2021 has been a banner year in terms of the frequency and diversity of cybersecurity breaking news events, with ransomware being the clear headline-winner. While the DarkSide group (now, in theory, retired) may have captured the spotlight early in the year due to the Colonial Pipeline attack, REvil — the ransomware-as-a-service group that helped enable the devastating Kaseya mass ransomware attack in July — made recent headlines as they were summarily shuttered by the FBI in conjunction with Cyber Command, the Secret Service, and like-minded countries.
This was a well-executed response by government agencies with the proper tools and authority to accomplish a commendable mission. While private-sector entities may have participated in this effort, they will have done so through direct government engagement and under the same oversight.
More recently, the LockBit and Marketo ransomware groups suffered distributed denial of service (DDoS) attacks, as our colleagues at IntSights reported, in retaliation for their campaigns: one targeting a large US firm, and another impacting a US government entity.
The former of these two DDoS attacks falls into a category known colloquially as “hack back." Our own Jen Ellis did a deep dive on hacking back earlier this year and defined the practice as “non-government organizations taking intrusive action against a cyber attacker on technical assets or systems not owned or leased by the person taking action or their client."
The thorny path of hacking back
Hack back, as used by non-government entities, is problema ..
Support the originator by clicking the read the rest link below.
