Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Criminals. Show all posts
Social Media
AI technology ChatGPT ChatGPT. OpenAI Cyber Attacks Cyber Criminals Fake Accounts Open AI Social Media

OpenAI’s Disruption of Foreign Influence Campaigns Using AI

 

Over the past year, OpenAI has successfully disrupted over 20 operations by foreign actors attempting to misuse its AI technologies, such as ChatGPT, to influence global political sentiments and interfere with elections, including in the U.S. These actors utilized AI for tasks like generating fake social media content, articles, and malware scripts. Despite the rise in malicious attempts, OpenAI’s tools have not yet led to any significant breakthroughs in these efforts, according to Ben Nimmo, a principal investigator at OpenAI. 

The company emphasizes that while foreign actors continue to experiment, AI has not substantially altered the landscape of online influence operations or the creation of malware. OpenAI’s latest report highlights the involvement of countries like China, Russia, Iran, and others in these activities, with some not directly tied to government actors. Past findings from OpenAI include reports of Russia and Iran trying to leverage generative AI to influence American voters. More recently, Iranian actors in August 2024 attempted to use OpenAI tools to generate social media comments and articles about divisive topics such as the Gaza conflict and Venezuelan politics. 

A particularly bold attack involved a Chinese-linked network using OpenAI tools to generate spearphishing emails, targeting OpenAI employees. The attack aimed to plant malware through a malicious file disguised as a support request. Another group of actors, using similar infrastructure, utilized ChatGPT to answer scripting queries, search for software vulnerabilities, and identify ways to exploit government and corporate systems. The report also documents efforts by Iran-linked groups like CyberAveng3rs, who used ChatGPT to refine malicious scripts targeting critical infrastructure. These activities align with statements from U.S. intelligence officials regarding AI’s use by foreign actors ahead of the 2024 U.S. elections. 

However, these nations are still facing challenges in developing sophisticated AI models, as many commercial AI tools now include safeguards against malicious use. While AI has enhanced the speed and credibility of synthetic content generation, it has not yet revolutionized global disinformation efforts. OpenAI has invested in improving its threat detection capabilities, developing AI-powered tools that have significantly reduced the time needed for threat analysis. The company’s position at the intersection of various stages in influence operations allows it to gain unique insights and complement the work of other service providers, helping to counter the spread of online threats.
Read more »
Threat Intelligence
Business Security CISOs Cyber Criminals Cyber Security Threat Intelligence

Here's Why Attackers Have a Upper Hand Against CISOs

 

Security experts have an in-depth knowledge of the technical tactics, techniques, and procedures (TTPs) that attackers employ to launch cyberattacks. They are also knowledgeable about critical defensive methods, such as prioritising patching based on risk and creating a zero-trust policy. 

However, the world for business security appears to be one step behind hackers, who successfully launch an increasing number of attacks year after year. Here's one reason: many CISOs underappreciate, overlook, and sometimes underestimate all of the knowledge that hackers bring to the table — the nontechnical insights that they use to gain an advantage. 

“Hackers know that the average CISO has a lot on their plates and they don’t have enough [resources] to get everything done. So CISOs really have to pay attention to what hackers are doing and what they know so they can best defend against them,” stated Stephanie “Snow” Carruthers, chief people hacker at IBM.

So, what do hackers know that may not be credible? According to security researchers, these are three main hacking tactics that may go unnoticed by CISOs. 

Hackers know business schedule 

It's not a coincidence that many attacks occur during the most challenging times. Hackers do boost their attacks on weekends and holidays when security teams are understaffed. They're also more likely to strike just before lunchtime and at the end of the day, when employees are rushed thereby less aware of red indicators indicating a phishing attack or fraudulent behaviour.

“Hackers typically deploy their attacks during those times because they’re less likely to be noticed,” stated Melissa DeOrio, global threat intelligence lead at S-RM, a global intelligence and cybersecurity consultancy.

DeOrio agrees that many hackers are based in regions where daytime working hours overlap with non working hours in the Americas and Western Europe. However, she claims that research suggests that hackers exploit this disparity by timing their attacks. 

Furthermore, Tomer Bar, vice president of security research at SafeBreach, adds that threat actors seek out moments of organisational upheaval (e.g., mergers, acquisitions, layoffs, etc.) to exploit. "Threat actors will try to launch an attack at the most difficult time for the CISO and the blue team.” 

To counter this hacking technique, long-time security leaders encourage CISOs to include it into their own defence strategies. They should use third-party services during off-business hours to supplement the security team's work schedule, increase automation to improve staff efficiency at all hours, add extra layers of security such as more monitoring or tighter filters at times of increased risk, ensure priority security work is completed before busy times such as holidays, and educate all employees about the heightened risks that exist during such times. 

Gathering insights on organisations 

The attackers actively gather open-source intelligence (OSINT) in order to plan attacks. It's hardly unexpected that hackers seek out information on transformative events such as large layoffs, mergers, and the like, she says. However, CISOs, their teams, and other executives may be astonished to hear that hackers hunt for news about seemingly innocuous activities such as technology installations, new alliances, hiring sprees, and CEO schedules that show when they are away from the office. 

To counter this, CISOs can monitor OSINT about their organisations, collaborate with other executives on announcements and their timing, and run simulations on how such announcements play out from a business perspective. All of this allows CISOs and their teams to see what hackers see, better understand their thinking, and prepare for potential targeted attacks. 

Ignorant corporate culture 

Security awareness training typically demands employees to take time to review emails or think through requests to help determine whether a request is legitimate or suspicious. Yet workplace culture today generally works against that approach, Huffman notes. “We praise ourselves for putting ourselves in an emotional hot state,” he says, pointing to job postings that use phrases such as “fast-paced,” “dynamic” and “high-intensity” to describe the workplace culture as evidence. 

According to Huffman, Employees do not have — nor are they encouraged to take — extra time to review incoming messages (whether via email, phone, video, text, or other means). "And that's why hackers are successful: they catch us in constant emotional hot states when you're clicking through 1,000 emails.”
Read more »
Vulnerability
Awareness Cyber Criminals Cyber Fraud Cybersecurity elderly Financial Loss fraud prevention Online Scams Scams vigilance Vulnerability

India's Digital Rise Sees Alarming Surge in Online Scams Targeting the Elderly

 

With India advancing in the digital landscape, the country is also witnessing a concerning rise in online scams. In recent months, thousands of individuals have lost substantial sums to these cyber criminals, either hoping to earn more money or after being threatened. Scammers employ new tricks, targeting people across all age groups, with a notable increase in elderly victims. Cyber criminals use increasingly sophisticated techniques to exploit the vulnerability and trust of senior citizens, causing significant financial and emotional distress.

In one case from Bengaluru, a 77-year-old woman named Lakshmi Shivakumar lost Rs 1.2 crore to a scam. It began with a call from someone posing as a Telecom Department representative, falsely claiming a SIM card in her name was involved in illegal activities in Mumbai. The caller mentioned a complaint with the Mumbai Crime Branch to add credibility.

Within hours, she received another call from individuals impersonating Mumbai Crime Branch officers, accusing her of laundering Rs 60 crore and demanding her bank account details for verification. Using threats of arrest and showing a fabricated FIR and arrest warrant, the scammers coerced her into sharing her bank details, ultimately transferring Rs 1.28 crore from her account, promising the money's return after the investigation.

In another case from Chandigarh, an elderly woman was deceived out of Rs 72 lakh under the pretense of a digital arrest scam. She received a call from someone claiming to be from the Central Bureau of Investigation (CBI) office in Andheri, Mumbai, falsely implicating her in a drug case connected to a man named Naresh Goyal and threatening to freeze her bank accounts.

The scammer linked her ATM card to the suspect and claimed obscene messages from her phone were circulating. Under immense pressure, she complied with the demands, participating in a video call where a fake police ID was shown. Over a week, the scammers defrauded her of Rs 72 lakh, promising to return the money after proving her innocence.

Older people are particularly vulnerable to such scams due to several reasons. They often struggle to keep up with the latest technology and digital security measures, making them easy targets for tech-savvy criminals. Additionally, older adults are more likely to trust authoritative figures and may not recognize the signs of deceit in official-looking communications. Their financial stability and natural inclination to trust and cooperate with law enforcement further increase their susceptibility.

How to stay safe and protect the elderly from scams

To protect the elderly from falling prey to such scams, awareness and vigilance are crucial. Here are some essential tips:

  • Inform elderly family members about common types of scams and the tactics used by fraudsters. Regular discussions can help them recognize and avoid potential threats.
  • Encourage seniors to verify any unsolicited calls or messages by contacting the official organization directly using known contact details, not the ones provided by the caller.
  • Ensure that devices used by the elderly have updated security software to protect against malware.
Read more »
Malware attacks
Credential stealing Cyber Attacks Cyber Criminals Cyber Security Data data stealing Data stealing malware Kaspersky Malware attacks

Data-Stealing Malware Infections Surge by 600% in Three Years, Kaspersky Reports

 

The digital landscape has become increasingly treacherous, with a startling surge in data-stealing malware compromising millions of devices worldwide. According to cybersecurity firm Kaspersky, the number of devices infected with data-stealing malware has skyrocketed by over 600% in the past three years alone. This alarming trend underscores the urgent need for heightened vigilance and robust cybersecurity measures to safeguard personal and corporate data in an era plagued by relentless cyber threats. 

Kaspersky's Digital Footprint Intelligence data paints a grim picture, revealing that the number of compromised devices reached a staggering 10 million in 2023, marking a 643% increase since 2020. The threat posed by data-stealers has escalated exponentially, posing a significant risk to both consumers and businesses alike. What's particularly concerning is the sheer volume of log-in credentials pilfered by cybercriminals from infected devices. 

On average, each compromised device surrenders a staggering 50.9 log-in credentials, encompassing a wide array of sensitive accounts ranging from social media and online banking services to cryptocurrency wallets and email accounts. This abundance of stolen credentials fuels the illicit underground economy, where cybercriminals peddle stolen data for profit. The actual scope of the problem may be even more extensive than reported, as Kaspersky's data draws insights from infostealer malware log files traded on underground markets. 

The clandestine nature of these transactions makes it challenging to quantify the full extent of the threat landscape accurately. According to Sergey Shcherbel, a cybersecurity expert at Kaspersky Digital Footprint Intelligence, the dark-web value of log files containing login credentials varies depending on their appeal and the method of sale. These credentials may be sold through subscription services, aggregators catering to specific requests, or exclusive shops offering freshly acquired login credentials to select buyers. 

Prices typically start at $10 per log file, highlighting the lucrative nature of stolen data in the cyber underground. The impact of data-stealing malware extends beyond individual devices, with a staggering 443,000 websites worldwide falling victim to compromised credentials in the past five years alone. In the .in domain associated with India, compromised accounts surged to over 8 million in 2023, underscoring the global reach and pervasive nature of the threat. 

As the threat landscape continues to evolve, organizations and individuals must prioritize cybersecurity as a fundamental aspect of their digital hygiene practices. Proactive measures such as robust antivirus software, regular software updates, and user education can help mitigate the risk of data breaches and protect sensitive information from falling into the wrong hands. 

The exponential rise in data-stealing malware serves as a stark wake-up call for individuals and organizations worldwide. By staying vigilant, informed, and proactive in combating cyber threats, we can collectively fortify our defenses and safeguard against the perils of the digital age.
Read more »
scam tactics
Cyber Criminals Cyber Fraud Cyber Scam Cyber Threats CyberCrime Delhi cybercrime rise Delhi Police digital house arrest forged letterheads Fraud Online fraud police alert scam tactics

Delhi Police Alerts Citizens to New Cyber Scam

 

Authorities in Delhi are cautioning residents to remain vigilant against a recent surge in cyber fraud cases known as ‘digital house arrest,’ with over 200 incidents reported monthly in the capital.

Described as a serious threat by senior officials, this tactic employed by cybercriminals aims to coerce victims into parting with their money once ensnared in their schemes.

In this scheme, scammers posing as law enforcement officers deceive victims into believing their bank accounts, SIM cards, Aadhaar cards, or other linked documents have been compromised. The victims are then virtually confined to their homes and pressured into paying the scammers.

According to a senior officer from the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police, cases involving amounts exceeding Rs 50 lakh are investigated by their specialized team.

In a recent case, a man preparing for work received a call from someone claiming to be from the Mumbai Crime Branch. The caller accused the victim of involvement in drug trafficking using his Aadhaar card and instructed him not to leave his house during a prolonged interrogation session. The victim, fearing repercussions, complied. Eventually, the scammers gained remote access to his computer, drained his bank account, and vanished.

These fraudsters often employ forged police letterheads and use translation tools to enhance their communication. They specifically target vulnerable individuals, such as the elderly. Victims are urged to immediately report such incidents to the police helpline for assistance.

According to the National Crime Records Bureau (NCRB), cybercrime cases in Delhi nearly doubled in 2022, with reported incidents increasing from 345 to 685. This marks a significant rise from the 166 cases reported in 2020.
Read more »
Phishing messages
Cyber Criminals Cyber Scams Cyber Security CyberCrime cybercrime gang Phishing messages

Cybercriminals Target Facebook Users with Malicious 'Look Who Died' Messages

'Look Who Died' Facebook Scam

In recent times, Facebook scams and fraud have been on the rise, with scammers finding new ways to exploit the platform for their malicious activities. The latest attention-grabbing scam to hit Facebook is the "Look who died" scam, which targets users seeking information about the death of a friend or celebrity. This article will delve into the details of the scam and provide expert advice on how to protect yourself from falling victim.

The 'Look Who Died' Scam: A Threat to Personal Data Security

The 'Look who died' scam operates by sending Facebook users messages with enticing subject lines like "Look who died." Curiosity prompts users to click on the link, expecting to find news or information related to the mentioned death. However, instead of being redirected to a legitimate news article, users unknowingly download a malware virus onto their computers or devices.

The Exploitative Tactics of Scammers on Facebook

As more people join Facebook and engage with its features, scammers are finding new ways to deceive and defraud users. Carey van Vlaanderen, a digital security expert and CEO of ESET Southern Africa, highlights the use of impersonation, fake promotions, and malware spread as some of the tactics scammers employ. Unfortunately, falling victim to these scams can result in financial loss and identity theft.

Identifying and Protecting Yourself from Facebook Scams

Van Vlaanderen emphasizes the need for caution and vigilance when using Facebook. She advises users to be wary of unusual requests or sensitive information being asked for, as these could be warning signs of a potential scam. To verify the authenticity of a message from a Facebook friend, Van Vlaanderen suggests checking for any sudden profile changes or strange posts that may indicate a compromised account.

The Wider Impact of Cybercrime and the Need for Protection

The rise in cybercrime is not limited to Facebook scams but extends to various forms of online attacks. According to experts from the Council for Scientific and Industrial Research (CSIR), cyber-attacks cost the country billions of rands annually. The digitalization era has seen an increase in cybercrime, posing risks to government institutions, large corporations, and small and medium-sized businesses. Financial and data loss, identity theft, and cyber extortion are significant concerns for individuals and organizations alike.

Urgent Action Required: Protecting Against Cybersecurity Breaches

Recent cybersecurity breaches, such as the one that affected the provincial legislature, highlight the urgency of addressing cyber threats. The lack of transparency surrounding such attacks and their implications raises concerns about preparedness and response strategies. ANC chief whip Pat Lekker has called for a debate on the cyberattack, emphasizing the need for open dialogue and effective measures to combat cybercrime.

Shifting Privacy Paradigm and Building Trust

Erhard Brand, a research and development lead at IT authentication company Entersekt, points out that digital privacy concerns are changing how companies handle personal and biometric data. Empowering individuals with control over their privacy fosters an environment of trust. As technology advances, it becomes crucial for companies to prioritize data security and privacy protection.

The 'Look who died' scam on Facebook serves as a reminder of the ever-present threat of online scams and fraud. To protect yourself from falling victim to such scams, exercise caution, be vigilant for warning signs, and adopt best practices for online security. As the cybercrime landscape evolves, individuals, businesses, and governments must work together to combat cyber threats, ensuring a safer digital environment for all.

Read more »
Ransomware
Cyber Attacks Cyber Criminals Cybersecurity DMARC Email Phishing HTML Infrastructure phishing Ransomware

Emails With HTML Attachments are Still Popular Among Phishing Scammers

 


Cybercriminals are increasingly using malicious HTML files to attack computers, according to a recent study conducted by security researchers. In addition to this, Barracuda Networks' study also revealed that malicious files now account for over half of all HTML attachments sent via email. There has been a significant increase in applications compared to last year. 

Is there a phishing scam using HTML attachments you know of? To prevent cybercriminals from contacting C7C servers to download crypto-malware, Trojan horses, or other nasty nasties through email, HTML attachments are sent instead of email. 

Phishing scams based on HTML emails have been around for a long time, but people aren't aware of them, and they are increasingly falling for the same. 

There is a high chance that you checked your email more than once this past weekend. This is despite it being a holiday weekend for many people.

Even though HTML files continue to be one of the most common attachments used in phishing scams in 2022, it shows that the method is still one of the most effective methods of getting past spam detection software and delivering spam to targets who are looking for it. 

HTML (HyperText Markup Language) is a markup language developed to display documents created for display in a web browser, according to Wikibooks. The capabilities of technologies such as Cascading Style Sheets (CSS) and programming languages such as JavaScript can make it easier to do this.

It is possible to render HTML documents as multimedia web pages using a web server or a local storage device that receives HTML documents from a web server. An HTML document describes the semantics of a web page and includes clues that indicate how it should appear to the end user. HTML can also describe the content of a web page. 

When victims are sent phishing emails using HTML files, they are frequently directed to malicious websites, downloaded files, or phishing forms that can be displayed locally within their browsers on their computers.

It is common for email security software to overlook attachments when delivering messages to targets since HTML does not pose a threat to the recipients; as a result, messages are delivered successfully to their inboxes. 

Something is interesting about this recent increase in malicious HTML files. This does not seem to be the result of mass attack campaigns in which hackers send the same attachments to many victims. 

To protect against cyberattacks, it is now more imperative than ever to implement appropriate cybersecurity measures. The key to preventing such attacks is what the report uses as an example of how to prevent them. 

It has been reported that the cybercriminal groups DEV-0238 and DEV-0253 have also been using HTML smuggling to deliver keyloggers through HTML attachments they have sent using HTML smuggling. HTML smuggling has also been associated with the cybercriminal group DEV-0193 delivering Trickbot malware through HTML smuggling. 

HTML attachments are used in phishing attacks 


HTML attachments spammed by phishing sites are the most common type of HTML attachment. There is generally no malicious code within the HTML file itself. This means it does not have any malicious code that launches arbitrary code into the system even though it looks benign. Despite this, it is recommended to treat this attachment with caution. By mimicking the look of a sign-in page for a service such as Microsoft, Google, or a major online bank, the scam could lead to the user entering their credentials into the form and submitting it, resulting in a malicious website that takes over their account. 

When it comes to spam forms and redirection strategies in HTML attachments, hackers usually use several tactics for implementation. These tactics range from simple redirections to obfuscating JavaScript to disguise phishing forms to steal personal information. 

A secure email gateway and antivirus solution can check email messages for attachments to see if they contain malicious URLs, scripts, or other threats. This could threaten users' security. 

The majority of cybercrime attacks are composed of malicious phishing forms or redirects created using JavaScript in HTML attachments. This is done to avoid detection. 

Considering that malicious files can damage your device and your organization, it has become increasingly important to ensure you take the necessary precautions to keep yourself safe from them. It is imperative to know how to prevent such attempts by taking the following precautions: 

The infrastructure of your email system will be crucial in this case. Antivirus software and firewalls should be updated regularly to function properly. Furthermore, a solid plan of action must be implemented for data loss prevention. DMARC protocols should be defined for your domain as the most effective way to ensure communications security. 

Authenticating with two-factor authentication is necessary, followed by zero-trust access based on multi-factor authentication. You can be sure that your employees will be protected even if they fall victim to hacker attacks, credential theft, and phishing. This is because they will evaluate their credentials, device, location, time zone, and history of access and limit breaches. 

The importance of employee training on recognizing and reporting malicious HTML attachments shall be recognised. Employees must be trained on how to recognize and report attachments from unknown sources, especially those containing malware. Cybersecurity threats can have serious consequences for a business organization if it is not prevented.

Certainly, obfuscation is one of the common denominators among all the spammed HTML attachments in this case. Having to deal with a threat like this at the email gateway layer demonstrates just how difficult it is to detect.
Read more »
VCRT
AML cryptocurrency Cyber Attacks Cyber Criminals FBI KYC Ransomware VCRT

Cryptocurrency Exchanges Linked to Ransomware

 


Nine cryptocurrency exchange websites have been taken down by the FBI and the Ukrainian police in a daring joint operation. Cybercriminals and ransomware gangs use these websites to launder money for cybercriminals. This is because these websites facilitate money laundering by criminals operating online. Ukrainian prosecutors' offices and the Virtual Currency Response Team were also involved in the operation. 

Several virtual currency exchange services were seized by the FBI on Monday. These services may have been used by cybercriminals to launder money obtained through ransomware hacks. As a result of a collaboration between the FBI's Detroit Field Office and Ukrainian police, the Detroit FBI field office seized virtual currency exchanges used by criminals for anonymous transactions, the United States Department of Justice has announced. 

There is a press release that states that the FBI also received support from the Virtual Currency Response Team (VCRT), the National Police of Ukraine, and the regional prosecutors as a result of the 'crypto exchanges' operation. 

  1. 24xbtc.com 
  2. 100btc.pro 
  3. pridechange.com 
  4. 101crypta.com 
  5. uxbtc.com 
  6. trust-exchange.org 
  7. bitcoin24.exchange 
  8. paybtc.pro 
  9. owl.gold 
These websites allow you to anonymously buy Bitcoin, Ether, and other cryptocurrencies. They offer Russian and English exchange services with few Know Your Customer (KYC) or Anti-Money Laundering (AML) restrictions. In addition to online forums dedicated to criminal activity, websites are also advertised. 

These exchange servers have been shut down, and their domain names have been taken over by US authorities. Several exchanges were accused of offering anonymous cryptocurrency exchange services to website visitors. These visitors included cybercriminals, scammers, and many other bad actors, offering these services anonymously to site visitors. 

The FBI has accused these crypto exchanges of being used by cyber criminals, including scammers, ransomware operators, and hackers, for laundering money. Additionally, the FBI stated that these exchanges did not have a license. This acted as support for criminal activities under US laws. 

Two servers were confiscated. These servers were located in different parts of the world including the US, Ukraine, and several European countries. Cybercriminals used the exchanges to launder money from illegal activities, and the authorities are using the seized infrastructure to identify and track down those hackers.

It should be noted that both the English and Russian-language exchanges that offered similar services and avoided money laundering were censured by the FBI for the lack of anti-money laundering measures and the collection of Customer knowledge information, or none at all. The FBI claims that these sorts of unlicensed, rogue exchanges are one of the most critical hubs of the cybercrime ecosystem. 

Users have been able to convert their cryptocurrency into coins that are more difficult to track down on websites that have been seized anonymously. Hackers disguised the source of the money they stole and avoided detection by law enforcement agencies.

There is a lot of variety on these sites. Users can get live help and instructions in both Russian and English covering a wide range of cybercrime communities. 

The FBI's announcement indicates that noncompliant virtual currency exchanges that operate in violation of the United States Code, Sections 1960 and 1956, act as hubs for cybercrime. They have lax anti-money laundering programs and collect little information about their customers. These exchanges are significant cybercrime centers.

A search was conducted at the home of former FTX executive Ryan Salame early this month. This was part of the FBI's investigation into Salame's role as an advisor to Bankman-Fried at the time. 

During an operation conducted by the FBI and Ukrainian police, the FBI and Ukrainian police took down nine websites known as 'crypto exchanges'. These websites were well known for serving as money launderers for ransomware groups and cyber criminals. As part of an organized campaign, the daring action was undertaken by a cybercriminal who wanted to destroy the digital infrastructure that allows him to make money from his malicious actions by “interfering” with it and using it for his malicious goals. 


Read more »
Vulnerabilities and Exploits
Cyber Criminals Intelligent Mining Mining Online Security security threat South Africa Vulnerabilities and Exploits

New Cybersecurity Vulnerabilities are Being Discovered Using 'Intelligent Mining'

 

When brute force attacks shut down operations and force mines to pay a ransom, "intelligent mining" activities have emerged as the gold mine for cybercriminals. 

Dr. Pierre Jacobs, the head of cybersecurity operations and compliance at CyberAntix, a member of the Sizwe Africa IT Group, holds this opinion. According to him, cyber security breaches have reached a point where they have legalised this dishonest behaviour, giving criminals the opportunity to commit cybercrimes in conditions that are very similar to those of legitimate organisations. Lone hackers are still around and may wish to stop production for fun or to see how far they can go. 

“South African mining companies are no exception,” Jacobs stated. “The transition from traditional mining practices to intelligent mining is exposing the industry to a new frontier of cyber threats.” 

74% of internet businesses have had serious Computer breaches, according to Fortinet research, and this problem was made worse by the Covid-19 outbreak. With an 11% increase in network intrusions, the mining and manufacturing industries in particular experienced a sharp rise in infiltration activity. 

Attackers are focusing their efforts on Industrial Control Systems (ICS) in a variety of industries because these systems regulate a wide range of automated processes, including measuring devices, packaging equipment, and all the other assembly-line parts that are essential to any production process. Attackers are aware that by focusing on these systems, they might negatively impact business operations. 

Although ICS devices are frequently specific to industries and used for specialised systems or activities, they are normally less well-known than enterprise information technology (IT) devices like laptops, desktops, and smartphones. In this sector, cybercriminal activity is becoming more organised and specialised. 

The bulk of cyberattacks on mining businesses aim to disrupt corporate operations and threaten supply chains by stealing intellectual property and other important data, such as geotechnical studies and production plans. According to Jacobs, the Internet of Things (IoT) is a threat to mines with any amount of automation (IoT). Criminals frequently use email platforms as their first method of entry in all sectors. 

Any of these devices—desktops, laptops, smartphones, even the workplace printer—can serve as entry points for hackers. The fact is that mining operations in South Africa are also impacted by geopolitical concerns, rising geopolitical dangers, and intermittent conflicts between other nations, especially Western nations and China. Mines from throughout the world compete with South African exporters. Competitors worldwide would benefit from any disruption to our supply systems.

Cybersecurity breaches are caused by a number of factors, including a lack of understanding of the Industrial Internet of Things (IIoT) and the Internet of Things (IoT), supply chain weaknesses, lax security procedures used both internally and by outside contractors, identity theft, and insufficient incident response. 

"Strategies to mitigate risk should seek to identify and understand the business models and motivation of the cyber criminals. Businesses also need to understand the risks and vulnerabilities of their industry and anticipate threats," Jacobs concluded. "People, processes, and technologies all pose risks, and to address cyber security threats, it’s important to take a three-pronged approach to security – one that focuses on people, processes, and technologies. The challenge is to secure the enterprise by locking all the information entrance gates to bridge any gaps in the system. Identify critical business systems and then identify risks against those systems. Secure protocols need to be in place wherever there is a connection to the Internet. Real-time monitoring and investigation are vital." 
Read more »
US Military
Cyber Criminals Cyber Security DDoS HHS US Military

Block KillNet's DDoS Bots Using These Proxy IP Addresses

 


The US government has issued a warning about the Russian cybercrime gang stepping up its attacks against hospitals and health clinics by flooding their networks and using, as part of its warning, a free tool that is designed to help organizations defend against KillNet distributed-denial-of-service (DDoS) bots. 

Currently, tens of thousands of proxy IP addresses are listed on the KillNet open proxy IP blocklist. These IP addresses are being used by Russian hackers in their attempts to flood networks with traffic. Following the investigation that SecurityScorecard's threat researchers conducted on Killnet and other network spamming miscreants, the security company built this list of threats.

Although DDoS attacks are relatively unsophisticated, like many other attacks, they can still take a serious toll, especially when they disrupt hospitals, according to a recent blog post by the security firm using KillNet as an example. 

A website taken down by the Russian gang toward the end of January was one of 14 hospitals targeted in the United States. The University of Michigan Hospitals and Health Centers, Stanford Hospital, Duke University, and Cedars-Sinai Medical Center, among others, were some of the hospitals. There are several reasons for using DDoS attacks, one of which is to mask more intrusive activities. 

A report released by the US Department of Health and Human Services (HHS) on Wednesday confirmed that KillNet is a threat to the healthcare sector and prompted DHS to issue a second warning. A similar security alert has been issued by the Department of Homeland Security twice in the last few months.  

It is common for pro-Kremlin supporters to attach an ideological bent to their attacks - sometimes using empty threats to convey their message. "Killmilk, one of the leading members of the KillNet group, has threatened the US Congress with the sale of the health and personal information of American citizens to attack US policies concerned with Ukraine," according to the December security alert from HHS. According to the US, the planned attack has not yet been carried out. 

In a similar vein, the gang threatened to attack ventilators and other technical devices in British hospitals if another alleged KillNet criminal arrested in London in May was not released as soon as he was arrested. 

Although KillNet may claim to have carried out attacks on the US military, it is wise to take its claims with a pinch of salt, according to HHS. Given the fact that the group tends to exaggerate, there is a possibility that some of these operational and development announcements may simply be meant to garner attention, both publicly and within the cybercrime underground. According to the FBI and private security researchers, the group's DDoS campaigns have been viewed as publicity stunts, which, as annoying as they have been, have had "limited success." 

A Public Relations Stunt That Could Turn Wrong   

KillNet claimed responsibility on October 10 for deactivating more than a dozen websites associated with US airports as part of an attack aimed at knocking the websites offline. Although the large-scale DDoS attack was disruptive, it did not disrupt air travel or harm the operation of the airports. 

As soon as someone claimed to have unleashed a second bot army against JPMorgan Chase a day later, the same criminals saw similarly feeble results. In my opinion, some PR agency is trying to increase their budget for PR. 

It was then that at the beginning of November, a US Treasury official announced that the department had halted a "pretty low-level" DDOS attack designed to disrupt critical infrastructure nodes in the department, also attributed to Killnet.  

KillNet's DDoS attacks usually do not cause major damage but they have the potential to disrupt healthcare organizations and the millions of patients they serve for hours, days, or even weeks - and this can be especially damaging to organizations and patients in the healthcare sector.  

It has been reported that these bots are flooding the network traffic of patients and doctors, preventing them from sending and receiving health information online and making it harder for patients to schedule appointments in the future.  

Furthermore, sometimes miscreants use DDoS attacks as a distraction for their security teams to keep their attention while they work on more dangerous attacks, including the theft of sensitive information or the deployment of ransomware. 

According to HHS, it is likely that pro-Russian ransomware groups, including those that were part of the defunct Conti group, will respond to KillNet's appeal and offer support. These results will most likely lead to KillNet targeting entities that will be victimized by extortion or DDoS attacks as a means of extortion, a tactic that several ransomware groups have employed.
Read more »
VR
Criminal Law Cyber Crime Cyber Criminals ICPO Interpol Metaverse Virtual Reality VR

Following a Surge in Metaverse Crimes, Interpol Promises to Implement Punishment


Real-world criminals are now attempting to conduct malicious practices in the virtual world, but this time they may as well face its repercussions. In order to assure the same, the International Criminal Police Organization (ICPO) is on its way to developing techniques that could identify authority crimes in the Metaverse to combat cyber-attacks and criminals lurking in the digital world. 

According to Secretary General Jurgen Stock, the objective of Interpol is to monitor criminal activities across the metaverse. The “sophisticated and professional” criminals are opting for advanced technological tools and tactics to commit crimes, which has to stop for the sake of online users. 

As the number of people using the metaverse rises, more crimes including data theft, money laundering, crimes against children, financial fraud, ransomware, phishing, etc. could occur. 

Stock believed that it was essential for Interpol to remain relevant and implement new technology as they were developed. He stressed the importance of Interpol's response to the problem, emphasizing how rapidly criminals are adopting new technologies for their illicit activities. 

He also noted that the company’s authorities run short of necessary resources at times, in order to carry out their jobs effectively. They have seen firsthand how if action is delayed, trust in the agency's resources and, consequently, the metaverse, may as well be tarnished. Such services are currently available, and criminals are already using them. 

What does Interpol Consider Crime in Metaverse? 

Interpol's virtual reality (VR) realm offers law enforcement a glimpse into the metaverse and a preview of the kinds of crimes that might be committed there through its secured servers. This further gives law enforcement personnel an opportunity to learn about the challenges of policing in the metaverse and test out potential solutions. 

However, Interpol’s Executive Director of Technology and Innovation Madan Oberoi notes that the firm is having trouble defining what constitutes a crime in the metaverse and spreading awareness of such crimes. “There are crimes where I don’t know whether it can still be called a crime or not. If you look at the definitions of these crimes in physical space, and you try to apply it in the metaverse, there is a difficulty,” he says. 

Moreover, the organization also asserts that one of its main tasks is informing the public about these issues. According to Oberoi, law enforcement agencies must make sure to educate themselves about the metaverse in order to effectively assist victims or potential victim users of crimes pertaining to the metaverse. 

In order to efficiently combat cybercrime, one of the best solutions Interpol may implement is to deal with regulating criminal acts in the metaverse and encourage law enforcement agencies to keep up with the technology's rapid advancement. Interpol promises to be in full force in assisting with criminal investigations and crime-solving. Interpol and its 195 member nations will cooperate to combat global cybercrime.   

Read more »
Windows
Android Atlas VPN AV-ATLAS Cyber Criminals Linux macOS malware Malware Threats Operating system Windows

Linux Malware Records a New High in 2022


While more and more devices are adopting Linux as their operating system, the popularity of the software has nonetheless attracted cyber-criminals. According to recent reports, the number of malware aimed at the software increased dramatically in 2022. 

As per the reports from observations made by Atlas VPN based on data from threat intelligence platform AV-ATLAS, as many as 1.9 million Linux malware threats were observed in 2022, bringing the figure up 50% year-on-year. 

The reports further claimed that most of the Linux malware samples were discovered in the first three months of the year. 

 Secure Operating System

In Q1 2022, researchers identified 854,690 new strains. The number later dropped by 3% in Q2, detecting 833,065 new strains. 

The number of new detections fell 91% to 75,841 in the third quarter of the year, indicating that Linux malware developers may have taken their time off. The numbers increased once more in the fourth quarter of the year, rising by 117% to 164,697. 

Despite the researcher’s observations, Linux remains one of the “highly secure operating systems.” 

“The open-source nature of Linux allows for constant review by the tech community, leading to fewer exploitable security vulnerabilities. Additionally, Linux limits administrative privileges for users and compared to more widely used operating systems like Windows, it still has less malware targeting it,” the researchers added. 

While threat actors will not stop chasing flaws in the world’s fifth most popular operating systems, businesses and consumers alike must also be on the lookout, the researchers concluded. 

Although Linux is not as popular as Windows or macOS, it is still a widely used operating system. From Android devices (which are built on Linux) to Chromebooks, video cameras, and wearable devices, to all kinds of servers (web servers, database servers, email servers, etc.) there are more than 32 million endpoints operating on Linux.  

Read more »
Trojan
Cyber Criminals Cyber Security Data Theft Safety Security Trojan

The 5 Most Common Types of Trojans You Should Know About

 

Cybercriminals create more complicated and diverse methods of obtaining sensitive data as we become more dependent on technology and entrust it with more of our personal information. There are many different types of harmful malware, including Trojan Horses. But there are various varieties of this malware. Trojan Horses come in a variety of forms and are created for various purposes. 

What are the most typical Trojan types that you should be on the lookout for? Let's quickly review what Trojan Horses are before we look at the various types of them.

The Odyssey, a work of Homer's from classical Greece, is where the phrase "Trojan Horse" first emerged. The city of Troy receives a large wooden horse as a gift, but the recipients have no idea that soldiers are concealed inside the animal. The soldiers can invade when the horse enters the city.

Similar to the original, a Trojan Horse program conceals itself in otherwise defenseless software. For instance, you might believe that an app is safe to download and install, but the developer may have added a Trojan to the program. Once the program has infected your device, it can be used for a variety of illegal activities, including remote control, data theft, and activity monitoring.

Different Trojan Types:

It's crucial to be aware of the various Trojan Horse types so you can better protect yourself.

1. Downloader trojans

The operation of downloader Trojans requires an internet connection. When a device is infected by the Trojan, it does not do anything until an internet connection is made, at which point it can download more malicious software to aid the hacker in their attack. On the infected device, this type of Trojan can also start up malicious software. They serve as a kind of opening salvo in the assault, giving the hacker a firm grip on the target.

2. Rootkit Trojan

Software tools called rootkits are utilized for remote administrative access. Frequently, unauthorized remote access serves as a launchpad for a cyberattack. The attacker can exploit the infected device by performing a variety of different tasks with administrative access provided by a rootkit Trojan. A cybercriminal might, for instance, run another malicious programme, steal confidential login information, or listen in on personal communications.

3. Fake Antivirus Trojans

False antivirus Trojans, as their name implies, pose as antivirus software. In this way, the victim will believe the programme is keeping them safe when the reality is completely the opposite. Even though the programme may try to trick you by imitating antivirus functions, its true objective is exploitation. By intimidating the user into purchasing additional security measures, such software defrauds them of their money.

4. Banking Trojans

Banking data is the main focus of banking Trojans. In the world of cybercrime, bank credentials are a highly sought-after type of data because they can give attackers direct access to a victim's money. This type of information is frequently traded on the dark web, where criminal enterprises will pay hackers to gain access to their stolen information. Banking Trojans frequently target the websites of financial institutions.

5. Game-Thief Trojans

An attacker can obtain the victim's banking credentials when a banking Trojan is downloaded onto the victim's device. Banking Trojans can assist the attacker get past two-factor authentication barriers in addition to login credentials, which is a security measure that many people use to protect their online bank accounts.

Game-thief Trojans, also known as "gaming Trojans," are used to hack into gaming accounts and steal personal data. There are currently millions of online gaming accounts, giving cybercriminals a market for data theft. When the Trojan gains access to important data, it will then send that information to the attacker. For instance, a user's Steam account might be targeted in order to gain access to payment data or steal virtual goods.

Trojan horses are so adaptable that they put internet users at risk in various ways, making it challenging to avoid them. But you can more effectively avoid Trojan Horses and protect yourself and your data by being aware of the risks and using extra caution when using your devices.

Read more »
Web Apps
API API security Cyber Attacks Cyber Criminals money theft Web Apps

Financial Service API and Web Application Attacks are up by 257%

 



Various cyber security networks are publishing reports and providing data on various ongoing issues and every day there is a new addition of cyber threat and consequently to the security arsenal. However, managing the attack surface (vulnerabilities, attack vectors, etc) is the biggest challenge that modern society is witnessing. 

In today’s hybrid and multi-cloud environments, apps and APIs are potential targets that cyberhackers can and will exploit. Recently, CDN provider Akamai Technologies, Inc., has released new research in which they have disclosed that year-over-year 257% growth has been seen in web application and API attacks on financial service institutions. 

The report indicates a growing risk to the financial services sector and a shift to more advanced and sophisticated cyberattacks. The report also revealed that DDoS attacks on financial services institutions have grown by 22%. 

Furthermore, the study shows that cybercriminals are using techniques in their phishing campaigns to bypass two-factor authentication solutions. 

It is alarming that various institutions are collecting data on recent cybercrime, as we mentioned in the beginning. In this regard, Enemy at the Gates, published a report that revealed that roughly 80 percent of threat attackers aim their efforts at customers of financial services in an attempt to find paths of least resistance for monetary gain. 

“Companies have moved key infrastructure over to APIs, so the criminals are following the revenue. But on top of that, APIs are newer and, in many cases, don’t have the same level of maturity in security processes and controls, so are more vulnerable,” Steve Winterfeld, advisory CISO at Akamai said. 

Along with this, the company recommended a number of steps that enterprises can take to prevent API-driven threats. 
  • Institutions should invest in technologies to automatically discover, validate and catalog APIs, at the same time developing a security strategy that incorporates API security testing and API access control. 
  • Increasing transparency over what internal and third-party APIs are used for as it ensures that enterprises are in a position to start mitigating potential threats across the attack surface. 
  • Updating phishing defenses to counter the latest MFA attacks with FIDO2-compliant capabilities should be the priority for the institutions. 
“Finally, they are easier to automate attacks against as they are designed for automation. These factors combine to make APIs a smart place for attackers to focus. This is also why CISOs need to focus on them,” Winterfeld added.
Read more »
Threat actors
attacks Cyber Attacks Cyber Criminals Extortion Safety Supply Chain threat Threat actors

Cyber-attacks on Port of Los Angeles Doubled Since Pandemic

 

According to recent research, one of the world's biggest ports has witnessed an unusual spike in cyber-attacks since the outbreak began. The Port of Los Angeles' executive director, Gene Seroka, told the BBC World Service over the weekend that the facility receives roughly 40 million attacks every month. 

"Our intelligence shows the threats are coming from Russia and parts of Europe. We have to stay steps ahead of those who want to hurt international commerce. We must take every precaution against potential cyber-incidents, particularly those that could threaten or disrupt the flow of cargo,” he further added. 

Ransomware, malware, spear phishing, and credential harvesting attacks appear to be among the threats aimed against the facility, which is the busiest in the Western Hemisphere. The goal seems to harm the US economy in many situations, however, profits through extortion and data theft will also be a factor. 

Such dangers, if not adequately managed, can potentially exacerbate COVID-era supply chain snarls. Seroka said that port blockages will not be cleared completely until next year, even though the number of container ships waiting more than two days to offload has reportedly reduced from 109 in January to 20 today. 

"The past two years have proven the vital role that ports hold to our nation's critical infrastructure, supply chains and economy. It's paramount we keep the systems as secure as possible," Seroka expressed. 

The challenge is so acute that the port established one of the world's first Cyber Resilience Centers in collaboration with the FBI. It provides a single site for port stakeholders such as shipping corporations to receive, evaluate, and exchange threat intelligence. 

Ports have become such a popular target for cyber-criminals, particularly those aiming to undermine operations and extort businesses, due to their strategic significance to global trade.
Read more »
Windows
Cyber Criminals malware QBot Spyware Windows

Emotet Malware: Shut Down Last Year, Now Showing a Strong Resurgence

 

The notorious Emotet malware operation is exhibiting a strong resurgence more than a year after being effectively shut down. Check Point researchers put the Windows software nasty at the top of their list as the most commonly deployed malware in a March threat index, threatening or infecting as many as 10% of organisations around the world during the month – an almost unbelievable figure, and more than double that of February. 

Now, according to Kaspersky Labs, a swiftly accelerating and sophisticated spam email campaign is intriguing targets with fraudulent emails designed to swindle them into unpacking and installing Emotet or Qbot malware, which can steal data, collect information on a compromised corporate network, and move laterally through the network to install ransomware or other trojans on networked computers. 

Qbot, which is associated with Emotet's operators, is also capable of accessing and stealing emails. In a blog post this week, Kaspersky's email threats protection group manager, Andrey Kovtun, stated. In February, Kaspersky discovered 3,000 malicious Emotet-linked emails, followed by 30,000 a month later, in languages including English, French, Italian, Polish, Russian, and Spanish. 

Kovtun wrote, "Some letters that cybercriminals send to the recipients contain a malicious attachment. In other cases, it has a link which leads to a file placed in a legitimate popular cloud-hosting service. Often, malware is contained in an encrypted archive, with the password mentioned in the e-mail body." 

The spam email often claims to include essential information, such as a commercial offer, in order to persuade the recipient to open the attachment or download the harmful file via the link. "Our experts have concluded that these e-mails are being distributed as part of a coordinated campaign that aims to spread banking Trojans," he wrote further. 

Cryptolaemus, a group of security researchers and system administrators formed more than two years ago to combat Emotet, announced on Twitter this week that one of the botnet subgroups has switched from 32-bit to 64-bit for loaders and stealer modules, indicating the botnet's operators' continued development. Emotet immediately resurfaced in the malware world's upper echelons. Europol, along with police departments from the United States, Germany, the United Kingdom, and Ukraine, completed a multinational takedown of the primary botnet deploying Emotet in February 2021. Raids on the accused operators' houses in Ukraine were part of the operation. 

The raid, according to Europol, substantially impacted Emotet's operations, which were used to infiltrate thousands of firms and millions of computers around the world. However, in publishing its March threat index, Check Point Research stated that Emotet resurfaced in November 2021 and has gained traction after the Trickbot botnet infrastructure was shut down in February. It is once again the most common malware. 

The researchers wrote, "This was solidified even further [in March] as many aggressive email campaigns have been distributing the botnet, including various Easter-themed phishing scams exploiting the buzz of the festivities. These emails were sent to victims all over the world with one such example using the subject 'Buona Pasqua, happy easter,' yet attached to the email was a malicious XLS file to deliver Emotet." 
Read more »
WhatsApp
Cyber Criminals Cyber Security Facebook Instagram Meta WhatsApp

Meta Takes Legal Action Against Cyber Criminals

 

Facebook's parent company, Meta Platforms, announced on Monday that it has filed a federal lawsuit in the U.S. state of California against malicious attackers who ran more than 39,000 phishing websites impersonating its digital properties to trick consumers into disclosing their username and password. 

“Today, we filed a federal lawsuit in California court to disrupt phishing attacks designed to deceive people into sharing their login credentials on fake login pages for Facebook, Messenger, Instagram, and WhatsApp. Phishing is a significant threat to millions of Internet users”, states the report. 

The social engineering strategy entailed the construction of rogue websites that tried to portray as Facebook, Messenger, Instagram, and WhatsApp login pages, prompting victims to input their login details, which were subsequently captured by the defendants. The unidentified actors are also being sought for $500,000 by the tech behemoth. 

The assaults were conducted with the help of Ngrok, a relay service that diverted internet traffic to malicious websites while concealing the exact location of the fraudulent equipment. Meta stated that the frequency of these phishing assaults has increased since March 2021 and that it has collaborated with the relay service to restrict thousands of URLs to phishing sites. 

The lawsuit comes just days after Facebook revealed it was making efforts to disrupt the activities of seven surveillance-for-hire firms that generated over 1,500 phony identities on Facebook and Instagram to target 50,000 users in over 100 countries. Meta announced last month that it has barred four harmful cyber groups from attacking journalists, humanitarian organizations, and anti-regime military forces in Afghanistan and Syria. 

“This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology. We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur. We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others. And Meta blocks and shares phishing URLs so other platforms can also block them”, mentioned the report.
Read more »
Russian Hackers
Cyber Crime Cyber Crime Report Cyber Criminals Russian Hackers

Google sued two Russians hackers

Google has filed lawsuits against two Russians - Dmitry Starovikov and Alexander Filippov. According to the company, they are behind the activities of a botnet called Glupteba.

The corporation claims that Glupteba has infected more than a million Windows devices worldwide, the increase in infections can be "thousands" daily. The botnet was used to steal Google user account data. Most often, the infection occurred after users downloaded free applications from unauthorized sources.

In addition to stealing and using other people's data, Glupteba was aimed at covert mining of cryptocurrencies and redirecting other people's traffic through infected computers and routers. Using this method, illegal traffic can also be redirected to other people's devices.

Google notes the sophisticated technical complexity of Glupteba. It uses a blockchain, the decentralized nature of which allows it to effectively protect itself from work disruptions. For the company, this is the first case of fighting a botnet on the blockchain.

The main infrastructure of the botnet is now neutralized. Those who managed the network from infected devices no longer have access to it. However, the company notes that this statement is valid only at the moment.

Google assumes that it was Starovikov and Filippov who managed Glupteba, relying on data in their Gmail accounts and Google Workspace office applications. The company insists on reimbursing them for damage, as well as a lifetime ban on their use of Google services.

According to experts, this could create a positive precedent. If the Russians really manage to be punished significantly, this will significantly weaken the community as an attacker in cyberspace. At a minimum, the hackers' sense of impunity will disappear. You can read about how Google representatives tracked hackers on the company's official website.

Read more »
Ransomware
Cyber Criminals Cyber Security LockBit LockBit 2.0 ransomware Ransomware

HHS Cybersecurity Agency Issues Threat Briefing on LockBit Ransomware

 

A security report on LockBit, a ransomware gang that reportedly published a new variant, has been issued by The Health Sector Cybersecurity Coordination Center. The cybercriminals were behind the highly reported cyberattack on Accenture this summer, wherein the corporation was supposedly threatened with a ransom demand of $50 million. 

LockBit ransomware is a malicious program that prevents users from accessing their computers in return for a ransom demand. LockBit will automatically scan a network seeking valuable targets, spread the virus, and lock all computers that are accessible. This ransomware is employed in very specific cyberattacks against businesses and other organizations. 

LockBit was introduced in September 2019 and began advertising its "ransomware as a service" affiliate scheme in January 2020, according to HC3. 

In May 2020, it began collaborating with Maze, another ransomware organization, and in September of the same year, it debuted its very own leak site. LockBit v2.0 was released in June of this year. Furthermore, according to HC3, it employs a two-pronged extortion scheme involving the StealBit malware. It has improved encryption and circumvents user account control methods. 

"Threat actors continue to view unpatched systems as an easy, if not preferred, method of intrusion," wrote officials from the cybersecurity arm of the U.S. Department of Health and Human Services in its brief. 

It moreover relaunched its affiliate program, wherein affiliates determine the ransom, then choose a payment system, and receive the majority of the money before actually paying the organization. Armenia, Azerbaijan, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, and Uzbekistan are among the Commonwealth of Independent States countries where the program does not function. 

Based on an interview with a LockBit ransomware operator, the organization concluded that the malicious actors looked to have a "contradictory code of ethics." 

According to HC3, healthcare facilities are ideal targets, but the LockBit affiliate showed "a strong disdain for those who attack healthcare entities while displaying conflicting evidence about whether he targets them himself." 

"The U.S. also has lucrative targets, but with data privacy laws requiring victim companies to report all breaches, the incentive for such entities to pay the ransom is likely somewhat reduced," said HC3. 

"Cybercriminals are avid consumers of security news and remain up to date on the latest research and vulnerabilities, weaponizing that information to use in future attacks," it wrote. 

Threat advisories on various ransomware organizations, including BlackMatter, Conti, and Hive, have recently been published by the federal government. The alerts, however, haven't stopped the flood of ransomware news. Hive hacked a Missouri health center earlier this month and published patient names, Social Security numbers, and medical information on its blog.
Read more »
Russia
America China Cyber Criminals Cyber Security cyber threat Iran North Korea Russia

NSA’s Cyber Chief Warned About the Increasing Cyber Threat

 

On Wednesday the 29th of September, the chief of the cyber branch of the National Security Agency cautioned about the growing number of digital dangers and threats that these cybercriminals pose. 

Rob Joyce, Director of the NSA Cybersecurity Directorate, stated during the ASPEN Cyber Summit in Colorado that nearly every single government in the world today has a cyber exploitation program. 

Joyce has been a special assistant of the president and cyber security coordinator of the National Security Council in 2018, with many other responsibilities in the nation's leading e-spy agency. 

“The vast majority of those are used for espionage and intelligence purposes, but… there is interest in dabbling in offensive cyber and outcomes. The difference between the top of the list and the bottom of the list, usually, is scale,” stated Joyce. 

There are some “high-end, sophisticated small actors, but they’re confined to whatever that national interest is that they’re aimed at so we see less of them.” 

Joyce also gave his evaluated statements on the so-called "Big Four" and the latest internet business of the foreign states who were historically the digital opponents of America — Russia, China, Iran, and North Korea. 

Starting with Russia he said that, it's the distressing force. Often they attempt not to boost their activities but to pull others down. They are still extremely active in intelligence-gathering efforts targeting vital infrastructure and countries. The problem is that they employ disruptive effects all around the world aggressively. The organization saw indications of U.S. vital infrastructure pre-positioning. For this everyone must strive against every item that can't be permitted. 

Further, talking about China he noted that, Chinese is off the charts, considering the scale and scope. The number of cyber actors from China is growing all over the world. NSA respected them less than that from four or five years ago to the present day, the changes as perceived. They have always been wide, loud, and boisterous, and what the organization discovers, the elite in that group is the elite if one has such a vast resource base. 

“The high end of the Chinese sophistication is really good. We’ve got to continue to understand, disrupt and then find ways across the whole of that technology to kind of push back… Yes, defense is really important, but you also have to work to disrupt so that’s the continuous engagement strategy out of the [Defense Department] and the idea that we got to put sand and friction in their operations, so they don’t get just free shots on goal,” he added. 

Later he made statements about Iran saying that Iran is still operational in cyber activities. Certainly, they were the first and foremost nation when everyone spoke of a bank distributed denial of service operations and the Shamoon Wiper malware. However what NSA observed is that they often concentrate very much on regional matters, at present. Their attention was not as broad on the impact. But they are capable, especially because their decision is less judgmental, and most crucially because it is a realistic measure. Iran sometimes does not appreciate how much it has done to, or has gone far as to arouse the wrath and concern of the larger community. 

Lastly, he told that North Korea remains extremely focused on the regime's income creation, as North Korea can not be affected even with several sanctions. They, therefore, had to develop ways to create cash, trade and realized that it is simpler to steal Bitcoin than to steal from Bangladesh Bank. They didn't attack the largest banks as hard, since in the crypto realm they made their required money. 

“The commercial firms were dealing with a lot of North Korean issues back when the [Covid-19] vaccine was an issue; they were going after the intellectual property of vaccine makers. So, still active, still a threat, very capable but mostly focused on crypto exchanges and creating money.” He added. 
Read more »
Subscribe to: Posts (Atom)