Equality amongst cybercrime, really?

Mar 07 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s spreading like Covid during “eat out to help the virus get about.”

Today’s hottest cyber security stories:

  • Cybercrime trounces cybersecurity on gender equality, study reveals
  • “Critical vulnerabilities” mean the tail could end up Wago-ing the dog
  • Checkmate! Royal Ransomware returns


It turns out cybercrime is ticking all the right boxes when it comes to gender equality (or equity, we should say). That’s what a recent study suggests, at least.

How do we know? Well, the study by Trend Micro claims that at least 30 percent of cybercrime forum users are women.

For its study, Trend Micro looked at five English-language cybercrime forums:

  • Sinister
  • Cracked
  • Breached
  • Hackforum
  • Raidforum (now defunct)

Who names these things?! And it inspected five Russian-language sites. These were:

  • XSS
  • Exploit
  • Vavilon
  • BHF
  • WWH-Club

FYI, Trend Micro is an American Japanese cybersecurity giant which operates globally.

On the flipside, cybersecurity has historically been found severely wanting in this regard. As Michelle Obama would say: “Be better!”

Indeed, the study reported: “When compared to Stack Overflow, a developer and programming forum, only 12 percent of visitors were female.”

Now, are we to draw from this that the dark and dingy realm of cyber-scams and the like is more progressive and inclusive than ‘the good guys’, so to speak. If so, this isn’t great optics, cyber-guardians of the cyber-galaxy.

Equality versus equity

On a separate (and politically charged!) note, should we be striving for equity? Equity means each gender/race/sexual orientation should be represented proportionally in ALL fields.

The problem with this is that it assumes that umm let’s say women, want to pursue jobs in, for example, cybersecurity at the same rate that men do. Which is hardly a given!

We want more binwomen!

And funnily enough, those who so vehemently push for equity (equality of outcome) don’t seem too fussed about the gender demographics of, oh – don’t know: binmen… Sorry, binpersons… Bin people? Never mind. Food for thought, eh?

Okay, rant over. For now.


German industrial automation solutions provider Wago (woah, mouthful!) had a scare this week when it became apparent that hackers could very easily take FULL CONTROL of its coveted PLCs (programmable logic controllers).

If this happened, it would be a disastrous case of the dog wagging the tail. Not much fun in a dangerous manufacturing plant.

Hang on, what the hell is a PLC?

Sounds important, huh? Well, it is. PLCs are industrial computers that have been ruggedized (cool word; means hardwearing) and adapted for the control of manufacturing processes, such as:

  • Assembly lines
  • Machines
  • Robotic devices
  • Or any activity that requires:
    • High reliability (ironic!)
    • Ease of programming
    • Process fault diagnosis (Uh-oh!)

So yeah, kind of bad if they fall into the wrong hands. A bit like the ring from Lord of the Rings. “Shut up, nerd!” Fine.

Wago has released patches for several of its PLCs to address FOUR vulnerabilities, including ones that can be exploited to take full control of the targeted device.

The “critical vulnerabilities” were discovered by Ryan Pickren from the Georgia Institute of Technology’s Cyber-Physical Security Lab.

The issues were identified by the researcher as part of a PhD project on the security of industrial control systems (ICS).

Pickren previously earned big bucks from Apple for camera hacking vulnerabilities and an exploit that could have been leveraged to hack a user’s online accounts and webcam.

Sorry, did you say webcam? ????

During the analysis of Wago PLCs, the researcher discovered several vulnerabilities in the web-based management interface designed for administering, commissioning and updating devices.

Let’s hear it for the good faith security researchers. Keep Pickren apart our cyber-systems, Ryan! Geddit?


The infamous Royal ransomware, which was running riot last year, is back once again. Yes, the King has indeed returned. Hmm lots of LOTR references today. Weird.

“After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems,” CISA (American Cybersecurity and Infrastructure Security Agency) reported.

The custom ransomware program, which has targeted U.S. and international organizations since September 2022, is believed to have evolved from earlier iterations that were dubbed Zeon. Wasn’t that Buzz Lightyear’s enemy in Toy Story? Nope: Zurg. Our mistake.

That’s not all!

What’s more, it’s said to be operated by seasoned threat actors who used to be part of Conti Team One, cybersecurity company Trend Micro disclosed in December 2022.

The ransomware group employs call back phishing as a means of delivering their ransomware to victims, a technique widely adopted by criminal groups that splintered from the Conti enterprise last year following its shutdown.

Other modes of initial access include:

  • Remote desktop protocol (RDP)
  • Exploitation of public-facing applications
  • Via initial access brokers (IABs)

Ransom demands made by Royal have ranged from $1 million to $11 million, with attacks targeting a variety of critical sectors, including:

  • Communications
  • Education
  • Healthcare
  • Manufacturing

Hmm maybe Harry and Megan aren’t so bad…. As far as ‘Royals’ go. Stay safe, true believers!

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles