- The Breach Report
- Posts
- The Breach Report: February 27, 2024
The Breach Report: February 27, 2024
LockBit vows vengeance against FBI; Reddit is monetizing your data
Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.
LockBit Returns Despite International Takedown Effort
LockBit is back. Don’t tell me you’re surprised.
The reports of LockBit’s death are greatly exaggerated. The cybercriminal ransomware group has re-emerged on the dark web with a new domain after restoring backups untouched by international law enforcement agencies. And now, they’re vowing vengeance against the FBI.
A remaining LockBit administrator blamed the group’s negligence and lack of opsec for being compromised.
Season 2 of FBI vs Lockbit ransomware group is scheduled to premier in roughly 1 hour.
Lockbit has restored their servers (new Tor domains) and is planning on making a statement to the FBI regarding last weeks takedown.
Stay tuned for the next episode of Dragon Ball Z
— vx-underground (@vxunderground)
8:42 PM • Feb 24, 2024
The reborn LockBit is now targeting the government sector and agencies that attempted to bring it down in Operation Cronos.
The U.K.’s National Crime Agency was confident that LockBit had been dismantled with Operation Cronos. "Their systems have now been destroyed by the NCA, and it is our assessment that LockBit remains completely compromised,” the NCA said.
Authorities claim that the group’s lead administrator, LockBitSupp, is cooperating with law enforcement. The hope from law enforcement is that it sows distrust within the remaining ransomware gang, leading to more confusion and fracturing.
But, it isn’t going as well as the NCA or FBI probably hoped.
LockBit members speaking to The Hacker News stated that “they did not believe law enforcement know his/her/their identities” of the real LockBitSupp. LockBit itself has been through several iterations since the group’s founding in September 2019.
LockBit’s new onion address, accessible on Tor, was shared by vx-underground, a malware research website.
The rebirth of LockBit is not dissimilar from ALPHV, a ransomware group whose infrastructure was seized by the FBI last year. But it, too, recovered, operating from a new website and claims new victims daily.
Other ransomware groups such as Hive and Conti frequently rebrand and reform under new names and operating domains.
Reddit Is Monetizing Your Data in AI Data Licensing Agreements
Just another example of “if the product is free, you are the product.”
Popular internet discourse forum and “frontpage of the internet” Reddit has agreed to license its user data for AI training purposes worth $60M a year, according to Bloomberg. The news comes as the company is preparing to issue an initial public offering (IPO) and seeks to capture as many diversified sources of revenue streams as possible.
Google is among one of the top tech companies that has agreed to use Reddit’s user content license specifically to train AI models.
Reddit, which was valued at $10 billion in a funding round in 2021, is seeking to sell about 10% of its shares in the offering, Reuters reported.
For years, tools and even data brokers have scraped the open internet for what is referred to as “open source intelligence” (OSINT), a legally questionable practice. Data scraping has also been used for creating massive datasets that can then be used to train AI models. Reddit is a treasure trove of data capturing popular public sentiment on topics such as politics, technology, investing, and popular culture.
But, scraping this data using Reddit APIs was extremely cost-prohibitive for the company, and they subsequently changed their terms of service and started charging for API use.
Now, Reddit is willing to agree to license user data it collects on its platform and sell it for training purposes to companies such as Google.
It’s unknown how the continued licensing of its user data will affect the public’s perception of the platform and willingness to remain active users. The company has even gone so far as to list its “r/WallStreetBets” subreddit as a liability in its IPO filing.
Cybersecurity Headlines
New from our favorite blogs and journalists:
NIST Releases Cybersecurity Framework 2.0 (Dark Reading)
China Launches New Cyber-Defense Plan for Industrial Networks (Dark Reading)
Reddit: 'We Are in the Early Stages of Monetizing Our User Base' (404 Media)
Darknet Drug Dealers Arrested After Packages of Meth-Laced Adderall Repeatedly Returned to Sender (404 Media)
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (The Hacker News)
8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation (The Hacker News)
Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement (The Hacker News)
LockBit claims a comeback less than a week after major disruption (CyberScoop)
Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments (CyberScoop)
Leaked documents show how firm supports Chinese hacking operations (CyberScoop)
Are you surprised LockBit returned to normal operations within days? |
Until next time…
Rob Waters
Founder, The Breach Report + Cybersecurity Careers Blog
Reply