Windstream Enterprise, a managed communications service company, is launching a comprehensive, managed secure access service edge (SASE) solution in partnership with cloud-native SASE provider Cato Networks.

With Cato’s technology, Windstream can offer a SASE solution to meet rising customer demand for a holistic network and security-as-a-service offering, says Mike Frane, VP of product management at Windstream Enterprise.

“Windstream Enterprise wraps its extensive managed services expertise around the SASE services by delivering concierge-level configuration, analysis, and optimization through our Technical Service Management (TSM) team, coupled with comprehensive security oversight and management from our Cyber Security Operations Center (CSOC),” Frane says.

To read this article in full, please click here

Read More

A new CIS Benchmark was created to offer added protection for election management system gateway machines.

Read More

Four parallel lawsuits filed against Creative Services Inc over alleged data security failings

Read More

Defendant allegedly used websites and telemarketing to falsely claim that he could raise consumers’ credit scores

Read More

US President warns malicious cyber activity is “part of Russia’s playbook”

Read More

Pavel Vrublevsky, founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book “Spam Nation,” was arrested in Moscow this month and charged with fraud. Russian authorities allege Vrublevsky operated several fraudulent SMS-based payment schemes, and facilitated money laundering for Hydra, the largest Russian darknet market. But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia’s state security services and the cybercriminal underground.

ChronoPay specializes in providing access to the global credit card networks for “high risk” merchants — businesses involved in selling services online that tend to generate an unusually large number of chargebacks and reports of fraud, and hence have a higher risk of failure.

When I first began writing about Vrublevsky in 2009 as a reporter for The Washington Post, ChronoPay and its sister firm Red & Partners (RNP) were earning millions setting up payment infrastructure for fake antivirus peddlers and spammers pimping male enhancement drugs.

Using the hacker alias “RedEye,” the ChronoPay CEO oversaw a burgeoning pharmacy spam affiliate program called Rx-Promotion, which paid some of Russia’s most talented spammers and virus writers to bombard the world with junk email promoting Rx-Promotion’s pill shops. RedEye also was the administrator of Crutop, a Russian language forum and affiliate program that catered to thousands of adult webmasters.

In 2013, Vrublevsky was sentenced to 2.5 years in a Russian penal colony for convincing one of his top affiliates to launch a distributed denial-of-service (DDoS) attack against a competitor that shut down the ticketing system for the state-owned Aeroflot airline.

Following his release from jail, Vrublevsky began working on a new digital payments platform based in Hong Kong called HPay Ltd (a.k.a. Hong Kong Processing Corporation). HPay appears to have had a great number of clients that were running schemes which bamboozled people with fake lotteries and prize contests.

According to Russian prosecutors, the scam went like this: Consumers would receive an SMS with links to sites that falsely claimed a number of well-known companies were sponsoring drawings and lotteries for people who enrolled or agreed to answer surveys. All who responded were told they were winners, but also that they had to pay a commission to pick up the prize. That scheme allegedly stole 500 million rubles (~ USD $4.5 million) from over 100,000 consumers.

There are scant public records that show a connection between ChronoPay and HPay, apart from the fact that the latter’s website — hpay[.]io — was originally hosted on the same server (185.111.218.63) along with a handful of other domains, including Vrublevsky’s personal website rnp[.]com.

But then earlier this month, KrebsOnSecurity received a large amount of information that was stolen from ChronoPay recently when hackers managed to compromise the company’s Confluence server. Confluence is a web-based corporate wiki platform, and ChronoPay used their Confluence installation to document in exquisite detail how it creatively distributes the risk associated with high-risk processing by routing transactions through a myriad of shell companies and third-party processors.

Incredibly, Vrublevsky himself appears to have used ChronoPay’s Confluence wiki to document his entire 20+ years of personal and professional history in the high-risk payments space, including the company’s most recent forays with HPay. The latest document in the hacked archive is dated April 2021.

These diary entries, interspersed between highly technical how-tos, are all written in Russian and in the third person. But they are unmistakably Vrublevsky’s words: Some of the elaborate stories in the wiki were identical to theories that Vrublevsky himself espoused to me throughout hundreds of hours of phone interviews. Also, in some of the entries the narrator switches from “he” to “I” when describing the actions of Vrublevsky.

Vrublevsky’s memoire/wiki invokes the nicknames and real names of Russian hackers who worked with the protection of corrupt officials in the Russian Federal Security Service (FSB), the successor agency to the Soviet KGB. In several diary entries, Vrublevsky writes about various cybercriminals and Russian law enforcement officials involved in processing credit card payments tied to online gambling sites.

Russian banks are prohibited from processing payments for online gambling, and as a result many online gaming sites catering to Russian speakers have chosen to process credit card payments through Ukrainian financial institutions.

That’s according to Vladislav “BadB” Horohorin, the convicted cybercriminal who shared the ChronoPay Confluence data with KrebsOnSecurity. In February 2017, Horohorin was released after serving four years in a U.S. prison for his role in the 2009 theft of more than $9 million from RBS Worldpay.

Horohorin said Vrublevsky has been using his knowledge of the card processing networks to extort people in the online gambling industry who may run afoul of Russian laws.

“Russia has strict regulations against processing for the gambling business,” Horohorin said. “While Russian banks can’t do it, Ukrainian ones can, so we have Ukrainian banks processing gambling and casinos, which mostly Russian gamblers use. What Pavel does is he blackmails those Ukrainian banks using his connections and knowledge. Some pay, some don’t. But some people are not very tolerant of that kind of abuse.”

A native of Donetsk, Ukraine, Horohorin told KrebsOnSecurity he hacked and shared the ChronoPay Confluence installation because Vrublevsky had threatened a family member. Horohorin believes Vrublevsky secretly operated the “bad bank” channel on Telegram, which calls attention to online gambling operations that are violating Visa and MasterCard regulations (violations that can bring the violator hundreds of thousands of dollars in fines).

“Pavel scrupulously wrote his diary for a long time, and there is a lot of information on the people he knows,” Horohorin told KrebsOnSecurity. “My understanding is he wrote this in order to blackmail people later. There is a lot of interesting stuff, a lot of names and a lot of very intimate info about Russian card processing market, as well as Pavel’s own escapades.”

Among the escapades recounted in the ChronoPay founder’s diaries are multiple stories involving the self-proclaimed “King of Fraud!” Aleksandr “Nastra” Zhukov, a Russian national who ran an advertising fraud network dubbed “Methbot” that stole $7 million from publishers through bots made to look like humans watching videos online.

The journal explains that Zhukov lived with a ChronoPay employee and had a great deal of interaction with ChronoPay’s high-risk department, so much so that Zhukov at one point gave Vrublevsky a $100,000 jeweled watch as a gift. Zukhov was arrested in Bulgaria in 2018 and extradited to the United States. Following a jury trial in New York that ended last year, Zhukov was sentenced to 10 years in prison.

According to the Russian news outlet Kommersant, Vrublevsky and company operated “Inferno Pay,” a payments portal that worked with Hydra, the largest Russian darknet market for illicit goods, including drug trafficking, malware, and counterfeit money and documents.

“The services of Inferno Pay, whose commission came to 30% of the transaction, were actively used by online casinos,” Kommersant wrote on Mar. 12.

The drama surrounding Vrublevsky’s most recent arrest is reminiscent of events leading up to his imprisonment nearly a decade ago, when several years’ worth of ChronoPay internal emails were leaked online.

Kommersant said Russian authorities also searched the dwelling of Dmitry Artimovich, a former ChronoPay director who along with his brother Igor was responsible for running the Festi botnet, the same spam botnet that was used for years to pump out junk emails promoting Vrublevsky’s pharmacy affiliate websites. Festi also was the botnet used in the DDoS attack that sent Vrubelvsky to prison for two years in 2013.

Artimovich says he had a falling out with Vrublevsky roughly five years ago, and he’s been suing the company ever since. In a message to KrebsOnSecurity, Artimovich said while Vrublevsky was involved in a lot of shady activities, he doubts Vrublevksy’s arrest was really about SMS payment scams as the government claims.

“I do not think that it was a reason for his arrest,” Artimovich said. “Our law enforcement usually don’t give a shit about sites like this. And I don’t think that Vrublevsky made much money there. I believe he angered some high-ranking person. Because the scale of the case is much larger than Aeroflot. Police made search of 22 people. Illegal seizure of money, computers.”

Read More

News:

The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion.

[…]

Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors. But there’s been no sign so far of major disruptive hacks against U.S. targets even as the government has imposed increasingly harsh sanctions that have battered the Russian economy.

The public alert followed classified briefings government officials conducted last week for more than 100 companies in sectors at the highest risk of Russian hacks, Neuberger said. The briefing was prompted by “preparatory activity” by Russian hackers, she said.
U.S. analysts have detected scanning of some critical sectors’ computers by Russian government actors and other preparatory work, one U.S. official told my colleague Ellen Nakashima on the condition of anonymity because of the matter’s sensitivity. But whether that is a signal that there will be a cyberattack on a critical system is not clear, Neuberger said.
Neuberger declined to name specific industry sectors under threat but said they’re part of critical infrastructure ­– a government designation that includes industries deemed vital to the economy and national security, including energy, finance, transportation and pipelines.

President Biden’s statement. White House fact sheet. And here’s a video of the extended Q&A with deputy national security adviser Anne Neuberger.

Read More

Concerns that the attack surface is expanding faster than ability to secure it

Read More

Ciaran Martin believes organizations must be prepared for heightened cyber risks emanating from the Russia-Ukraine conflict

Read More

This blog was written by an independent guest blogger.

Cybersecurity is more important today than ever before, with virtual threats surging to historic highs. Organizations in every industry need to take steps to protect themselves from cybercrime. A few sectors, in particular, should be especially concerned about safety. These industries are at the highest risk of being targeted by cyberattacks, with damages that can cost billions of dollars.

1. E-commerce

Online shopping was steadily becoming more popular throughout the 2000s and 2010s, but the COVID-19 pandemic has sparked an incredible boom in the 2020s. This is great news for businesses since e-commerce can pull in revenue from a larger audience than brick-and-mortar stores.

However, these companies must have top-notch cybersecurity. When online shopping rose in popularity in 2020, cybercrimes also skyrocketed, amounting to $1 trillion in damages. E-commerce businesses can protect their customers from these threats using online checkout security, multifactor authentication, secure data storage and other practices that put client information first.

2. Finance

A shocking 74% of financial institutions reported experiencing a surge in cyber threats connected to the COVID-19 pandemic in 2021. It should come as no surprise that financial institutions are at the top of cybercriminals’ lists. The trend will only continue as more customers turn to online banking.

Organizations in the finance industry have to take extra steps to protect themselves and their customers from digital threats. For example, mobile banking apps should have an option for biometric authentication, which is more difficult to hack than a conventional alphanumeric password. Internally, cybersecurity must be impenetrable, which requires a culture of security among employees and leaders.

3. Healthcare

Hackers noticed when the COVID-19 pandemic channeled massive amounts of attention and money into the health care industry. Providers, institutions, and businesses of all types have become targets for cybercrime. Patients’ sensitive data can be especially valuable around the dark web and cybercrime networks since it allows for impersonation and identity theft.

Health care organizations must be extremely careful and focused to protect their patients and customers. Studies have found that misdelivery alone is responsible for 36% of breaches in the medical industry. Telemedicine only increases the danger of individual mistakes and inconsistencies. Every password, device, file and user must be extremely well-fortified. AI cybersecurity software is on the rise for this exact purpose, helping autonomously detect threats and vulnerabilities.

4. Manufacturing

The manufacturing industry may not be a traditional target for cybercrime, but the supply chain crisis has changed that. Cybercriminals know that manufacturers are working against the clock already, making it much easier for certain attacks, like ransomware, to gain leverage. As a result, manufacturers’ security gaps have put the entire supply chain at risk.

More manufacturers are using automation, IoT and other connected technologies to stay ahead of the curve during the supply chain crisis. Protecting these devices is crucial. Additionally, manufacturing facilities’ networks must have strong firewalls and login protections to keep out intruders. Any computers employees use to access business information need to be secured and backed up regularly, as well.

5. Government

Government institutions and the private sector businesses they work with have always been prime targets for cybercrime. Their cybersecurity methods will need to evolve in the years ahead, though. In fact, government organizations and their private sector partners will need to lead the way at the cutting edge of safety practices to stay ahead of the rising tide of cybercrime.

Specific types of attacks are increasing faster than others, which governmental bodies must be aware of. For example, they need to start requiring anti-phishing training to teach federal employees how to recognize and deal with suspicious emails and domains. INTERPOL found that phishing attacks have increased more than any other type of cyberattack in response to the COVID-19 pandemic. They are especially dangerous for governments since they handle sensitive and even classified information regularly.

Cybersecurity in the next digital era

Cybersecurity is a continuous process that must be constantly monitored and improved to stay ahead of criminals. Innovation has exploded in recent years in response to evolving threats. For example, artificial intelligence is becoming a popular tool for outsmarting cybercriminals and preventing attacks altogether. Friendly hacking is also becoming commonplace as organizations seek to test their defenses safely.

Education and training are crucial for digital safety. This is especially important with the rising popularity of remote work, where employees are solely responsible for the security of their devices and connections. A security-first mindset allows organizations in every industry to protect themselves and their customers from the advancing threats of the digital landscape.

Read More