the “poster child” for hacks with physical-world implications. He told FCW afterward that the distributed-denial-of-serviceattacks that hit the U.S. financial sector from 2011 to 2013, which were allegedly carried out by Iranian hackers, were retribution for Stuxnet.

Hayden declined to confirm or deny U.S. involvement in Stuxnet, but said the net trade off — hampered Iranian centrifuges versus financial loss inflicted by the DDOS attacks — was in U.S. interests. Banks spent tens of millions of dollars in response to those attacks, according to the FBI.

Source:  https://fcw.com/articles/2016/05/24/hayden-russia-cyber.aspx

Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

Members of the Ghost Squad Hackers team, one of most active Anonymous sub-divisions, have carried out DDoS attacks on CNN and FOX News as part of a new hacktivism campaign.

Called OpSilence, the campaign’s goal is to attack all mainstream media that fails to report on the Palestine war or the true crimes happening in Syria, one of the hackers told Mic.

#OpSilence will take place during the entire month of June 2016

The operation will be run similarly to #OpIcarus, a month-long series of attacks that took place in the month of May against various banks around the world.

Any hacktivism group is welcomed to join, and the campaign comes on the heels of OpIcarus, which just ended yesterday.

Ghost Squad Hackers didn’t wait for June to start to begin their attacks, and they’ve already hit the email servers of FOX News and CNN. The group has been changing tactics lately, switching from DDoSing public websites to attacking mail servers, as they did most recently against the Bank of England.

Other hackers have taken a pro-Palestine stance before

Taking a pro-Palestine stance isn’t something strange for hackers, many others supporting this cause as well. The previous group that did so was CWA (Crackas With Attitude), whose hacked targets include CIA Director John Brennan’s personal AOL email account, FBI Deputy Director Mark Giuliano, US National Intelligence Director James Clapper, and President Barack Obama’s Senior Advisor on science and technology John Holdren.

The group is also responsible for hacking the JABS US national arrests database. They also leaked details for 2,400 US government officials, 80 Miami police officers, 9,000 DHS employees, and 20,000 FBI staffers.

Back in February, the group’s leader, a sixteen-year-old boy, was arrested in East Midlands, England.

External Source: http://www.ddosattacks.net/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media/

 

Internal source:  http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml

First stage of CIS counterterrorism exercises Cyber Anti-terror 2016 over

MOSCOW, 26 May (BelTA) – The special services of the CIS member states have carried out the first stage of the CIS counter-terrorism exercise Cyber Anti-terror 2016, the press service of the CIS Anti-Terrorism Center told BelTA. According to the source, security agencies and special services of the CIS member states carried out a number of search and respond actions coordinated by the CIS Anti-Terrorism Center to detect and suppress acts of cyber-terrorism as part of the first stage of the CIS counter-terrorism exercise Cyber Anti-terror 2016 on 23-25 May. In particular, with assistance of the CIS Anti-Terrorism Center experts from Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia practiced the detection and filtering of DDoS attacks staged by imaginary terrorists against a critical piece of infrastructure (a power engineering industry installation) located in Belarus. The experts determined IP subnets of the accomplices of the imaginary terrorists and their geographical locations. The experts then used minimal data provided by the collective-access information systems of the CIS states, including the specialized database of the CIS Anti-Terrorism Center and fingerprint databases, to determine the identity of the cyber-terrorists, document their illegal activities, and prevent their attempt to disrupt control over the critical installation. The efforts resulted in the simultaneous arrest of the imaginary cyber-terrorists in Armenia, Belarus, Kazakhstan, Kyrgyzstan, and the Russian Federation. The equipment they used to commit crimes was seized. Results of the first stage of the CIS counter-terrorism exercise Cyber Anti-terror 2016 will be summed up when top officers of the counter-terrorism units of the security agencies and special services of the CIS member states convene in Minsk on 31 May – 2 June. A counter-terrorism operation will be staged then to free hostages and neutralize terrorists at a strategically important installation (the Lukoml state district power plant). The press service of the CIS Anti-Terrorism Center told BelTA that joint counter-terrorism exercises are an important component in practical interaction between the member states of the Commonwealth of Independent States. The main purpose of the exercises is to improve the readiness of security agencies, special services, and other power-wielding agencies of the CIS member states to work together to counteract terrorist threats and challenges. Practical experience is accumulated and the best practices are shared during such exercises.

 

Source: http://eng.belta.by/society/view/first-stage-of-cis-counterterrorism-exercise-cyber-antiterror-2016-over-91638-2016/

Anonymous vigilantes expose cheating firms who inflate their value on the stock market

The hackers’ collective, Anonymous, seems to be slowly changing how they do things, to the extent that one division is now hacking for trading financial reports in order to expose firms in the US and China that are trying to cheat on the stock market. This particular group of hackers goes by the name Anonymous Analytics.

According to Softpedia, the division was formed in 2011 by ex-Anonymous hackers who got tired of launching Distributed Denial of Service (DDoS) attacks and hacking into companies to make a point.

In order to find the hidden information about companies that might be inflating their values, Anonymous Analytics spend their time analysing the stock market and searching the internet for clues.  This is often done using techniques that might not be legal or ethical.  And once they have the information, this group of hackers will publish financial reports exposing companies. This has caused at least one company’s stock price to fall. So far, Anonymous Analytics has compiled publicly available financial reports on 11 firms, most of which are from China and the US.

Anonymous Analytics efforts in releasing the truth has damaged buyers’ confidence in the stocks belonging to a Chinese lottery machine service provider and games developer called REXLot Holdings.  This company along with others had inflated its revenue and the amount of cash it had from interest earned on its balance sheet before being caught by the Anonymous Analytics.

  

Bringing down stock market cheats

On 24 June 2015, Anonymous Analytics published a report on REXLot’s activities, which caused the stock price to plummet from $HK0.485 (4p, 6¢) down to $HK0.12, before the firm completely suspended its shares from trading. Bloomberg reported on the incident at the time but RexLot refused to respond despite repeated attempts.

When REXLot decided to return to the stock market on 18 April and they submitted a 53-page report about their financial status. Anonymous Analytics read the report and decided to publish a countering report. The second report was even worse and advised investors to urgently sell their stock, causing the company’s stock price to fall again by 50%.

A week after the report which exposed REXLot was released, the company had to admit in a report to the Hong Kong stock exchange that it could not honour all the bond redemptions requested by holders; which amounted to HK$1.85bn, due to the fact that it just didn’t have sufficient cash resources.

In fact, REXLot said it was trying to gain the bondholders’ consent to let it have more time to dispose of some assets in order to generate the cash needed to make the payments.

While it is a rather unusual approach for the hacking collective, Anonymous Analytics’ efforts seem to having a much greater impact than its attempts to troll Islamic State with Rick Astley music videos or DDoS-ing random companies in different countries to make a point.

Source:  http://www.ibtimes.co.uk/anonymous-vigilantes-expose-cheating-firms-who-inflate-their-value-stock-market-1562458

Anonymous Leads the Pack for 2016’s Trending Hacktivist Groups

Based on collected threat intelligence and social media hype, SurfWatch Labs says that Anonymous maintained its position as top trending hacktivist group, followed by Turk Hack Team (THT), New World Hacking (NWO), and Ghost Squad Hackers.

The data reveals that, compared to other years, hacktivism has slowed down and lost momentum but has still managed to cause enough damages to gain mainstream media attention.

The security firm says that government agencies were hit the hardest by hacktivism campaigns, with the most hype having been generated around the now-infamous COMELEC hack by Anonymous Philippines and Lulzsec Philippines, during which details for around 50 million Filipino voters were leaked.

2016 is a down year for hacktivism, but groups generated enough hype

Besides this incident, hacktivist groups generated a lot of attention to their causes via the massive DDoS attack on BBC at the start of the year, the DDoS attacks on Donald Trump’s websites part of #OpTrump, the DDoS attacks on the Bank of Greece part of #OpIcarus, and the ones on Nissan part of #OpKillingBay.

Other smaller hacktivism incidents that also brought a lot of attention to causes and the groups behind them were the attacks on the Bank of Cyprus, the takedown of ISIS Twitter profiles following the Belgium attacks, and the leak of data from NASA’s internal network.

The top five hacktivism campaigns during the first months of 2016 were #OpTrump, #OpKilling Bay, #OpWhales, #OpIsrael, and #OpAfrica. #OpIcarus was not included since it’s supposed to last for the entire month of May, but the campaign is sure to become a mainstay in Anonymous’ standard operations.

SurfWatch Labs also points out in its report that former big names such as the Syrian Electronic Army and Lizard Squad seem to have fallen off the face of the earth, with the company seeing no to little activity from its members. Taking into account that the US has filed former charges against members of the Syrian Electronic Army, the group’s members are probably busy avoiding getting arrested.

Source:  http://news.softpedia.com/news/anonymous-leads-the-pack-of-2016-s-trending-hacktivist-groups-504605.shtml