LockBit ransomware dismantled, Google tricked AI, Email platform threatened

The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

LockBit ransomware dismantled, Google tricked AI, Email platform threatened

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-19362">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/12/LockBit-ransomware-dismantled-Google-tricked-AI-Email-platform-threatened.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H1M54S">1:54</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-19362" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-19362" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-19362" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-19362" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/lockbit-ransomware-dismantled-google-tricked-ai-email-platform-threatened/&t=LockBit ransomware dismantled, Google tricked AI, Email platform threatened" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/lockbit-ransomware-dismantled-google-tricked-ai-email-platform-threatened/&url=LockBit ransomware dismantled, Google tricked AI, Email platform threatened" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/12/LockBit-ransomware-dismantled-Google-tricked-AI-Email-platform-threatened.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/lockbit-ransomware-dismantled-google-tricked-ai-email-platform-threatened/" class="input-link input-link-19362" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-19362" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-19362” readonly/>

					<button class="copy-embed copy-embed-19362" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

If you are wondering why you have to read about these cybersecurity incidents around the world, it’s because we **wish to safeguard you from threat attacks. Yes, the holiday season is one of the best times for cybercriminals, and it is the festive mood that they exploit the most to achieve their purpose.

Just before you set out to soak in the Christmas and New Year vibe s, here’s our weekly bulleting, which will help you steer clear of any kind of cyberattack by keeping you well-informed about the cyber trends, latest happenings, and security measures and tactics.

Let’s not waste any more time and start with a fresh dose of cybernews!

LockBit ransomware dismantled by US law enforcement agencies!

51-year-old Rostislav Panev was arrested back in August 2024 in Israel and is currently facing extradition to the US. He holds dual citizenship in Israel and Russia. It is believed that he had a critical involvement in the origin of the LockBit ransomware gang. Along with Rostislav, two other accused will also be extradited to the **US as experts believe that they were also a part of the LockBit gang.

Rostislav has been accused of working on LockBit ransomware since 2019. At the time of the arrest, Rostislav had access to admin credentials of LockBit’s Drak Web online repository with ransomware’s source code. He also had access to the source code for StealBit, an affiliate tool that is used to exfiltrate the stolen data. Rostislav also had **complete access to the LockBit control panel that is used by affiliates.

The **Justice Department **is working incredibly hard to disrupt the LockBit ecosystem and identify and punish the involved threat actors.

Google gets fooled by AI-generated decoy content!

Threat actors have cracked an innovative way to dupe malvertising detection engines on the Google Ads platform . Cybercriminals buy Google Search ads and use AI to create ad pages with unique content. These decoy content pages do not have any hint of maliciousness. The ultimate goal of these decoy content pages is to attract naive visitors to phishing sites in order to wipe out credentials and sensitive data.

Malvertising enables threat actors to rank malicious ads high up in the SERPs. Threat actors prefer to mimic renowned brands. Then, they replicate **content and web pages in a way that diverts users to either phishing pages or downloading malware.

Threat actors generally target consumers as well as the **corporate sector with malvertisement campaigns.

The cybersecurity world calls these decoy content pages white pages. Experts believe that cybercriminals are churning out more and more decoy pages to create a sense of deception and trick naive users.

Human users often fail to differentiate between a **legitimate webpage and a decoy page. The decoy content is designed in a way that makes it seem funny, engaging, and unique.

The steep surge in the number of high-ranking decoy pages is happening because of artificial intelligence. Google and other **major ad distribution networks have been trying to combat the issue. But malvertisers have managed to stay a step ahead.

Some of the most spoofed brands in malvertising campaigns are reputed and credible brands like Amazon, Rufus, Weebly, NotePad++, and TradingView.

This famous free email platform is facing AI-driven threat attacks!

Gmail is on the radar of AI-driven threat attacks. With 2.5 billion users, Gmail is one of the largest targets of similar attacks. Threat actors consider Gmail to be a treasure trove of priceless data that can be found in email inboxes. This famous free email platform is facing AI-driven threat attacks, highlighting the critical need for robust email security measures such as DMARC, SPF, and DKIM to protect users.

Google Calendar notification attack is going on at present, which involves cybercriminals changing sender headers so that the emails appear to be coming from a legitimate or known individual._ Google has also warned its users against a second wave of potential attacks, such as invoice-based phishing and online extortion_.

The renowned security vendor McAfee has issued a warning against scammers who are using AI to come up with realistic and convincing fake videos and audio recordings. The idea is to present fake content as authentic to dupe innocent users.

The easy accessibility and affordability of deepfake technology are making it easy for scammers with no prior experience to create realistic content.

McAfee and other experts suggest that users must double-check every email, message, and call through credible alternate methods. Also, using security tools that help in deepfake detection can be of great help. Google has warned users against typing in personal information, clicking on any links, or downloading an attachment. Also, they have advised you to visit myaccount.google.com/notifications to check any recent security activity. This will further help users understand the credibility of the email they have received in their inbox.