A number of leading cybercriminals have been observed recruiting new members at an alarming rate, new reports warn.
Avast’s recent Q3 2022 threat report found that some threat actors have started hiring successfully, others because they were pinned down by cybersecurity researchers.
For example, the LockBit group, known for the ransomware variant of the same name, was “very active this quarter”, according to the researchers.
One of the ways Avast saw the group recruiting new members and affiliates was with a new bounty hunting program.
In late June 2022, LockBit released a new version of its encryptor, and to make sure it was airtight, it offered $50,000 to anyone who finds a vulnerability in the encryption of large database files. There were also other bounties on offer. For example, whoever discovers the name of the affiliated boss gets a million dollars.
There are also high payouts for weaknesses in the encryption process, a vulnerability in the LockBit website, or vulnerabilities in the TOX messenger or TOR network.
In addition, it offered $1,000 to anyone who would tattoo the LockBit logo on their body.
The hacking group NoName057(16), which suffered a major blow after Bobik C2’s main server was shut down and the botnet stopped working, began recruiting for a new project in mid-August this year, the researchers found. Suspecting that they need fresh blood to continue active DDoS attacks, the researchers saw the threat actor open a new group dedicated to the DDDOSIA project. At the end of last month, the group had more than 700 members.
The project will allow hackers to download an identification binary, allowing them to launch DDoS attacks in exchange for cryptocurrency.
In addition to LockBit and NoName057(16), Avast identified nearly a dozen botnet operators that are currently actively seeking new members. These include the dreaded Emotet and Ursnif, as well as Phorpiex, Tofsee, MyloBot, Nitol, Dorkbot, MyKings, and Amadey.
- Check out our roundup of the best firewalls (opens in new tab) currently