Onslought Also Paved Way for Rise of English-Speaking Hackers
An international law enforcement crackdown on the LockBit ransomware group caused fragmentation and distrust among Russian-speaking cybercrime groups, paving the way for English-speaking hacking groups to gain prominence, experts said Tuesday during a London conference.
See Also: OnDemand | Navigate the threat of AI-powered cyberattacks
Authorities from the United States, United Kingdom and Europe last fall seized servers used by a bulletproof infrastructure provider for LockBit and arrested two in an operation that continued an onslaught of disruption initiated by “Operation Cronos” in February 2024 (see: LockBit and Evil Corp Targeted in Anti-Ransomware Crackdown).
Speaking at Tuesday’s panel at InfoSec Europe, Jeremy Banks of the British National Police Chiefs Council’s Cyber Crime Team said the international operation “certainly changed” the threat landscape.
“What we’re seeing now in the U.K. is that there are a lot more English language-based threat actors coming forward now, whereas before it was very hostile state coming through,” Banks said, adding he was referring to hackers are primarily from the U.S., U.K. or Australia.
Although these groups possess low-level attack skillets, Banks added their tactics are “very effective.”
Scattered Spider, an English-speaking group largely with a heavy U.S. and British adolescent makeup is an example of this changing trend. The group is suspected of being behind hacks of British retailers Marks and Spencer, Harrods and Co-op (see: Retail Sector in Scattered Spider Crosshairs).
Security firms Google Mandiant and Sophos have warned the group is also targeting retailers in the U.S.
William Lyne, cyber intelligence head at the National Crime Agency, said LockBit takedowns have resulted in “less trust” within cybercrime groups.
“More groups than ever are made up of fewer people and they not utilizing the big ransomware-as-a-service or big marketplaces and forms in the ways that they probably used to in the past,” Lyne said.
Magnus Jelen, lead director of incident response at Coveware, said law enforcement actions have forced hackers to reduce their dwell time, but have also altered the focus of some groups from malicious encryption to data theft.
“Some of the actors out there now might not have the capacity to roll out encryption and to manage that side of things. We’re definitely seeing that the downstream effects of some very good work on the law enforcement side,” Jelen said.
Click Here For The Original Source.
