The Met Police, a long with a host of other global law enforcement agencies, have dismantled a criminal gang that used a technology service to facilitate fraudulent text messages, leading to theft from victims. The scam primarily targeted younger individuals familiar with the internet. The technology service, LabHost, aided scammers in sending deceptive messages and directing victims to fake websites resembling legitimate online payment or shopping services.

The criminals obtained identity information, including card numbers and Pin codes, resulting in significant financial losses. Though the exact amount stolen remains unknown, LabHost reportedly generated nearly £1m in profits. In the UK alone, around 70,000 victims are thought to have been deceived into providing their details online, with 25,000 identified victims receiving warning text messages about potential fraudulent sites.

Victims are advised to seek guidance on the Metropolitan Police website, and their cases have been reported to fraud investigators. Personal details discovered in data obtained from LabHost have been secured by authorities.

In light of this story, the cybersecurity community has been positive in hearing this news:

Adam Pilton, Cyber Security Consultant at CyberSmart, and former Detective Sergeant investigating cybercrime at Dorset Police: “This is another fantastic result for UK and international law enforcement. 

“In February, we saw the takedown of Lockbit, the largest ransomware gang. This was an international operation which stemmed from fantastic work by the South West Regional Organised Crime Unit.

“This operation will be no different, and we should not underestimate the amount of work put into operations such as this. It took two years to reach this point and there would have been many people involved. This kind of incident would most likely have started from the intelligence gathered by law enforcement and investigative agencies. 

“This is why it is so important to report cybercrime: Even reporting phishing emails helps to build that intelligence picture, which enables law enforcement to protect us.

“One area of particular concern is the increasing tendency to see cybercriminals offering services to unskilled criminals who want to venture into cybercrime. This, along with the continued evolution of AI means that we must continue to build our cyber defences, staying aware of the latest threats and how we can protect ourselves. As the NCSC stated in their 2023 annual review “We have the information and tools at our disposal to defend ourselves. We just need to use them better.”

 

Martin Kraemer, security awareness advocate at KnowBe4: “News like this is important when they hit the national media. These stories are timely reminders that cybercrime is omnipresent, and it would be foolish to assume that one could not be a target.

“Cybercrime gangs are becoming more common. Law enforcement must reduce the accessibility and attractiveness of online fraud schemes. We must put a stop to the increasing trend of cybercrime turning into an opportunity business for aspiring cyber criminals. Sending out videos to all 800 users of the illegal services to scare them off is therefore a good step by law enforcement.

“Taking down cybercrime networks is the way to go. Shutting down websites alone will obviously not stop people, but seizing their services, and resources, and arresting key people will have an effect.

“Phishing-as-a-service offerings like LabHost contribute to the massive growth of phishing scams worldwide. The quality of these offerings is remarkable. They include entire tool sets to harvest a range of private information including credit card information, multi-factor authentication, or address information. The platform also offered features such as email phishing, SMS phishing, and even management of stolen credentials. Criminals use such service offerings to target businesses and private individuals. Organisations must assume responsibility for empowering their workforce by educating them to make smarter security decisions.

“It is great to see international law enforcement collaborations in taking down cybercrime groups. This is another important step. The first big takedown that tackles phishing after the Lockbit ransomware takedown earlier this year. Phishing is the most used attack vector and ransomware as the most common monetisation scheme are two important areas to tackle. Law enforcement is clearly stepping up the game and rightly so.”

Mayur Upadhyaya, CEO at APIContext: “The recent takedown of LabHost, a service used for online scams, highlights the evolving tactics of cybercriminals and the need for proactive security measures. APIContext commends the collaborative efforts of law enforcement and financial institutions.

“This case emphasises the critical role of robust API security. APIs are often gateways to sensitive data, and the LabHost incident demonstrates how criminals exploit vulnerabilities. Organisations must prioritise API security with advanced protocols to control and monitor access, preventing unauthorised activity like the creation of fake payment services seen in this case.

“Law enforcement’s use of behavioural psychology to deter criminals further emphasises the need for a multi-layered approach to cybersecurity. APIContext advocates for a combination of robust API management, real-time threat detection, and ongoing education to combat cybercrime. This incident serves as a reminder for all sectors to strengthen their defences with comprehensive security frameworks that address both technological and human vulnerabilities.”

Simon Newman, CEO, Cyber Resilience Centre for London & International Cyber Expo Advisory Council Member. “Phishing continues to be the most common type of cyber-attack used by cyber criminals and its impact can be devastating for victims. Clicking on a malicious link that encourages users to input personal information can be used by criminals to commit fraud. This is a fantastic result demonstrating the importance of international collaboration between law enforcement agencies around the world. It also shows the importance of reporting cyber-crime to the authorities with nearly 70,000 victims in the UK alone”

Brian Higgins, Security Specialist at Comparitech: “Crime as a Service (CaaS) has been around for a long time, going back to the days of off-the-shelf banking Trojans, but ever more inventive criminal enterprises constantly research contemporary attack vectors if they think there is money to be made. One more modern aspect of their targeting strategies is to match vulnerable communities with CaaS methodologies and products, as in this case predominantly messaging younger, more tech-immersed victims via Text. Whilst the size of this disrupted operation is fairly small in terms of profit, the tools employed by law enforcement show a distinct evolution in online fraud countermeasures, particularly behavioural science input and follow-up messaging. Multi-jurisdictional physical arrests are also an encouraging impact of any operation of this kind so the deterrent effect, whilst near impossible to quantify, could also be counted as a win for the agencies involved.”

The post Police apprehend global cyber gang implicated in large-scale fraud first appeared on IT Security Guru.

The post Police apprehend global cyber gang implicated in large-scale fraud appeared first on IT Security Guru.

25 Years of Nmap: Happy Scan-iversary!

I didn't know it then, but on September 1, 1997, my life changed. That was the day that Fyodor's Nmap was first released to the world, courtesy of the venerable Phrack magazine. (By the way, check out our recent podcast with Fyodor himself if you haven’t yet.) At the time, I had just started my legitimate IT career, but boy oh boy, I was in the thick of it when it came to hackery hijinks. I won't admit to any crimes or anything in this, my now-very-legitimate company's blog post, but let me tell you: 1997 was a truly magical time for the nascent field of what would eventually become known as information security.

At the risk of making this sound like a "kids-these-days/back-in-my-day" kind of blog post, let me just say that if you wanted to probe and profile computers — yes, even computers you owned, legitimately — your choices were simultaneously limited and practically unbounded. In order to conduct network scanning, you had a bunch of tools available to you, all of which worked a little differently, ranging from "completely broken" to "kind of okay for some users." People who were into this sort of thing generally got frustrated with the tooling floating around and wrote their own, which meant that their tools tended to only work for them, since these projects were heavily dependent on that one person's local operating system configuration.

Nmap changed all that.

Early infosec’s magic moment

From the outset, Nmap was a simple tool that literally fit in a magazine article about network scanning tactics and tricks. It was two files of about 2,100 lines of code, and unlike many hacker tools of the day, it actually compiled for me on the first try.

Most importantly, Fyodor's code style was weirdly easy to read, even for a non-programmer hacker hobbyist like myself (I didn't get my first "real" IT job until 1998, but I did spend quite a bit of time in university computer labs for… reasons).

25 Years of Nmap: Happy Scan-iversary!
A snippet of the original code published in Phrack 51

Smack in the middle, you can see elements like `send_tcp_raw()` (pictured above) that directly reflected the language in the TCP/IP standard, RFC 793, so the code was generally accessible to both hobbyists and professionals who had motivation to figure out how this TCP/IP stuff worked, really.

Incidentally, other projects were also popping off at the time, as well — l0phtcrack (a proprietary utility for recovering passwords) was released a few months before, and Nessus (a little open-source vulnerability scanner) was released a few months after, so there was definitely something in the ether during this 12-month period. Hacker tooling was transforming into infosec tooling, which meant more "luser n00bs," like myself, could get themselves enmeshed and enamored of the occult magicks of internet technology. Nmap, at least for me, stood out as a true oracle to the weird ways of packet crafting and network sleight-of-hand you could use in fun, unexpected ways to learn about the world.

Happy Scan-iversary, Nmap. Thanks for the cool career.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT security configuration management (SCM). Faster breach detection Today’s cyber threat […]… Read More

The post Why Security Configuration Management (SCM) Matters appeared first on The State of Security.