Security News Microsoft targets CAPTCHA-cracking bot ring allegedly responsible for 750M fake accounts

[vtqhtr413]

Content source

https://www.geekwire.com/2023/microsoft-targets-captcha-cracking-bot-ring-allegedly-responsible-for-750m-bogus-accounts/

Microsoft secured a court order to sieze and take down websites used by a group that it describes as the “number one seller and creator of fraudulent Microsoft accounts,” which deployed bots capable of tricking the CAPTCHA systems normally used to confirm that humans are creating accounts.

The group, which Microsoft calls Storm-1152, also routinely circumvented the authentication systems of other major technology companies, including Twitter (X) and Google, according to a Microsoft complaint unsealed Wednesday afternoon in the U.S. District Court for the Southern District of New York.

The group “represents a significant industry-wide problem,” the complaint says.

Bots deployed by Storm-1152 were responsible for about 750 million fraudulent Microsoft accounts, the company said. One reason they needed to create so many was that the company’s fraud detection systems identified and disabled the accounts quickly, often in a matter of hours after they were created.

Microsoft targets CAPTCHA-cracking bot ring allegedly responsible for 750M fake accounts

As shown in court documents, this is the 1stCAPTCHA site where Microsoft says the defendants sold CAPTCHA-solving tokens obtained by a fleet of bots. This

www.geekwire.com

The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly became inaccessible without warning.

Affiliates associated with NoEscape claimed that the ransomware operators pulled an exit scam, stealing millions of dollars in ransom payments and shutting off the operation's web panels and data leak sites. NoEscape is believed to be a rebrand of the Avaddon ransomware operation, which shut down in June 2021 and released their decryption keys to BleepingComputer.

LockBit ransomware now poaching BlackCat, NoEscape affiliates

The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams.

www.bleepingcomputer.com

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks. OLVX follows a recent trend where cybercrime marketplaces are increasingly hosted on the clearnet instead of the dark web, making them more accessible to a broader range of users and possible to promote through search engine optimization (SEO).

ZeroFox researchers, who first identified OLVX in early July 2023, have reported a substantial uptick in activity on the new marketplace in the fall, noting a rise in both sellers and buyers. This rise in OLVX's popularity is attributed to SEO efforts from the market's admins, advertisements on hacker forums, promotion through the platform's dedicated Telegram channel, and the hacking community's "word of mouth.".

New cybercrime market 'OLVX' gains popularity among hackers

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks.

www.bleepingcomputer.com