Search This Blog

Showing posts with label Cyber Security News. Show all posts

Cyberattacks On Small Businesses: The US Economy’s ‘Achilles Heel’?


Small business firms play an important role when it comes to the economy, but they are more vulnerable to cyberattacks. 

At the time when Elena Graham, co-founder of Canada-based security service CYDEF, started selling cyber security software to smaller firms and businesses, business was relatively slow. However, now the demand is increasing, driven by a sharp rise in remote work that has exposed small businesses to cyberattacks. 

Since the start of the year, business at her security firm has tripled reaching an all-time high. "It was a total head-in-the-sand situation. 'It's not going to happen to me. I'm too small.' That was the overwhelming message that I was hearing five years ago. But yes, it is happening." says Elena. 

But with the booming security services, one can deduce that small businesses are comparatively at higher risk of being attacked by threat actors, than large businesses, as noted by Barracuda Networks.  

The risks were dramatically bolstered by the global pandemic. According to a report by RiskReconm, a Mastercard company that evaluated companies’ cyber-security risk, cyberattacks on small companies surged by more than 150% between 2020-21. 

"The pandemic created a whole new set of challenges and small businesses weren't prepared," says Mary Ellen Seale, chief executive of the National Cybersecurity Society, a non-profit that helps small businesses create cyber-security plans. 

In March 2020, at the peak of the pandemic, a survey of small businesses by broadcaster CNBC concluded that only 20% planned on investing in cyber-protection. 

Working remotely, during the pandemic, meant that more personal devices like smartphones, tablets, and laptops had access to sensitive corporate information.  

Lockdown, however, put a strain on budgets, curtailing the amount of money businesses could invest in security. Cybersecurity and costly in-house experts were frequently out of reach. Consequently, the weak cyber-security infrastructure was prone to cyber-attacks. 

With just one compromised supplier, cyber criminals could access networks of organizations further up the supply chain. According to Ms. Seale, "Large businesses depend on small businesses[…]They are the lifeblood of the United States, and we need a wake-up call." Small businesses account for more than 99% of companies in the US and employ nearly half of all Americans, playing a critical role in the global economy. In regard to this, Dr. Kim says they are like the economy's "Achilles heel". 

“They may be a small company but what they sell to large businesses could be very important. If they're hacked, [their product] won't be fed into supply chains and everything will be affected," Dr. Kim further adds. 

TSA: New Cybersecurity Directives Issued for US Passenger and Freight Railroad Carriers

 

The Transportation Security Administration (TSA) has recently announced a new cybersecurity security directive. The directive is issued in order to improve the cybersecurity of railroad operations and regulate passengers and freight railroad carriers. 
The TSA announcement demonstrates the Biden-Harris Administration’s commitment to strengthening the cybersecurity of U.S critical infrastructure. The security directives will further improve the nation’s railroad operations’ cyber security preparedness and resilience, building on the TSA's work to fortify defenses in other modes of transportation. 

Why are the new directives important?  


The latest measures are taken by US officials following the series of ransomware attacks and hacking incidents in the past years.  

In 2016, San Francisco Municipal Transportation Agency was targeted by a ransomware attack, which caused administrators to disable ticketing machines and turnstiles for metro stations for a weekend. 

Last year, the US witnessed the disruptive potential of a cybercrime incident, where a major pipeline company had to halt its operations for days following a ransomware attack. 

The new TSA directive instructs rails companies to report hacking incidents to the Department of Homeland Security, having a strategy in place to prevent a cyberattack from affecting their business operations. 

The directive essentially focuses on creating access controls to prevent unauthorized access to critical systems.  

The operators must ensure that these systems are constantly monitored and detected by policies and procedures. Additionally, they must also make sure that the operating systems, applications, drivers, and firmware of the critical systems are patched and up to date. 

About the new directives, TSA Administrator David Pekoske said, “The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack.” 

“We are encouraged by the significant collaboration between TSA, FRA, CISA and the railroad industry in the development of this security directive.”  

As per Anne Neuberger, a senior White House official, the US officials are also working on cybersecurity measures for the water and healthcare sectors. Alongside regulations for the communications sector, including emergency warning systems are also underway.

Hackers Group in China Creates Linux Version of Sidewalk Windows

One of the state-supported hacker groups in China has reportedly developed a Linux variant of a backdoor known as SideWalk backdoor targeting Windows systems in the academic sectors. The variant of sidewalk is believed to be assigned as a part of a Cyberespionage campaign by Earth Baku, an advanced persistent threat (APT) group with connections to APT41, termed as SparklingGoblin it is working against the entities based in the Indo-Pacific region.   
 
Sidewalk Linux Backdoor was detected in the past by security researchers back in 2020.  Sidewalk Backdoor, initially tracked as Stageclient was observed at the cybersecurity company ESET in May 2020, targeting the servers in a university in a university in Hong Kong. The group targeted in the same university in February 2021.   
 
“The group continuously targeted this organization over a long period of time, successfully compromising multiple key servers, including a print server, an email server, and a server used to manage students schedules and course registrations” ESET stated in reports shared with The Hacker News. 
 
In an analysis carried out by ESET, it was observed that StageClient and Spectre botnet (a subset of a security vulnerability) are both in fact Linux variants of SideWalk. ESET also observed the SideWalk variants for Linux and Windows, in which they detected that both the variants hold a great many similarities in their infrastructures and in the way both the malwares function deducing it is in fact a Linux variant of SideWalk as well. 
 
One of the similarities of the two malwares being connected to Sidewalk was they both used the same encryption key to transport data from the infected device to the C&C servers. Secondly, it was observed that both the variants used the Cha Cha20 encryption algorithm to "use a counter with an initial value of 0x0B”, something that is particular to SideWalk. Lastly, it was observed that for both the Window and Linux, the malware uses the exact five threats given below, which are programmed for specific tasks:
 
[StageClient::ThreadNetworkReverse] – fetching proxy configurations for alternate connections to the command and control (C2) server.

[StageClient::ThreadHeartDetect] – close connection to C2 server when commands are not received in the specified time.

[StageClient::ThreadPollingDriven] – send heartbeat commands to the C2 server if there is no info to deliver.

[StageClient::ThreadBizMsgSend] – check for data to be sent in message queues for all other threads and process it.

[StageClient::ThreadBizMsgHandler] – check for pending messages from the C2 server 
 
Although SparklingGoblin actively targets the regions of East and Southeast Asia, it has now been going global. hitting organizations outside the given regions. 

Experts Discovered 226 Security Flaws in Nine Wi-fi Routers

 

Security experts and editors at CHIP (a German IT) have found 226 potential security faults in nine wi-fi routers from authentic manufacturers like AVM, Netgear, Asus, D-Link, TP-Link, Linksys, Edimax, and Synology. TP-Link Archer AX6000 router was the most affected by the flaws, according to cybersecurity experts, besides this, they also found 32 flaws, along with Synology RT-2600ac with 30 defects, and Netgear Nighthawk AX12 having 29 bugs. Experts also discovered around ten vulnerabilities in Netgear Nighthawk AX12, Edimax BR-6473AX, Asus ROG Rapture GT-AX11000, Linksys Velop MR9600, AVM FritzBox 7590 AX, and AVM FritzBox 7530 AX. 

The experts analyzed these network systems with the help of IoT Inspector's security platform, which searched around 1000 CVEs and security vulnerabilities. IoT CEO Jan Wendenburg said "changing passwords on first use and enabling the automatic update function must be standard practice on all IoT devices, whether the device is used at home or in a corporate network. The greatest danger, besides vulnerabilities introduced by manufacturers, is using an IoT device according to the motto ‘plug, play and forget.” 

The most commonly found issues, according to cybersecurity researchers are out-of-date Linux kernel in the firmware, multimedia, and VPN features, existing hard-coded credentials, use of unsafe communication protocols, and weak security passwords. According to the security affairs advisory, "some of the security issues were detected more than once. Very frequently, an outdated operating system, i.e. Linux kernel, is in use. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. 

The device software used is also commonly found to be outdated, as it all too often relies on standard tools like BusyBox.” Experts observed that not all these faults can be compromised, false positives were also found. Experts discussed their findings with the manufacturers too, most of these vulnerabilities have been patched. Users are suggested to modify factory settings, make sure that devices install auto-updates, and stop functions that are not important.

Meta's New Security Program Protects Activities, Journalists, and Human Rights Defenders


Social media website Meta (earlier known as Facebook), earlier this week announced a broadening of its Facebook protect security program to add human rights activists, journalists, social activists, and government officials exposed to malicious actors throughout the social media platforms. These defenders and activists are vital for public debate in critical communities, said Nathan Gleicher, security policy head at Meta. These people safeguard human rights across the world, promote democratic elections, hold government and political parties accountable. However, this makes them a primary target for threat actors.

Facebook Protect, as of now, is being released around the world in phases, it allows users that apply for a change to have robust safety protections such as 2FA two-factor authentication, and looking out for possible hacking threats. According to Meta, around 1.5 million user profiles have enabled the Facebook Protect as of now, out of which, 9,50,000 profiles turned on the 2FA feature after the feature was on the roll since September 2021. 

The program is similar to Google's APP (Advanced Protection Program), aimed at protecting users with sensitive information and high visibility, putting them at a greater risk of online attacks. It stops suspicious account access attempts and incorporates strict checks before downloading softwares and files on Gmail and Chrome. Users eligible for Facebook Protect will be informed via a Facebook prompt, with an option to enable the advanced security features along with identifying potential problems like weak passwords, that can be easily hacked by actors for gaining access to FB accounts. 

The announcement came a week after Apple announced to notify targeted users of threat notifications by state-sponsored hackers. These notifications would be sent via email and iMessage notifications to the phone numbers and addresses linked with Apples users' IDs. Meta said "over the next several months, we’re going to carefully expand this requirement globally. We’re encouraged by our early findings and will continue to improve Facebook Protect over time."

Iran Accuses USA and Israel for Carrying Out Fuel Cyberattacks

 

An Iranian General alleged that Israel and US might have planned a cyberattack that caused disruption of fuel in service stations in Iran. The attack which happened on Tuesday is similar to two recent incidents where, as per the general, the attackers might be Iran's rivals: USA and Israel. Two incidents were analyzed, the Shahid Rajaei port incident and the railway accident, and found that these two incidents were similar. Earlier this year, as per Iran's transportation ministry, a cyberattack disrupted its website and computer systems, reports Fars news agency. 

"In a country where petrol flows freely at what are some of the lowest prices in the world, motorists need digital cards issued by the authorities. The cards entitle holders to a monthly amount of petrol at a subsidized rate and, once the quota has been used up, to buy more expensive at the market rate," reports The Security Week. In 2020, Washington Post reported an incident where Israel orchestrated an attack on Iranian port Shahid Rajaei (in Hormuz Strait), a strategic path to global oil shipments. 

The recent cyber disruption resulted in traffic jams in major pockets in Tehran, having long lines at petrol pumps disrupting traffic flow. Following the incident, the oil ministry shut down the service stations in order for easy manual distribution of petrol, said the authorities. On Wednesday, President Ebrahim Raisi alleged that the actors were trying to sway the people of Iran against Islamic Republic leadership. As per the reports, an estimated 3200 out of 4300 of the country's service stations have been re-linked with the central distribution system, said the National Oil Products Distribution Company. 

Besides this, there are other stations who also give fuel to motorists, but not at subsidized rates, which makes it twice in the rates, around 5-6 US cents/litre. The Security Week reports, "Since 2010, when Iran's nuclear program was hit by the Stuxnet computer virus, Iran and its arch-foes Israel and the United States have regularly accused each other of cyberattacks. The conservative Fars news agency on Tuesday linked the breakdown to opponents ahead of the second anniversary of deadly protests sparked by a hike in petrol prices."

Alleged TrickBot Gang Member Arrested While Leaving South Korea




A Russian native – on accusations of being associated with the TrickBot cybercrime gang – was recently arrested by the authorities at Seoul International airport, while trying to leave South Korea. 

Reportedly, the Russian resident – identified as Mr. A by media –  was leaving for his home in Russia after waiting for over a year in the South Asian country. As per local media reports (Seoul's KBS) the alleged individual was prevented from leaving South Korea due to COVID-19 travel restrictions – international travel had been canceled by Seoul officials as the global pandemic broke out. Subsequently, Mr. A's passport expired, and he was stranded in South Korea as he waited to renew his passport. 

The Russian man who allegedly worked as a web browser developed for the malware spreading TrickBot gang in 2016 during his stay in Russia, denied 'being aware' of working for a cybercrime group. “When developing the software, the user manual did not identify malware,” said the individual at Seoul High Court. 

As per a Korean newspaper, on September 01, an interrogation was held at the 20th Criminal Division of the Seoul High Court – for the extradition request case against the alleged developer of the malware. While fighting the US extradition attempt, the lawyer of the accused argued that the US will prosecute the man unjustly. "If you send it to the United States, it will be very difficult to exercise your right of defense and there is a good chance that you will be subject to excessive penalties,” claimed the attorney. 

As per the reports, the suspect continued to maintain that the operation manual did not fall under malicious software when he developed the software. He received work from TrickBot via a job search site, following which he developed a web browser for the gang, according to The Record. Notably, the recruiters preferred applicants who did not ask a lot of questions. 

TrickBot is an advanced banking trojan that targets Windows machines. Initially created to steal the banking information of unsuspecting users, TrickBot has evolved over the last five years to be versatile, widely available, and easy to use. With new variants being increasingly released, TrickBot infections have become more frequent on home office networks; continuous advancement since its inception has cemented TrickBot's reputation as a highly adaptive modular malware.

VIP72: 15-Year-Old Malware Proxy Network Goes 'Dark' Without Notice



A 15-year-old cybercrime anonymity service called VIP72, in the past, allowed a large number of cybercriminals to cover up their actual location by routing traffic via dozens of hacked computers seeded with malware – suddenly went offline for a period of two weeks and has not shown any signs of return. 

Similar to other proxy networks advertised on the darknet and other cybercrime forums, VIP72 also routed its clients' traffic via systems that have been infected by malware. Employing the malicious service, users could choose network nodes in almost any of the countries to relay their traffic as they conceal themselves behind some unsuspecting user's URL. 

Over the past few days, the darknet has been flooded with  "R.I.P" texts for the malware proxy network, VIP72 that went dark without any prior notice. Initially, the authors of VIP62 told their customers that they will be back online shortly, indicating it's a maintenance issue that's restricting their operations. “Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!”, read a notice titled “We'll be back soon!” 

It was updated to read, “Socks client will be unavailable within next 5 (FIVE) days for planned upgrades. We will resume normal work of socks client till the end of this week. All active subscriptions will have +8 days to existed paid period.” 

“—We only work on web vip72.com and sellvip72.com/en. Do not access fraudulent websites on google search e.g: vip72.cx, .us etc...”, the notice further read in 'red' letter font. 

Originally set up in 2006, VIP72, had a long run assisting malicious actors in concealing their real location via a well-founded proxy service. Basically, the proxying service of VIP72 effectively obscured the identity and true location of malware campaigners by routing their traffic via multiple network bounces. In a nutshell, VIP72 essentially offered its customers safety from the security police. 

However, ironically enough, the U.S.-hosted proxy service itself has presumably faced something serious, perhaps, a case of policing. Other experts speculate, that VIP72 might have experienced trouble in competing against newly emerged sophisticated anonymity network services. Although the reason behind VIP72's sudden disappearance remains unclear and the website has gone offline for two weeks now, the proxy service is still accessible to some of the users, which makes sense as the compromised hosts would still be infected with the malware and will indefinitely continue to forward traffic for as long as they remain under the effect of proxy malware.

Ahead of the Labor Day Holiday, the FBI and CISA Warn of Ransomware Risk Over Weekends and Holidays



Ahead of the Labour Day holiday coming about this weekend, CISA and the FBI have released joint advisory warning organizations of increased ransomware attack risk on weekends and holidays. 

Over the past few months, the government agencies have noticed a relative increase in 'highly destructive' ransomware attacks being launched by attackers on long weekends and holidays. Reportedly, these time frames – holidays, especially long weekends – are viewed as attractive time slots by cybercriminals to deploy ransomware due to a lower level of defense during weekends which maximizes the impact of infiltration. The physical absence of the personnel plays a significant role when the offices are normally closed. 

The FBI and CISA noted that the recent cyberattacks that crippled high-profile US entities were all scheduled by hackers over weekends. The cited case studies include recent attacks against JBS, Kaseya, and Colonial Pipeline. 

In May 2021, the DarkSide ransomware operators launched the Colonial Pipeline attack, around Mother's Day weekend. The data was stolen on May 06, 2021, and the malware attack occurred on May 07, 2021. 

In May 2021, the world's largest meat processing organization, JBS, experienced a cyberattack by the REvil ransomware group that disabled its beef and pork slaughterhouses. This attack took place on May 30, 2021 – leading into the Memorial Day public holiday. 

In July 2021 –  building on the weekend attack trend – Kaseya, a leading software provided to over 40,000 organizations, suffered a sophisticated cyberattack yet again by REvil ransomware. The attack was carried out on July 2nd, 2021 ahead of the Independence Day holiday in the United States on July 4th.  

"The FBI's Internet Crime Complaint Center, which provides the public with a trustworthy source for reporting information on cyber incidents, received 791,790 complaints about all types of internet crime -- a record number -- from the American public in 2020, with reported losses exceeding $4.1 billion," the advisory read.

The two agencies clarify that as of now there are no clear indications of a cyberattack that will take place around the oncoming 'Labour Day holiday', however, the alert warns that the threat actors have carried out increasingly damaging cyberattacks around holidays and weekends over the past several months. Therefore, the FBI and CISA urge the organizations to not lower their defenses while providing information on how to effectively combat the increasingly worsening threat of cyberattacks. They advised organizations to strengthen their security, minimize their exposure, and potentially "engage in preemptive threat hunting on their networks to search for signs of threat actors." 

“Threat actors can be present on a victim network long before they lock down a system, alerting the victim to the ransomware attack. Threat actors often search through a network to find and compromise the most critical or lucrative targets. Many will exfiltrate large amounts of data. Threat hunting encompasses the following elements of understanding the IT environment by developing a baseline through a behavior-based analytics approach, evaluating data logs, and installing automated alerting systems.” The joint advisory further said.

The Poly Network hack turned into career prospects

Cryptocurrency platforms have become an easy target for professional hackers. Only in the past month, there were several cases.

Recall that the hacker was invited to work in a company from which he stole hundreds of millions of dollars in cryptocurrency. A hacker who organized one of the largest attacks on the Poly Network blockchain platform was offered the position of security adviser. This happened after he returned to the company the entire amount that he stole, about $600 million.

Many cryptanalysts are sure that the attacker was simply scared. Immediately after the attack, representatives of the Poly Network warned the hacker that he would be pursued by the special services of several countries at once. And third-party cybersecurity experts said they had tracked down an IT of the hacker.

Viktor Pershikov, a leading analyst at 8848 Invest, believes that he would hardly have been able to cash out all the stolen crypto assets without consequences: "We need to take into account the fact that the blockchain, despite its anonymity, is an absolutely transparent technological solution. The amounts in open blockchains are perfectly visible, it is clear from which wallets they come, where they go."

Other experts are sure that, although not without risk, even $600 million in cryptocurrency can be cashed out if desired. However, Mr. White Hat himself returned the entire stolen amount.

Russian hacker Alexander Varskoy noted that he admired the noble intentions of his colleague if they were really noble: "Gary McKinnon once hacked NASA, not for the purpose of blackmail, but to find documents about interaction with other extraterrestrial civilizations. But that was a long time ago. Now it's 2021 when everything works on the crypt. And it's just amazing to hear such statements."

In addition to the hacker's motivation, users of social networks discuss the fee that the platform he hacked promised him, $500 thousand. Many people consider the amount too high. But the CEO of Zecurion, Alexey Rayevsky, considers half a million dollars to be quite a normal reward. By the way, he himself has hired hackers more than once.

The hacker eventually refused half a million dollars. And, as experts note, he lost little. After all, if he agrees to the position of security adviser, he can be offered a salary of at least twice as much.

Cyber Criminals trying to hack Russian popular Telegram channels using ads from GeekBrains

 The owners of the Telegram channels noted that scammers under the guise of advertising offers send malicious files.

" In particular, they can be represented by advertising managers of the GeekBrains educational platform", Nikita Mogutin, the co-founder of the Telegram channel Baza (more than 310,000 subscribers), wrote on Facebook. Owner of the Telegram channel Madonna (more than 9500 subscribers) Madonna Moore said that five scammers write to her a day. She also published the text of correspondence with a person who introduced himself as a representative of GeekBrains. 

GeekBrains has received many complaints about fraud on behalf of the company and has already sent out warnings to agencies and bloggers, said Elena Toropina, head of the company's marketing department. In her opinion, the attack on the channels is connected with the growth of the online education industry, which spends a lot of money on advertising.

Kaspersky Lab reported that the attachments sent by the attackers contain a Trojan virus. 

"If the victim runs the file, a program will be installed on the computer that will steal the accounts stored on it and provide fraudsters with hidden remote control of the Telegram channel", told Yaroslav Kargalev, deputy head of the Group-IB incident response center. According to him, scammers can also change the phone number in the channel's account to get full control over it.

Most often, channel theft is needed to publish links to malicious resources in the Telegram channel or to get a ransom, said Sergey Trukhachev, head of the special services unit of Infosecurity a Softline Company.

"The increase in the activity of scammers may be associated with the influx of new users to Telegram", noted Kargalev.

Telegram downloads have increased dramatically as WhatsApp has added a clause to its rules that allows users to share their personal data with Facebook. Moreover, the growing popularity of Telegram is due to the fact that supporters of Donald Trump, who was blocked in many social networks, have "flowed" there.

Telegram founder Pavel Durov called the sharp increase in the number of new users "the largest digital migration" in human history. In the first week of January, Telegram's monthly audience overcame the mark of 500 million active users.

Earlier, E Hacking News reported that Pavel Durov advised users to remove WhatsApp from smartphones. He called the WhatsApp application unsafe.


Putin: the US State Department and the US intelligence agencies come up with fake about Russian hackers

According to the Russian President, he is counting on the experience of the President-elect of the United States, which will help solve some problems in relations between the two countries

Vladimir Putin called a provocation the question of the general producer of the RTVI channel Sergey Shnurov, who during a press conference asked why Russian hackers this time did not help Donald Trump become President of the United States and whether Russia is ready to provide asylum to the outgoing American leader.

"This is not a question, but a provocation. Hackers did not help Trump and did not interfere in the American elections. This is all speculation, an excuse to spoil relations between Russia and the United States, an excuse not to recognize the legitimacy of the US president for domestic political reasons," Putin said.

According to the Russian President, relations between Moscow and Washington have become hostages of the internal political situation in the United States: "It is their choice, let them do what they want."

Putin also expressed hope that "the elected President of the United States will understand what is happening." "He is an experienced man. We hope that some problems will be resolved under the new administration," the President said.

It is worth noting that the US authorities previously reported that hackers working for Russia obtained information from the databases of the Department of Homeland Security (DHS) and the US Treasury and Commerce Department.

During a press conference, Russian President Vladimir Putin named the real authors of the fakes about Russian hackers.

According to the President, they are the US State Department and the US intelligence agencies. He also added that it was they who in 2016 made a throw-in about the connections of hackers who hacked the mail of members of the US Democratic Party with Russian military intelligence.

"So they are the authors in fact. In any case, according to their instructions, this was done, it is quite obvious," the head of state said in a live broadcast.

On Thursday, December 17, the head of state held a large press conference. The event included a direct line with the President.

Kaspersky announced the creation of the new smartphones with protection from hackers

A smartphone with a secure Kaspersky will have minimal functionality, said the head of Kaspersky Lab, Eugene Kaspersky. According to him, it will have its own basic applications and browser, but the smartphone has other tasks, it's security.

"There will be minimal functionality, but don't wait for beauty, both Android and iOS, this smartphone will perform other special tasks," said Mr. Kaspersky. "The device can call and send SMS, of course, there will be an office suite, its own browser with minimal functionality and a standard set of applications, such as an alarm clock, calculator, and so on,” added he.

So far, Kaspersky Lab does not plan to have an App store on its OS, but this is possible in the future. "Most likely, first we will make our own, and then we will be ready to attract other app stores," said Eugene Kaspersky.

At the same time, he said that smartphones on the Kaspersky operating system may appear next year. The company agreed with a Chinese smartphone manufacturer to install a new OS. 

He noted that the company does not plan to enter the platforms Google and Apple and try to replace them. "Our task is to create a secure phone that is almost impossible to hack, for processing secret and confidential information of both government officials and enterprises, and infrastructure management," said the head of Kaspersky Lab.

It’s interesting to note that Kaspersky Lab has been creating an operating system designed for maximum protection of equipment and operating on the principle of "everything is forbidden that is not allowed" for several years.

United States rejected Putin's offer to cooperate on cybersecurity

The US authorities for the first time publicly responded to the proposal of Russian President Vladimir Putin to resume cooperation in the field of international information security. US Assistant Attorney General for National Security John Demers called the Kremlin's initiative "nothing more than false rhetoric, cynical and cheap propaganda.” And Secretary of State Mike Pompeo said that Russia is dismissive of public security and international stability in cyberspace.

On September 25, Vladimir Putin invited the US authorities to resume cooperation in the field of international information security, which began in 2013 but was frozen due to disagreements over Ukraine and Russia's alleged interference in the 2016 US presidential election.

The President of the Russian Federation then stated that the dialogue in the cyber sphere should not be a "hostage" of political disputes, and proposed a four-point program for restoring cooperation.

In a statement, the Russian President said that "the risk of a large-scale confrontation in the digital sphere is one of the main strategic challenges of our time." "Special responsibility" for preventing cyberwarfare lies, as the Kremlin said, "on key players in the field of international information security," that is, primarily on Russia and the United States.

On October 7, in an interview with the Russia TV channel, Vladimir Putin complained that there was no response to his proposal from the United States. "Unfortunately, as with a number of our other initiatives, there is no response to this, I believe, very important topic, although there are continuing complaints against us about our hyperactivity in the information sphere, interference in elections there, and so on, which have absolutely no basis,” said Mr. Putin.

Russia has fallen to 13th place in the world ranking of the stability of Internet segments

According to Qrator Labs, a company specializing in ensuring the availability of Internet resources and countering DDoS attacks, Russia has worsened its position in the ranking of countries with the most stable segments of the national Internet, dropping from 11th to 13th place. Experts attribute this to the continuing expansion of the market of Internet operators and the slow transition to the new IPv6 protocol, which allows using more IP addresses.

The rating of the stability of the national segments of the Internet has been calculated since 2016 among 249 countries of the world. According to the rating, Russia took the 13th place this year, the year before the Russian Federation took the 11th place.

Experts believe that the use of a more advanced version of IPv6 by network operators along with the IPv4 Protocol can increase the stability of Internet segments. Then in case of problems with one Protocol, the other will work.

According to Google, just over 30% of users in the world use the new Protocol, while in Russia this figure is slightly more than 5%.

The problem is that Russia does not have a universal program for switching to IPv6. "It is difficult to force current market participants to switch to a new Protocol, because they will have to upgrade equipment and hardware and software systems, and this is a serious expense," said Andrey Vorobyov, director of the Coordination Center for .ru / .РФ domains.

The global five countries are led by Brazil, Germany, Switzerland, Ukraine and the United Kingdom. Next in the ranking are the Netherlands, Canada, the United States, France and Liechtenstein. Four newcomers, Liechtenstein, Japan, Indonesia and Argentina, entered the top 20 this year, while Luxembourg, Czech Republic, Ireland and Bulgaria left. Hong Kong dropped eight positions in a year.

Russian experts warn about security risks of Bluetooth on a smartphone

Associate Professor of computer science at the Russian University of Economics, Alexander Timofeev said that hackers can use Bluetooth to break into an electronic device.

"The possibility of Bluetooth hacking can endanger any information stored on the device (photos, emails, texts). In addition, an attacker can gain control of the device and send unwanted data to it,” noted Timofeev.

According to him, at the hacker festival What The Hack, which takes place in the Netherlands, experts showed how using a laptop and a special program with a directional antenna people can eavesdrop on what the driver of a passing car is talking about through a Bluetooth headset.

The head of Check Point Software Technologies Ltd. Sergey Zabula agreed that constantly enabled Bluetooth carries a significant threat to the security of the phone and its owner. Scammers are constantly improving their attack methods, and the small range of Bluetooth signal propagation is no longer a problem for them.

"Using amplifiers, hackers can get into a user's device without even asking for their permission and without knowing the secret key of the connection”, noted Mr. Zabula.

The consequences of attacks using Bluetooth can be varied. So, in just a few seconds, fraudsters can connect to a user's device, install malware, and eventually steal or delete valuable information. Moreover, via Bluetooth, hackers can listen to calls, set their forwarding, and send calls and text messages, which in turn leads to financial losses of the victim. Also, using a Bluetooth connection, fraudsters can carry out a DoS attack and completely disable the phone.

Experts recommend disabling Bluetooth as soon as it is no longer necessary, since this function, when activated, is a "godsend for scammers."

The Ministry of Internal Affairs of Bashkortostan intends to cooperate with white hackers to reduce cyber crime

The Ministry of Internal Affairs of Bashkortostan is ready to cooperate with white hackers and programmers to solve Internet crimes together with them. Law enforcement agencies want to attract volunteers-experts from among students-programmers to solve cybercrimes.

According to Major General of Justice, Deputy Minister, Head of the Main Investigation Department of the Ministry of Internal Affairs of the Republic of Bashkortostan Oleg Oleinik, the regional department of the Ministry of Internal Affairs is working together with the Regional Center of the Volunteer Movement and the police already have experience in cooperation with young programmers.

Recall that in the last two years, the number of cybercrimes in Bashkortostan has grown by almost 2.5 times: if in 2018, 2,500 cybercrimes were recorded, in 2019 – 6,300, then in the seven months of 2020, 6,500 cases have already been opened. Fraudsters use social engineering methods and debit money from cards of victims without any special technical means.

The Bashkortostan police said that they are ready to cooperate with IT companies that are also interested in eliminating cyber fraud. 

The interim head of the Department for Disclosure of General Criminal Frauds and Theft Committed Using Information and Telecommunication Technologies of the Criminal Investigation Department of the Ministry of Internal Affairs Marat Guzairov said that the crime is especially developed in the DarkNet, where databases are uploaded, weapons, drugs are sold, and pornography is distributed. Violation of the law occurs with the help of messengers, as well as resources blocked by Roskomnadzor, which can be accessed using certain programs.

According to the police, many young people are aware of this and could transfer their knowledge to law enforcement agencies.


Expert Malnev gave tips on detecting Keylogger

Alexey Malnev, head of the Jet CSIRT Information Security Monitoring and Incident Response Center of Jet Infosystems, spoke about how to detect a Keylogger.

According to the expert, this can be done by scanning the computer with antivirus software, as well as thanks to the built-in EDR (Endpoint Detection and Response) system that analyzes the processes and their memory operation within the operating system.

In the case of corporate devices, a traffic inspection system will help, which can detect a connection over a suspicious Protocol or to a suspicious server on the Internet. The presence of an incident monitoring center in an organization can help detect an entire cyber operation of attackers on its infrastructure, or targeted attacks.

According to the expert, the presence of Keylogger can be considered a symptom of a complete hacking of the user's computer, and this is very bad news for the user. The fact is that modern malicious software most often uses Keylogger as one of many modules.

"There is a high probability that there is already a whole set of other potential problems: theft of confidential files from the hard disk, interception of account data, hidden audio and video recording (if there are a microphone and video camera), the potential destruction of data (if there is a malicious ransomware encryption module), full remote access,” said he.

In such cases, users should immediately disconnect the computer from the local network and the Internet, and then, without restarting it, hand it over to specialists in cybercriminalism. According to Malnev, it is more important to determine how the computer was attacked.

About 84% of Russian companies have vulnerable IT system

More than 80% of companies in Russia neglect the basic means of protecting information systems and data, as a result of which 84% of companies have vulnerabilities in their IT systems that can be exploited, including by novice hackers who do not have a high level of programming skills.

According to Ekaterina Kilyusheva, head of the research group of the information security analytics department at Positive Technologies, companies suffer from inexperienced hackers in about 10% of cases.

Based on the testing of 19 large companies from different sectors of the economy, it turned out that in 58% of cases, companies have at least one security breach that can be hacked by publicly available software for hackers.

It is noted that most often in Russian companies, security gaps are associated with the use of outdated software, the vulnerabilities of which are already known.

As noted by ESET security specialist Tony Anscomb, in addition to outdated software, companies often have poorly configured network infrastructure and operating systems, lack of encryption and two-factor authentication, which also increases the likelihood of a system being compromised.

It is noted that the best protected are companies in the financial sector and energy industry, which process large amounts of personal information and where the high dependence of business development on the stability of the IT direction, explained the head of Analytics and special projects InfoWatch Andrey Arsentiev.

Security Experts gave tips on how to protect online conferences from hackers

Video conferencing services attracted the attention of hackers because they gained huge popularity during the coronavirus pandemic. 

On Thursday, attackers disrupted a court hearing in the case of a Florida teenager accused of organizing the hijacking of a number of Twitter accounts. The hearing was held via the Zoom video conference service. The attackers disguised their names as CNN and the BBC and gained access to the conference, after which they began broadcasting pornographic videos and swearing. After that, the court session was postponed.

According to Artem Gavrichenkov, technical director of Qrator Labs, the phenomenon of Zoom-bombing, when attackers identify vulnerable conferences and enter them with the aim of espionage and hooliganism, became widespread in April, and by May-June it became widespread.

“To limit the access of attackers to sensitive content, all conferences should be password protected, and this password should be provided only to a limited number of people,” advised Gavrichenkov.

Denis Gavrilov, the consultant of the information security Center of Jet Infosystems, also recommends setting up a "waiting room" if there is such functionality in the platform, this will limit user access to the conference without the approval of the organizer.

Kaspersky Lab cybersecurity expert Dmitry Galov noted that it is necessary to download the program for a computer only from the official website, and for a smartphone - from official app stores.

"As our experts found out, in the spring of this year, the number of malicious files whose names contain references to popular services for online conferences (Webex, Zoom, etc.) has almost tripled compared to last year,” said he.

Anastasia Barinova, Deputy head of the Group-IB, advises using Zoom analogs at all. "To minimize the risks, I would recommend considering Zoom analogs: Google Meet, GoToMeeting, or Cisco's WebEx service," advised she.

Earlier E Hacking News reported that Russia will develop a similar Zoom platform for video communication by the beginning of the new school year.