LockBit 4.0: New Features for More Pain

AI Spotlight
AI is Improving Your Browsing Security

Leopeva64 on X found a new Chrome feature flexing new AI capabilities to detect scam websites. While details are slim because it’s still in testing, the short description shows that Chrome will use an on-device LLM to assess the web page’s legitimacy. For example, are you visiting a phishing website that mimics a legitimate company?

The on-device LLM means that the analysis happens on your system. While that sounds like a privacy win, and it sort of is, the feature only works under Chrome’s Enhanced Protection mode. Enhanced Protection warns you of potentially malicious sites, downloads, and browser extensions. Still, it requires you to send all of your browsing activity to Google, albeit temporarily, so they can determine if it’s malicious.

Gmail is also rocking AI to improve its ability to detect phishing, malware, and spam. They trained LLMs on known phishing, malware, and spam emails. Using that LLM, they found it blocked 20% more spam and now reviews 1,000 times more user-reported spam daily.

Not to be outdone, Microsoft Edge (yes, Microsoft still has a browser) is testing a scareware blocker, which will help protect people from all the fake tech scams out there. You know, those things telling you your drivers are outdated, and the only way to fix them is to send gift cards to some random person.

Expect to see more of these advancements in security from the products you use each day. While it’s easy to get caught up in the doom and gloom of deepfakes and AI-supported cyber attacks, there’s an equal (if not better) opportunity for defenders to level up their security stacks with AI. The cat and mouse game never stops for cyber security.

Security Deep Dive
LockBit…Good News and Bad News…

Good news first. This week, the US announced the arrest of a LockBit developer in Israel. He’s been receiving $10K/month in BTC from the LockBit group to develop their infrastructure. While other arrests have been made with LockBit, they’ve just been LockBit affiliates who use the LockBit infrastructure to carry out the attacks. This appears to be the first big arrest of someone who helped build the LockBit infrastructure.

Okay, now the bad news. Even after being taken down earlier this year, good ol’ Dmitry, the main person behind LockBit, came out with guns blazing this week with a big announcement.

I meandered over to LockBit’s leak site and found a new posting announcing the release of LockBit 4.0. In typical Internet bravado, the posting entices pentesters (aka the idiots who hack into companies and use the LockBit tools to steal data and encrypt systems) that they can start their billionaire journey complete with luxury cars and…ummm, well…you can read the rest yourself.

For the low cost of $777 USD in Bitcoin or Monero, you can sign up to be a LockBit affiliate and instantly make your way onto Santa’s naughty list the Fed’s house visit list.

Because I don’t need a visit from the Feds, I’m going to rely on this update from Cyber Press, which showed the latest features of the release:

• Enhanced File Encryption: LockBit 4.0 employs more sophisticated encryption techniques, making it harder for victims to recover files.

• Advanced Data Exfiltration: The ransomware is designed to improve the theft of sensitive information before encrypting systems.

• Cross-Platform Capability: LockBit 4.0 can now operate across multiple operating systems, increasing its versatility in targeting diverse environments.

• Randomized File Naming: Encrypted files are renamed with random patterns, making it more difficult for victims to identify and recover their data.

• Self-Deletion Mechanism: The ransomware has a built-in ability to automatically delete its own files post-encryption, further complicating recovery efforts.

Let’s not forget that the US sanctioned Dmitry in May, so anyone who pays a LockBit ransom is at risk of having some not-so-friendly conversations with the US government. So, who knows whether this will matter or not? LockBit continues to populate its blog post with victims, so while their activity is far below where it was before law enforcement took them down earlier this year, it’s not zero.

There’s no shortage of drama with LockBit…

Security & AI News
What Else is Happening?

🇷🇺 Russian spies are recruiting Ukrainian teens to conduct “quest games.” These aren’t video games, though. They’re real-life activities like taking pictures of military sites later used to execute air strikes or setting fire to transformers.

🇷🇴 A 31-year-old Romanian was sentenced to 20 years in prison for operating as an affiliate of the NetWalker ransomware group. I can remember responding to NetWalker attacks, which targeted the healthcare sector during the COVID pandemic…so 20 years feels a little light. He was also forced to repay $21.5 million he earned from ransomware payments, pay almost $15 million in restitution, and forfeit his share of a resort under construction in Bali. Something tells me that his view from prison won’t be similar to the Bali views.

💰️ According to Chainalysis, North Korean threat actors stole $1.34 billion in crypto (yes, BILLION) across 47 incidents in 2024 alone. That’s more than double what they did last year. I have a hunch that they’re not using that to fund youth sports.

📱 New phone malware wants to slide into your DMs…or at least your text messages. Disguised as a Body Mass Index (BMI) calculator, once installed, it can record your screen and read your text messages. That’s an easy way to snag those SMS MFA codes you shouldn’t use.

📞 ChatGPT is going after your grandma…by allowing her to call 1-800-CHATGPT to interact with their voice model. Don’t worry, the kids also have access to it through WhatsApp. It’s impressive how OpenAI is coming up with these new ways of interacting with their model so they can collect more data to improve their systems further.

🎄 Leakd.com security researchers found 5 million credit cards in an open Amazon AWS S3 bucket. These were embedded in 5 TBs of screenshots that appear to be linked to scammers tricking victims into entering their credit card info into a website for too-good-to-be-true deals. Christmas is ruined.