Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label CyberThreat. Show all posts
Software
Cyber Attacks Cyber Victim CyberCrime Cybersecurity CyberThreat Ransomware Threat Software

California's Major Trial Court Falls Victim to Ransomware Attack

 


It has been reported that the computer system at the largest trial court in this country has been infected by ransomware, causing the system to crash. Superior Court officials said they were investigating the incident. As soon as the court learned that the computer network systems had been hacked, the systems were disabled, and they are expected to remain down until the weekend at the very least. 

Following the statement, a preliminary investigation revealed no evidence that the user's data had been compromised in any way. According to officials with the Superior Court of Los Angeles County, the nation's largest trial court was closed Monday as a ransomware attack shut down its computer system late last week, resulting in a shutdown of its library and many other departments. 

As soon as the court became aware of the cyberattack early Friday morning, its computer network was disabled, and the system remained offline throughout the weekend due to the attack. There will be no courthouse operations on Monday, despite reports that the county's 36 courthouses will all remain open to the public on Friday. According to a statement released by the FBI on Friday morning, officials do not believe the cyberattack related to the faulty CrowdStrike software update that has disrupted airlines, hospitals, and governments worldwide is related to the security breach. 

Once the court was made aware of the attack, all computer systems connected to its computer network were disabled. An initial investigation has revealed no evidence that the data of users has been compromised, according to the statement released by the company. KCAL, the CNN affiliate based in Los Angeles, reported Monday that the judicial system continues to be closed as it tries to recover. 

As the largest court system in the United States that serves a broad range of services to more than 10 million residents in 36 courthouses, the Superior Court of Los Angeles County is the largest unified court system in the country. The number of cases filed in 2022 is expected to reach nearly 1.2 million, and there will be almost 2,200 jury trials. According to the Presiding Judge Samantha P. Jessner, "The Court has been experiencing a cyber-attack which has resulted in almost all of our network systems being shut down. 

Companies have contained the damage to their network, ensured data integrity and confidentiality, and ensured future network stability and security" during an unprecedented cyber-attack on Friday. The court has reopened all 36 courthouses tomorrow, July 23, following the tireless dedication of the staff and security experts required to assist in restoring the court to full operation," according to a statement published on the court's website. Court users need to be aware that there will be delays and potential impacts due to limitations in functionality.
Read more »
Smishing Exposed
Cyber Attacks Cyber Scams CyberCrime CyberThreat Smishing Exposed

Smishing Exposed How to Recognize Report and Prevent Text Message Scams

 


In cybersecurity, SMS phishing is intercepting a user's text message through a mobile device. Phishing refers to a scam whereby victims are tricked into providing sensitive information to an attacker disguised as someone they trust. To carry out SMS phishing, malware or fraudulent websites can assist attackers. Several mobile platforms support text messaging, as well as non-SMS channels and mobile apps that use data for texting. 

A cyberattack occurred earlier this year, in which hackers stole the personal information, including health information, of more than 13 million Australians, making it one of the country's biggest cyberattacks. This may not seem like much, but keeping your phone's operating system up-to-date protects it from getting infected with malware by preventing it from becoming infected in the future. It is important to keep calm if this message seems to have an urgent feel to it. 

Users should be wary of receiving urgent messages from unknown numbers and approach them calmly so they recognize it is probably not a person looking out for their best interest. An answer given by a two-digit number is most likely to be from a scammer whose real phone number is disguised through email to text services that scammers use to conceal their real numbers: It is unlikely that a credible business, or their friends and family, would be using such a service to contact their customers.

The best way to protect your account is to use two-factor or multi-factor authorization whenever it is possible to do so. In this way, users can have their data secure from unwanted prying eyes, which increases their security. Providing a password via a text message is never a good idea. Entering the password or account recovery code directly into the official app or website that is supposed to be used for entering the password or account recovery code can help users.  

There has been a theft of customer data from MediSecure over the past couple of weeks, according to the company's announcement on Thursday, with an unknown number of such records being uploaded to the dark web. After being alerted to the breach on April 13 by suspicious ransomware being discovered on a server containing sensitive personal health data, the company publically confirmed the breach in May, almost a month after it was first discovered. 

To ensure that the information is kept safe, one of the best methods is to contact the company that is supposed to be the sender of the text. This is especially useful if the user has a bank account. If that's the case, they should contact their bank directly to get this information. A bill or statement can normally contain a direct phone number to call so that a human representative can be contacted if any questions or concerns arise. 

Please do not click on any links that may be mentioned in the text, and do not respond to any of the questions as well. Certainly! Here's a formal and expanded version of the information provided: Phishing, a form of cyberattack through SMS, relies on deceptive tactics and technological manipulation to exploit victims' trust and gather sensitive information. 

This method mirrors traditional email phishing but leverages the immediacy and personal nature of text messaging to lower recipients' defences. The approach begins with the attacker sending text messages, often personalized with the recipient's name and location, to create a sense of familiarity and legitimacy. These messages typically contain links to malicious websites or apps designed to extract private information or install malware on the victim's smartphone. 

To enhance credibility, attackers may use spoofing techniques to conceal their identity by displaying false sender information or utilizing email-text services to obfuscate their phone numbers. This masking helps them appear as legitimate entities such as banks, government agencies, or well-known organizations, thereby increasing the likelihood that recipients will comply with their requests. Social engineering plays a pivotal role in smishing attacks by exploiting human psychology and emotions. 

Attackers craft messages that evoke urgency, fear, or curiosity, prompting recipients to act hastily without due skepticism. By manipulating these emotions, attackers override critical thinking and persuade victims to divulge sensitive information or click on malicious links. The success of a smishing attack hinges on the recipient's response to the initial bait message. Once a victim interacts with the malicious link or provides personal details, attackers proceed to exploit this information for financial gain or identity theft purposes. 

Common objectives include unauthorized access to bank accounts, fraudulent credit card applications, or the unauthorized disclosure of sensitive corporate data. Mitigating the risk of smishing involves maintaining awareness of common tactics used by attackers and adopting security best practices. These include avoiding clicking on links from unknown or suspicious sources, verifying the authenticity of messages through official channels, and refraining from disclosing sensitive information via text messages. 

Furthermore, enabling two-factor authentication (2FA) wherever possible adds a layer of security by requiring a secondary form of verification before accessing accounts or services. By remaining vigilant and informed about the tactics employed by smishing attackers, individuals and organizations can better protect themselves against these increasingly sophisticated cyber threats.
Read more »
Medisecurity
Cyberattacks CyberCrime Cybersecurity CyberThreat Data Breach Data Exposure Datathreat Medisecurity

Sensitive Health Data of 12.9 Million Individuals Stolen in Cyberattack

 


One data breach has led to the exposure of several personal and medical data about 12.9 million people who have become victims of cybercrime. Several customers of MediSecure, one of Australia's leading healthcare providers, have been affected by the huge data breach. There has been a breach of data relating to prescriptions distributed by the company's systems from March 2019 to November 2023 that have been exposed. 

MediSecure, a company that provides electronic prescriptions, said today that a total of 12.9 million customer records have been stolen and that an unknown amount of these records have been uploaded online. When it first learned of the data breach on April 13, when other servers holding sensitive personal and health data were discovered to be infected with suspected ransomware, the company publicly confirmed the hack in May. 

In an attack on MediSecure, which provides medical prescriptions, almost 13 million Australians were impacted by an incident where their personal and health data was breached. Based on a comprehensive investigation into the metadata accessed by its attackers in May 2024, MediSecure has uncovered that 12.9 million individuals, who used the service from March 2019 to November 2023 for the delivery of prescriptions, were affected by the breach. 

In addition to this, information regarding patient prescriptions is stored in this database. According to the authors of this evaluation, which was published on July 18, a detailed analysis of healthcare identifiers for individuals was conducted. The dataset consists of a wide variety of information related to both personal and health issues, some of which are sensitive by nature. 

Name, title, date of birth, gender, e-mail address, home address, and phone number are the personal information requested. Individual healthcare identifiers (IHI); Medicare card number; Commonwealth Seniors card number and expiration date; Healthcare Concessions card number and expiration date; Health care concessions card number and expiration date; Department of Veterans Affairs (DVA) card number and expiration date; prescription medication, including the name of the drug, the strength, the quantity, the number of repeats and the reason for the prescription. 

It has now been announced in a statement by the Department of Home Affairs that certain details about the system breach have been revealed. There have also been several links that have been provided that give victims information on how to identify scammers and protect their personal information as well as where they may find guidance. A support program is also in place to assist those who may be distressed by the nature of the attack; mental health care is also available to those affected. 

Nevertheless, it is important to emphasize that prescriptions were not affected by this change and healthcare providers were still able to prescribe and dispense medicines accordingly. There have been further breaches at another major healthcare provider, this time in the US, so the overall cost of the breach is still being calculated. A third of Americans may be impacted by the ransomware attack that took place on Change Healthcare. 

In this case, there would be 110 million individuals who would be affected by this catastrophe. There is no doubt that this attack dwarfed the Anthem attack suffered in 2015, which involved the personal records of 78.8 million people. According to The HIPAA Journal, the projected cost of addressing the cyberattack on Change Healthcare that occurred in February is estimated to be between $2.3 billion and $2.45 billion. 

This figure, however, does not account for the expenses associated with notifying all affected customers. These cyberattacks have left millions of individuals justifiably worried that their personal information may be accessible to malicious entities who could repeatedly exploit it for fraudulent purposes.

Additionally, these incidents have significantly undermined public trust in medical providers, who are entrusted with some of the most sensitive personal details. The ramifications of these breaches extend beyond financial losses, eroding confidence in the security measures of healthcare institutions tasked with safeguarding patient information.
Read more »
Technology
Cyberattacks CyberCrime CyberThreat GPS Location Quantum Navigation Technology

Quantum Navigation as the Successor to GPS

 


The cause of the recent flight cancellations by Finnair planes flying into Estonia did not have anything to do with mechanical failures or bad weather the cause was the GPS signal not being received by the aircraft. To prevent GPS denial, an aircraft deliberately interferes with the navigation signals that it relies on as part of its navigation. 

The International Air Transport Association (IATA) has been providing maps of areas where GPS is unavailable or unreliable for a long time, and this is not a new phenomenon. Although GPS jamming and spoofing are becoming increasingly powerful weapons of economic and strategic influence around Europe, the Middle East, and Asia, there is growing concern as conflict spreads quickly across these regions.

In some conflict zones, it has been documented that adversarial nations have used false (spoofed) GPS signals to disrupt air transit, shipping, trade, or military logistics and disrupt the daily activities of the nation. There have also been recent talks about anti-satellite weapons, and these discussions have rekindled fears that deliberate actions may be planned to disrupt GPS systems to wreak havoc on the economy. So many aspects of people's lives cannot function without GPS, and they do not even think about it when they do not have it. 

In case of a GPS outage, many online services will not function properly (these rely on GPS-based network synchronization) as well as the in-vehicle Satnav not working. On the other hand, users' mobile phones will not be able to access location-based services. According to studies conducted in the United States and the United Kingdom over the past few years, An analysis by two different academic institutions recently identified that the cost of a temporary outage in economic terms was about $1 billion per day. 

However, the strategic impacts could be even greater, especially during times of war.  As the saying goes, infantry win battles, but logistics win wars, and this is a testament to this assertion. The concept that it would be almost impossible to operate military logistics supply chains without GPS, given the heavy dependence on synchronized communication networks, general command and control, and locating and tracking vehicles and materials, is almost impossible to imagine. 

The entire system relies on GPS-based information and is susceptible to disruptions in any of them at any time. Most of the large military and commercial ships as well as aircraft carry GPS backup systems for steering since it was not long ago that navigation was performed without GPS. At high latitudes and underwater, GPS signals are not always available in all settings-for example, underground and underwater. 

It has been found that GPS alternatives depend on signals that can be measured locally (for example, motion or magnetic fields, such as the magnetic field in a compass), meaning that a vessel can navigate even in the absence of GPS or if GPS cannot be trusted at all. Inertial navigation, for example, uses special accelerometers that measure the movement of the vehicle, in a similar way to how one of those in a user's mobile phone can reorient itself when rotated in a certain direction. 

Then, based on the data users notice that the vehicle is moving, and using Newton's laws, users can calculate their likely position after a considerable period. In another technique called "alt-PNT," measurements are made of magnetic and gravitational fields to determine whether the Earth's surface is different from the known variation of these fields. Certainly! Here is the expanded and formalized version of the provided paragraphs. Reliable GPS is approaching its technological limits, and emerging quantum technologies present a promising path forward. 

Ultrastable locally deployed clocks are a key component of these advancements, ensuring that communications networks remain synchronized even during GPS outages. Traditionally, communications networks relied on GPS timing signals for synchronization. However, quantum technology offers a robust alternative. At the core of this technological shift is the fundamental behaviour of atoms. 

Satellite navigation systems depend on signals reflected from space, whereas quantum navigation leverages the precise movement of a single atom tracked under cryogenic conditions. According to New Atlas, a leading science publication, quantum navigation systems operate independently within each vehicle, with measurements taken at the point of use. This method ensures that the signal remains stable and resistant to interception, as noted by Richard Claridge, a physicist at PA Consulting Group. In May, the United Kingdom conducted two distinct quantum navigation tests one aboard a Royal Navy ship and another on a small jet plane. 

Subsequently, in June, London's underground transport system served as a testing ground for this cutting-edge technology. These tests demonstrated that quantum navigation systems are resistant to jamming, underscoring the UK's pioneering role in the future deployment of this technology on a broader scale. Quantum sensors exploit the immutable laws of nature to detect previously inaccessible signals, providing unprecedented sensitivity and stability. 

Consequently, quantum-assured navigation systems offer a reliable defence against GPS outages and enable innovative new missions. The most advanced quantum navigation systems integrate multiple sensors, each detecting unique environmental signals pertinent to navigation. This approach mirrors the technology used in autonomous vehicles, which combines lidar, cameras, ultrasonic detectors, and other sensors to achieve optimal performance. The evolution of navigation begins with an improved generation of quantum inertial navigation. 

However, the capabilities of quantum sensing extend beyond traditional methods by accessing new signals that were previously challenging to detect in real-world environments. As a result, quantum navigation technology represents a significant advancement, ensuring enhanced reliability and opening new possibilities for future applications.
Read more »
Telecommunication
Cyberattacks CyberCrime Cyberfraud Cybersecurity CyberThreat Technology Telecommunication

Government Shuts Down Two Telemarketing Giants for 5.5 Million Fraudulent Calls

 


Several telemarketing entities, notably V-Con Intelligent Security and OneXtel Media, have been suspended by the Department of Telecommunications (DoT) for disseminating malicious messages through their services. According to a report by the Economic Times (ET), these two telemarketers alone were responsible for sending a record 55.5 million spam messages since January of this year. 

In light of the escalating incidence of SMS fraud within the country, the DoT has taken decisive action to suspend these two telemarketing companies, aiming to mitigate the risks associated with such scams. The DoT's directive, issued on July 15, identified V-Con Intelligent Security and OneXtel Media as platforms for sending customers malicious and phishing SMSes. Reports submitted to the Sanchar Saathi portal, particularly from the 'Chakshu' facility listed under the 'Services' section, highlighted these malicious activities. 

Comprehensive analysis of information provided by citizens enabled the DoT to make significant discoveries and undertake specific interventions. In its efforts to combat the proliferation of malicious SMS activities, the DoT has issued orders for the suspension and blacklisting of 131 Principal Entities (PEs), as well as approximately 5,000 SMS templates and 700 SMS headers linked to these activities. Despite these measures, new headers emerge, allowing fraudulent SMSes to be sent to citizens and raising ongoing concerns. 

Investigations have revealed that Onextel Media Pvt Ltd and V-Con Intelligent Security Pvt Ltd were responsible for a substantial portion of these malicious SMSes, accounting for 5.55 crore out of the 5.66 crore reported incidents. The DoT directive also mandates telecom companies to file police complaints against these telemarketers for circumventing the Distributed Ledger Technology (DLT) platform and distributing phishing messages.

The DLT platform is utilized to authenticate registered telemarketers and their messaging components, preventing unregistered entities from sending promotional messages. The DoT's actions were prompted by numerous complaints from telecom users regarding malicious SMSes. In response, the DoT employed facial recognition technology to block 6.76 lakh SIM cards and 10,296 mobile phones in Gujarat that were linked to cybercrime activities. 

Further investigations revealed financial connections between the identified companies and various organized transnational crimes, including fraudulent stock investments, prompting the Gujarat Police to launch inquiries. Despite the collaborative efforts involving telecom companies and regulatory bodies such as the Telecom Regulatory Authority of India (TRAI), the Reserve Bank of India (RBI), the Securities and Exchange Board of India (SEBI), and the Insurance Regulatory and Development Authority of India (IRDAI), significant challenges persist in curtailing spam and scam activities. The continuous evolution of spamming techniques poses a formidable challenge, necessitating ongoing adaptation and enhancement of countermeasures to effectively mitigate such threats.
Read more »
Technology
Chinese Tech CyberCrime Cyberhackers. Cybersecurity CyberThreat EU Germany Cyberbreach Technology

Alarm Bells Ring in Germany Over Chinese Tech Advancements

 


During the next five years, Germany will phase out components made by Chinese companies Huawei and ZTE from its 5G wireless network. This will likely worsen its already strained ties with the second-largest economy in the world, which may further strain its relations with Germany. According to the German Interior Ministry (BMI), by the end of 2026, components made by Chinese technology companies such as Huawei and ZTE will not be allowed to be used in the construction of the country's next-generation 5G mobile networks made by the German industry. 

To comply with this decision, the BMI decided that all existing components must be replaced by the year 2029. Considering 5G networks as a critical infrastructure, the German government maintains that they will have a key role to play in the energy, transportation, health care, and finance sectors in the coming years. A statement made by Huawei has been issued to CNN, stating that there has been no evidence or scenario that explicitly illustrates that its technology poses any security risks. 

A statement from the Chinese embassy in Germany said it was committed to taking whatever "necessary measures" to protect the interests of Chinese companies in Germany. According to the ban, Chinese technology companies are increasingly viewed with suspicion due to their alleged too-close ties to the government in Beijing as a result of their proliferation of investments. 

Particularly Beijing's desire to turn Huawei and ZTE into world leaders in higher-tech sectors has made Western governments wary of giving them too much influence over their national infrastructures, as it wants to establish them as the hub of the world's high-tech sector. In the meantime, another collaboration between several German and Chinese companies has created a stir in the industry. It has been announced that Luxcara, an independent asset manager based in Hamburg, Germany, has signed a contract with a Chinese company, Ming Yang, to construct wind turbines as part of a project that will be based off the coast of Germany. 

Ming Yang said in a statement on July 2 that its decision was based upon an extensive due diligence exercise that covered all aspects of the supply chain, environmental, social and governance compliance aligned with the EU taxonomy, as well as cybersecurity. It was a result of independent expertise provided by reputed international advisors. The German government also considers energy supply a critical infrastructure to generate 80% of the country's electricity by 2035 from renewable sources, which means that they will use less fossil fuels in the process. 

There is no doubt that wind power will play a significant role in the future mix of electric power sources in the world. As per official German data, during the first three months of this year, 38.5% of all electricity produced in Germany was generated by wind power, as well as 16.3% from solar energy. Among all the renewable sources of energy, wind power has seen the most significant growth. It has been important to Luxcara, according to Lars Haugwitz, senior consultant at Luxcara to select the most powerful turbines for their project to be a success. 

DW reported that only Ming Yang could deliver the unit on time with an 18.5-megawatt capacity by the end of 2028. He added that the decision was based on a thorough review of all the bids that DW had received throughout the international tender. In Europe, Vestas, a Danish offshore wind company, and Siemens Gamesa, a German-Spanish company, have held the majority of offshore wind power installations to date. The Chinese companies are now also considered by another German wind farm operator as a possible supplier for his project. 

 The German business daily Handelsblatt reports that RWE, the world's biggest energy company, is among those looking for alternatives, noting that there are limited wind turbine supplies in Europe, along with high demand. The German-based utility company recently issued a statement asserting that it currently has no Chinese suppliers within its wind energy portfolio and intends to maintain its collaboration with established European suppliers. 

However, a company spokesperson informed Deutsche Welle (DW) that the offshore wind industry must evaluate the offerings of Asian suppliers to determine if they meet the necessary standards in technology, quality, safety, and cost-effectiveness. According to Michael Tenten, managing director of Pure ISM—a company specializing in data security within the renewable energy sector—there are multiple reasons for the technological advancements of Asian companies, primarily economic. Tenten explained to DW that the swift availability of equipment is a significant factor. 

However, research conducted by the Kiel Institute for the World Economy (IfW) in Germany revealed that in 2022, over 99% of listed Chinese companies benefited from direct state subsidies. These companies also enjoyed privileged access to critical raw materials, enforced technology transfers in joint ventures, and support in public procurement processes. An example highlighted is China's car manufacturer BYD, which has emerged as the world's leading electric vehicle producer, largely due to substantial subsidies. Dirk Dohse, research director at IfW, recently told Handelsblatt that BYD has also received subsidies for battery production and component manufacturing. 

Dohse noted that while European industries often struggle to compete with Chinese pricing, without China's subsidized technology, the products essential for Germany's green transformation would be more expensive and less available. Michael Tenten of Pure ISM added that another source of mistrust towards Chinese suppliers is data security concerns. He pointed out that manufacturers typically operate their own control centres to monitor the wind farms they construct, and unless these centres are located in Germany, there remains a risk of foreign influence on operations. Lars Haugwitz of Luxcara considers this risk to be more theoretical, as there will be "no direct data link" between the German offshore wind park and the Chinese turbine manufacturer. 

Haugwitz assured that the control, operation, and maintenance of the turbines would be entirely managed within Germany. China's Ministry of Foreign Affairs issued a statement asserting that Germany’s actions severely damaged mutual trust and could affect future cooperation between China and Europe in related fields. This decision could further strain Germany’s relationship with China, its largest trading partner. Recently, Berlin blocked the sale of a Volkswagen subsidiary to a Chinese state-owned company on national security grounds, eliciting a strong response from Beijing. 

Concurrently, China is engaged in a trade dispute with the European Union, which recently increased tariffs on Chinese electric vehicles. A spokesperson for China’s Ministry of Foreign Affairs commented on Thursday that politicizing economic, trade, and technological issues would only disrupt normal technological exchanges. Germany has been deliberating for years on how to handle Huawei components in its 5G network, following the lead of the United States, the United Kingdom, Australia, and Japan, which have effectively banned the company from their 5G infrastructure due to concerns that Beijing could use Chinese tech companies to conduct espionage.
Read more »
Privacy
Cyber Hackers Cyberbreach CyberCrime Cybersecurity CyberThreat Data Major Breach Password Breach Privacy

Security Nightmare with Hackers Releasing 1,000 Crore Passwords in Major Breach

 


Cyber-security breaches are becoming more and more prevalent and this is causing a lot of concerns amongst the public. The report by Semafor claims that some 10 billion (1,000 crore) passwords have been leaked from a hacking forum online about a file that contains nearly 10 billion (1,000 crore) passwords. The incident that took place on July 4th is regarded as being among the largest cyber-security breaches that have been recorded in history. As a result of the massive leak, a credential stuffing attack could be performed with the help of this massive leak, highlighted the report. 

As a type of cyberattack, credential stuffing involves hackers stealing usernames and passwords from several related data breaches to gain access to other accounts owned by the same individual. A significant increase in cyberattacks and malicious attempts to steal data in the past five years has led to an increase in the probability of financial harm becoming a worldwide problem, not only for individual citizens but also for governments and financial institutions spread around the globe. 

Cybersecurity reports state that around 10 billion passwords belonging to various people have been made public on global forums, whether they represent social media accounts or email accounts owned by individuals. There is no doubt that this was one of the biggest data breaches ever in the history of mankind. 

The Semafor news website reports that a file containing around 10 billion (1,000 crores) passwords was leaked via online hacking forums, which was compiled by an anonymous hacker. Several old and new password breaches were compiled into the compilation, which was uploaded to the internet on July 4 and is one of the largest leaks that anyone has seen to date. According to the SEMAFO report, this massive leak has increased the risk that credential-stuffing attacks will become possible. 

As a result of the leak's nature, as it yields a single searchable file, hackers will have an easier time discovering user data thanks to the single searchable file. An attack called credential stuffing occurs when hackers use an infected password to access multiple accounts connected to the same user as soon as the password has been compromised. In the example below, it is possible to break into user A's bank account by using the email password that they use for their email. 

The cyber-news is reporting that credential stuffing attacks are compromising users across various platforms such as AT&T, Santander Bank, Ticketmaster, 23andMe, and several other companies. It was also noted in the report that related to a report by the International Monetary Fund (IMF) and a study published by Lancet Journal, the number of malicious cyberattacks has doubled globally since 2020, with the financial industry (20,000 cyberattacks since 2020) and health sectors being hit hardest. 

The size of the leak, however, has provided some relief for worried netizens - some analysts have suggested that, as a result of its sheer size, the file may not be able to be accessed. Even though more accounts have been leaked, the report notes that the likelihood of cyberattacks is not heightened just by more passwords being leaked - but of course, it highlights the "glaring holes" in the security systems in place.
Read more »
Vulnerabilities and Exploits
Clock PoC CloudFlare CVE Cyberattacks CyberCrime Cybersecurity CyberThreat Vulnerabilities and Exploits

Breaking Down the Clock PoC Exploits Utilized by Hackers Within 22 Minutes

 


It has been shown that threat actors are swift in weaponizing available proof-of-concept (PoC) exploits in real attacks, often within 22 minutes of publicly releasing these exploits. In that regard, Cloudflare has published its annual Application Security report for 2024, which covers the period between May 2023 and March 2024 and identifies emerging threat trends. It has been observed that Cloudflare, which currently processes an average of 57 million requests per second of HTTP traffic, continues to experience an increase in scanning for CVEs, followed by command injection attacks and attempts to weaponize available proofs-of-concept. 

Attackers may exploit a new vulnerability in as little as 22 minutes after the release of a proof-of-concept (PoC), depending on the vulnerability. It has been found that between May 2023 and May 2024, Cloudflare will receive 37,000 threats, which is the most significant number since May 2023. According to Cloudflare's Application Security Report for 2024, hackers are becoming more sophisticated in their search for previously unknown software vulnerabilities, also known as CVEs. They take immediate action when they find them, identifying how to exploit them and attempting to inject commands into them to execute attacks as soon as possible. 

Several CVE vulnerabilities have recently been revealed as vulnerabilities, but hackers have already been able to exploit them within 22 minutes of their disclosure. It was reported in the open-source community that CVE-2024-27198, a vulnerability in JetBrains TeamCity, was exploited by hackers. As a result of the evaluated period, the most targeted vulnerabilities were CVE-2023-50164 and CVE-2022-33891 within Apache software, CVE-2023-29298, CVE-2023-38203, and CVE-2023-26360 within Coldfusion software, and CVE-2023-35082 within Mobile Iron software. CVE-2024-27198 is a characteristic example of how weaponization is developing at an extremely fast rate since it is a vulnerability in JetBrains TeamCity that allows authentication bypass. 

During a recent incident, Cloudflare picked up on the fact that an attacker deployed a PoC-based exploit 22 minutes after it had been published, giving defenders very little time to remediate the attack. There can only be one way of combating this speed, according to the internet firm, and that is through the use of artificial intelligence (AI) to rapidly come up with effective detection rules. As DDoS attacks continue to dominate the security threat landscape, targeted CVE exploits are becoming a greater concern as well in the coming years.

Over a third of all traffic is automated today, and there is a possibility that up to 93% of it is malicious. Approximately 60% of all web traffic now comes from APIs, but only a quarter of companies know which API endpoints they have. Moreover, enterprise websites typically have 47 third-party integrations that are part of their platform. Cloudflare has also been able to gather some valuable information from the study, which is that in the case of API security, companies are still relying on outdated, traditional methods of providing API security. 

In the case of traditional web application firewall (WAF) rules, a negative security model is typically used in the design of those rules. It is assumed that the vast majority of web traffic will be benign in this scenario. Several companies utilize a positive API security model, where strictly defined rules dictate the web traffic that is allowed, while all other access is denied. Cloudflare's network currently processes 57 million HTTP requests per second, reflecting a 23.9% year-over-year increase. The company blocks 209 billion cyber threats daily, which is an 86.6% increase compared to the previous year. These statistics underscore the rapid evolution of the threat landscape. 

According to Cloudflare's report covering Q2 2023 to Q1 2024, there has been a noticeable rise in application layer traffic mitigation, growing from 6% to 6.8%, with peaks reaching up to 12% during significant attacks. The primary contributors to this mitigation are Web Application Firewalls (WAF) and bot mitigations, followed by HTTP DDoS rules. There is an increasing trend in zero-day exploits and Common Vulnerabilities and Exposures (CVE) exploitation, with some exploits being utilized within minutes of their disclosure. 

Distributed Denial of Service (DDoS) attacks remain the most prevalent threat, accounting for 37.1% of mitigated traffic. In the first quarter of 2024 alone, Cloudflare mitigated 4.5 million unique DDoS attacks, marking a 32% increase from 2023. The motivations behind these attacks range from financial gains to political statements.
Read more »
Mule Accounts Menace
Cyber Attacks CyberCrime Cyberhackers Cybersecurity CyberThreat Money Laundering Mule Accounts Menace

Unveiling the Mule Accounts Menace in Modern Money Laundering

 


In a recent statement, a member of the RBI's board of governors has urged banks to step up efforts against mule accounts. According to Piyush Shukla, money mules in India do much more than move money. A MULE ACCOUNT IS a bank account that receives funds from illegal activities and then transfers those funds to other accounts, thus serving as a bridge for money laundering and other illegal practices to take place. 

It is not uncommon in India to come across people who are opening mule accounts based on their bank accounts that they are offering in place of money as payment. The account holder's onboarding process is not automated in this way, which makes it more difficult to detect such accounts. Even though there are ways to put a stop to these accounts, the right controls and monitoring of the user's behaviour throughout the lifecycle of the account can be employed to give the user the greatest protection. 

Last November it was reported about the arrests of six people in Bengaluru about the alleged operation of 126 mule accounts. There has been raised concern by the Reserve Bank of India (RBI) earlier this week regarding certain banks having a huge number of fraudster accounts used for fraudulent transactions and loan evergreening by their customers. In a move to curb digital fraud, Shaktikanta Das, the governor of the Reserve Bank of India, has directed banks to crack down on the use of mule accounts as well as increase customer awareness and education initiatives.

Money mules can be generally categorized into five different kinds based on their level of complicity in a money laundering scheme and the way they are employed. A victim mule is a person who is unaware, for example, that his account has been compromised and that it is being abused by a fraudster who wants to launder money through his account. An incident of data breach most likely resulted in the victim's account details being leaked. 

Money mules can also come in the shape of misled parties, who are misled into sending and receiving money on behalf of fraudsters, believing that the money they are sending and receiving is clean. It is not uncommon for mules to respond to job advertisements they find interesting, and they respond to one or more of them that involve them executing transactions on behalf of the employers. One of the most common types of money mules is the deceiver. He or she opens new accounts by using stolen or synthetic identities to send and receive stolen funds. 

One way in which money is mulled is through the use of "peddlers", or people who sell their information to fraudsters, who then use that information to send and receive stolen funds. Mules can also be accomplices, who can open a new account in his name or use an existing one to send and receive funds at the direction of a fraudster, who instructs him to do so. In the study conducted by BioCatch, a digital fraud detection company, it was revealed that nine out of ten accounts were undetected as mule accounts by one of its Indian partners. 

During the first month of documented mule account activity, 86% of the sessions that were posted from within India were documented, however after a month those numbers dropped to just 20%, and 16% of those sessions were using a VPN to access such accounts. Although most of the activity in mule accounts happens in Bhubaneswar—15% —Lucknow and Navi Mumbai are each responsible for 3.4% of the activity. Two cities in West Bengal, Bhagabatipur and Gobindapur, recorded 1.7% and 2.6% of mule account activity, respectively. In comparison, Mumbai and Bengaluru reported 2.2% and 1.8% of such activity, respectively. 

To help customers prevent their bank accounts from becoming mule accounts, the following practices are recommended: 
1. Treat all unexpected communications, especially those offering lucrative, effortless jobs, with scepticism. 
2. Unrealistically high payments for straightforward tasks should raise alarms. 
3. Be wary of job offers with ambiguous descriptions and responsibilities, particularly if money transfers are involved. 
4. Scammers often pressure customers into making swift decisions, such as hurriedly confirming their identity or claiming a reward. Customers must pause and assess their demands carefully. 
5. Be extremely cautious while using unconventional payment methods, such as gift cards or virtual currencies. 

 In October 2023, the Reserve Bank of India (RBI) tightened the customer due diligence (CDD) norms by instructing banks and regulated entities to adopt a risk-based approach for periodic updating of know-your-customer (KYC) data. According to the latest Master Directions, the risk-based approach for periodic updating of KYC has been amended to state: “Registered Entities (REs) shall adopt a risk-based approach for periodic updating of KYC, ensuring that the information or data collected under CDD is kept up-to-date and relevant, particularly where it is high-risk.” 

Furthermore, the Master Directions emphasize that instructions on opening accounts and monitoring transactions should be strictly adhered to, to minimize the operations of money mules. These mules are used to launder the proceeds of fraud schemes, such as phishing and identity theft, by criminals who gain illegal access to deposit accounts. 

Banks are required to undertake diligence measures and meticulous monitoring to identify accounts operated as money mules, take appropriate action, and report suspicious transactions to the Financial Intelligence Unit.
Read more »
Rasomware Attack
Banks Cyber Attacks CyberCrime Cyberhackers Cybersecurity CyberThreat Rasomware Attack

Major Ransomware Attack Targets Evolve Bank, Impacting Millions

 


An Arkansas-based financial services organization confirmed the incident on July 1 shortly after the ransomware gang published data it claimed had been stolen during the attack and published it on its website. According to the company, there was no payment made to the ransom demand, so the stolen data was leaked online due to the failure to pay the ransom. 

Additionally, the bank also reported that the attackers had exfiltrated personal information from some of the bank's customers, including their names, Social Security numbers, and the bank account numbers associated with their accounts, along with their contact information. One of the nation's largest financial institutions, Evolve Bank & Trust, has shared the news of a data breach posing a massive threat to all 7.64 million individuals impacted by the data breach. 

After a period of system outages started occurring at the Arkansas-based bank in late May, officials initially thought that a "hardware failure" had caused the outages, but an investigation revealed that the outages were caused by a cyberattack. It was confirmed by Evolve that hackers infiltrated the company's network as early as February. This could have had a significant impact on sensitive customer data. 

Understandably, the official notification letter filed with the Maine Attorney General avoids specific details. Still, it is worth noting that the bank has acknowledged that it has lost names, social security numbers, bank account numbers, and contact information. The Maine Attorney General's Office was informed by one of the financial institutions on Monday that the personal information about 7,640,112 individuals was compromised in the attack and that it would provide them with 24 months of credit monitoring and identity protection due to the breach. 

Also on Monday, Evolve Bank started sending out written notifications to the impacted individuals, explaining that the ransomware attack occurred on May 29 and that the attackers had access to its network since at least February. Evolve did not specify what types of data had been compromised in the filing, but it previously said in a statement on its website that attackers accessed the names, Social Security numbers, bank account numbers, and contact information belonging to its personal banking customers, the personal data of Evolve employees and information belonging to customers of its financial technology partners. 

There are several partners in this list, including Affirm, which recently made a statement assuring customers that the Evolve breach "may have compromised some personal information and data" of its customers." Evolve's partner Mercury, which offers fintech solutions to businesses, made a statement on X in regards to the data breach that affected "some account numbers, deposit balances, and business owner names as well as emails" that were exposed. 

The money transfer company Wise (formerly TransferWise) confirmed last week that there may have been an issue with the confidentiality of some of its customers' personal information. A statement by Evolve confirmed this week that the intrusion was the result of a ransomware attack that was instigated by the Russia-linked LockBit group. LockBit's administrator, who was disrupted earlier this year by a multigovernmental operation, is still at large. 

When the bank discovered the hacker had accessed its systems in May, it was able to identify the intrusion as an attack by hackers. It's no secret that LockBit made a deal with hackers to release the compromised data on its dark web leak site, which has since been revived after Evolve refused to pay the ransom demand.  This letter, sent to customers, expresses Evolve's concern over the hacking of its customer database and a file-sharing system during February and May 2024, during which data about customers was accessed and downloaded. 

RaaS groups, like this one, often deploy misinformation or disinformation campaigns alongside cyberattacks as part of their tactics to cause confusion and add maximum impact to their operations. As a result of the breach at Evolve, financial institutions can be reminded of the critical need for them to take robust cybersecurity measures to prevent data breaches in the future. 

A growing number of open banking platforms are on the rise and several RaaS attacks are ever-present, as well as a growing warning about data security threats. Institutions need to prioritize data security and implement strong access controls, encryption, and incident response protocols to ensure that their data is secure.
Read more »
Technology
Authenticity Cyberattacks CyberCrime Cyberhackers CyberThreat F-15 F-35 Fighter Jets Technology

Chinese Expert Confirms Authenticity of Leaked F-35 and F-15 Documents

 


One of the key findings of a Chinese expert on information security is the authenticity of recent documents that leaked information on the F-35 fighter jet and sensitive US weapons. According to the expert, the documents appear authentic. Ivan Ivanov, an alleged Russian pilot with the handle Fighterbomber, claimed to be a Telegram encrypted messaging service user. He argued that an American company had provided him with 250 gigabytes of US military data between the two countries. 

It was published on July 2 by Fighterbomber on their YouTube channel, which has more than 500,000 subscribers. A day later, on July 3, he uploaded more leaked data to the YouTube channel. There are still a few documents that can be downloaded from the uploaded folder. When it came to gaining information about a potential adversary's military secrets, the intelligence community once had gone to great lengths. 

In the early 1980s, the U.S. Central Intelligence Agency (CIA) spent several years attempting to acquire a Soviet T-72 main battle tank (MBT), while it reportedly paid $5,000 to the Afghan Mujahedeen for capturing the first AK-74 assault rifle. It has been reported that several documents have been leaked, including F-35 aircraft manuals and documents concerning the F-15, its modifications, weapons systems, and the Switchblade drone and precision-guided missiles. 

Tang said, the documents are detailed and their format is similar to other US military information that has also been leaked on the web earlier this year. There is no doubt that these documents are not strictly blueprints or design documents, and only professionals can truly assess their actual value. In response to the leaks, military enthusiasts have been discussing how they could now construct a fighter jet in the garage if they had the right parts. 

 As the Chinese aviation blogger Makayev mentioned on his video channel, there appear to be three distinct categories when it comes to aircraft leaks. First, there are flight manuals, maintenance manuals, and aircrew weapons delivery manuals for the F-15SA, the version of the aircraft sold to Saudi Arabia over a decade ago. There are two types of manuals in the collection: the first is for the engine maintenance manual for the F110 engine that is used in the F-15SA, and the second is for the precision-guided missile user manuals. 

It appears that these texts are more likely to be simplified introductions to the design processes than detailed descriptions. They are likely to be orientated toward maintenance personnel and less likely to offer insights that could benefit China's mature military aviation industry, according to Makayev. As other commentators have pointed out, despite the Russian pilot's claim of having access to 250 gigabytes of data, additional manuals regarding aircraft maintenance and weapon designs may still be released later in the future, including some that may disclose the aircraft's weaknesses, especially given the pilot's assertion that he has access to 250 gigabytes. 

As Tang pointed out, there were several possibilities for the leaks, including a breach from a US defence firm or a third party pretending to be one of them. There were some parts of the F-35 documents that were partially redacted, which may indicate that they had already been declassified by that point. The official secrecy surrounding the older F-15 is lower, according to Tang, because it is regarded as a less valuable model. 

Tang stated that similar leaks were unlikely to occur in China, attributing this to the country's robust data security and confidentiality laws. According to Tang, the effectiveness of these policies, when properly implemented by security departments, would ensure that any potential breaches could be effectively contained. An anonymous expert from a Chinese military research institution emphasized that the institution regularly conducts data security training and evaluations. 

These measures were designed to ensure strict compliance with confidentiality obligations and to maintain the highest standards of data protection. Rising Information Technology, through a WeChat post, advised the public against downloading suspicious documents. The advisory warned that hackers might exploit popular events to disseminate viruses. It cautioned that downloading malicious documents could lead to devices being infected with ransomware or Trojan viruses, thus posing significant risks to users' data security.
Read more »
Privacy
Banks Cyberattacks CyberCrime Cyberhackers CyberThreat Digital Token OTP Passwords Privacy

Singapore Banks Phasing Out OTPs in Favor of Digital Tokens

 


It has been around two decades since Singapore started issuing one-time passwords (OTPs) to users to aid them in logging into bank accounts. However, the city-state is planning to ditch this method of authentication shortly. Over the next three months, major retail banks in Singapore are expected to phase out the use of one-time passwords (OTP) for account log-in by digital token users as part of their transition away from one-time passwords. 

With an activated digital token on their mobile device, customers will need to either use the token to sign in to their bank account through a browser or the mobile banking app on their mobile device. In a joint statement on Tuesday (Jul 9), the Monetary Authority of Singapore (MAS) and The Association of Banks (ABS) said that, while the digital token is designed to authenticate customers' logins, there will not be an OTP needed to prove identity, which scammers can steal or trick victims into disclosing. 

There is also a strong recommendation to activate digital tokens by those who haven't already done so, as this will greatly reduce the chance of having one's credentials stolen by unauthorized personnel. According to The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS), within the next three months, major retail banks in Singapore will gradually phase out the use of One-Time Passwords (OTPs) to log into bank accounts by customers who are using digital tokens. 

By doing this, the banks hope to better protect their customers against phishing attacks - at the very least against scams in which scammers get their customers to divulge their OTPs. To secure bank accounts, MAS and ABS encourage the use of digital tokens - apps that run on smartphones and provide OTPs - as a source of second-factor authentication, as opposed to software programs that are installed on computers. 

There will be better protection for them against phishing scams since they have been among the top five scam types over the past year, with at least SGD 14.2 million being lost to these scams, as outlined in the Singapore Police Force Annual Scams and Cybercrime Brief 2023, which was released in January of this year. When customers activate their digital tokens on their mobile devices, they will have to use these tokens when logging in to their bank accounts through the browser or by using the mobile banking app on their mobile devices. 

With the help of the token, scammers will be unable to steal your OTP, which customers may be tricked into revealing, or steal non-public information about themselves that they will be asked to provide. To lower the chances of having identity credentials phished, MAS and ABS have urged customers who haven't activated their digital token to do so, so that they don't become a victim of identity theft. The use of One Time Passwords (OTPs) has been used since early 2000 as a multi-factor authentication option to strengthen the security of online transactions. 

Nevertheless, technological advancements and more sophisticated social engineering tactics have since made it possible for scammers to manipulate phishing requests for customers' OTPs with more ease, such as setting up fake bank websites that closely resemble real banks' websites and asking for the OTP from them. As a result of this latest step, the authentication process will be strengthened, and it will be harder for scammers to trick customers out of money and funds by fraudulently accessing their accounts using their mobile devices without explicit authorization. 

During the 2000s, one-time passwords were implemented as a means to enhance the security of online transactions to strengthen multi-factor authentication. MAS and ABS have both warned consumers to be cautious about phishing for their OTP as a result of technological improvements and increasingly sophisticated social engineering techniques. There have been several phishing scams in Singapore over the past year, with at least $14.2 million lost to these scams, according to records released by the Singapore Police Force earlier this month. 

It is expected that this latest measure will enhance authentication and will ensure that scammers will not be able to fraudulently access a customer's accounts and funds without the explicit permission of the customer using their mobile devices," they commented. According to ABS Director Ong-Ang Ai Boon, this measure may cause some inconveniences for some consumers, but it is essential to help prevent unscrupulous suppliers and protect customers in the long run. 

The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) announced a collaborative effort to strengthen protections against digital banking scams. This initiative involves the gradual phasing out of One-Time Passwords (OTPs) for bank logins by customers utilizing digital tokens on their mobile devices. This rollout is anticipated to occur over the next three months. MAS, represented by Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime), emphasized their ongoing commitment to safeguarding consumers through decisive action against fraudulent digital banking activities. 

The elimination of OTPs aims to bolster customer security by mitigating the risks associated with phishing attacks. Phishing scams have evolved alongside advancements in technology, enabling fraudsters to more effectively target customer OTPs. They often achieve this by creating deceptive websites that closely mimic legitimate banking platforms. ABS, represented by Director Ong-Ang Ai Boon, acknowledged that this measure might cause minor inconveniences. 

However, they firmly believe such steps are essential to prevent scams and ensure customer protection. MAS, through Ms. Loo, reaffirmed the significance of maintaining good cyber hygiene practices in conjunction with this latest initiative. Customers are urged to remain vigilant and safeguard their banking credentials at all times. MAS and ABS jointly urge customers who haven't activated their digital tokens to do so promptly. 

This action minimizes the vulnerability of their credentials to phishing attempts. By implementing this multifaceted approach, MAS and ABS aim to create a more secure digital banking environment for customers in Singapore.
Read more »
Yemeni
Cyberattacks Cyberhackers CyberThreat Cyebrcrime Military Phones Privacy. SMS Yemeni

Yemeni Hackers Unmasked Spying on Middle Eastern Military Phones

 


According to researchers at MIT, a Yemeni hacking group has been eavesdropping on the phone calls of military personnel in the Middle East, the latest example of mobile surveillance becoming prevalent in conflicts around the world as a result of the proliferation of mobile technologies. According to new research, American Shia Islamist allies of an organization that operates in Yemen have been using surveillance technology to target militaries in a range of countries throughout the Middle East since 2019. It has been discovered that a threat actor aligned with the Houthis has used malware known as GuardZoo to steal photos, documents, and other files from devices infected with the malware, researchers at Lookout reported in a report posted Tuesday. 

A majority of the roughly 450 victims, according to unprotected controller logs, were found in Yemen, Saudi Arabia, Egypt, and Oman. In contrast, a smaller number were found in the United Arab Emirates, Turkey, and Qatar, based on unsecured server logs. There was a civil war between Houthis and Arab soldiers in the city of Sanaa in 2014 when they took control. This led to a famine in the city. According to human rights groups, there have been a series of arbitrary arrests, torture, and enforced disappearances in Yemen since June 2019, following a controversial Saudi-led intervention there. 

According to Lookout, the campaign is believed to have started as early as October and has been attributed to a threat actor aligned with the Houthi militia, based on information such as the application lures, control-and-control server logs, targets, and the location of the attack infrastructure, and Lookout confirmed this. Lookout says its surveillance tool draws its name from a piece of source code that persists on an infected device for a long period. 

According to the report, the malware not only steals photos and documents from an infected device, but it can also "coordinate data files related to marked locations, routes, and tracks" and can identify the location, model number, cellular service provider, and configuration of a Wi-Fi enabled device. Developed by Symantec, the GuardZoo Java application is a modified version of a remote access trojan (RAT) called Dendroid RAT which was originally discovered in March 2014 by Broadcom-owned Symantec. Earlier in August, it had been revealed that there had been a leak of the entire source code for the crimeware solution. 

This piece of malware was first sold for a one-off price of $300, but the capabilities it offers go far beyond what is expected from commodity malware. It is equipped with phone numbers and call logs that can be deleted, web pages that can be accessed, audio and call recordings, SMS messages that can be accessed, and even HTTP flood attacks. The researchers from Lookout said in a report shared with us that the code base underwent many changes, new functionalities were added and unused functions were removed. They added that many changes had been made for the betterment of the code base. As Guardzoo says in a statement, the command and control (C2) backend is no longer based on Dendroid RAT's leaked PHP web panel but rather uses an ASP.NET-based backend created specially for C2. 

After embarking on a military campaign against the then government in 2014, the Houthi movement became internationally known when it caused that government's fall, and set off the post-war humanitarian crisis that followed. Iran backs this group, and they have been fighting against a Saudi-backed military force for years. The militant group recently carried out a series of crippling attacks against international ships transiting the Strait of Hormuz in retaliation for Israel's military operation in Gaza, which has put a strain on international shipping.   

There has been an increase in the use of cyber capabilities by the Houthis in recent years. Researchers from Recorded Future have observed hackers with likely ties to the Houthis carrying out digital espionage campaigns that were carried out using WhatsApp as a method of sending malicious lures to targeted individuals last year.   On Tuesday, Lookout's report revealed that an ongoing campaign not only relied on direct browser downloads but also utilized WhatsApp to infect its targets. Lookout’s senior security researcher, Alemdar Islamoglu, noted that the group behind this campaign, which had not been previously observed by their researchers, showed a particular interest in maps that could disclose the locations of military assets. 

The campaign predominantly employed military themes to attract victims. However, Lookout researchers also identified the use of religious themes and other motifs, including examples such as a religious-themed prayer app or various military-themed applications. Additionally, Recorded Future released a report on Tuesday concerning a group likely affiliated with pro-Houthi activities, which they have named OilAlpha. This group continues to target humanitarian organizations operating in Yemen, including CARE International and the Norwegian Refugee Council. The report noted that military emblems from various Middle Eastern countries, such as the Yemen Armed Forces and the Command and Staff College of the Saudi Armed Forces, were used as lures in military-themed applications. 

Recorded Future’s Insikt Group documented that OilAlpha is targeting humanitarian and human rights organizations in Yemen with malicious Android applications. The group's objective appears to be the theft of credentials and the collection of intelligence, potentially to influence the distribution of aid. The Insikt Group first detected this exploit in May, with CARE International and the Norwegian Refugee Council among the affected organizations.
Read more »
Mobile Encryption
Cyber Security Cyberattacks CyberCrime cybercriminals CyberThreat Europol Mobile Encryption

Mobile Encryption Innovation Aids Criminals, Europol Reports

 


Europol has proposed solutions to address some of the challenges posed by privacy-enhancing technologies found in Home Routing, which pose a challenge for law enforcement agencies in intercepting communications during criminal investigations as a result of these technologies. There was a previous report by the agency in its Digital Challenges series in which it discussed the difficulty of gathering admissible evidence during investigations due to end-to-end encryption on communication platforms. 

This is the name given to an in-home routing system used by telecommunications companies to allow customers to send traffic to their home network, from calls, messages, and internet data, even when they are away from home. In a new report that was published by the EU Innovation Hub for Internal Security, it was examined how users can uphold citizens' privacy while simultaneously facilitating criminal investigations and prosecutions. 

There is no doubt that encryption is one of the most important means by which private communications may be protected. Meanwhile, it is also conducive to allowing threat actors to always remain hidden from the eyes of law enforcement to carry out their malicious activities. Companies must understand the needs, challenges, and priorities of their stakeholders within the Justice and Home Affairs (JHA) community to take the necessary measures to preserve the fundamental rights of the citizens of Europe while maintaining a safe environment. 

The privacy-enhancing technologies (PETs) that can be applied in Home Routing support data encryption at the service level, and the devices that are subscribed in the home network exchange session-based keys with the provider. In the case of the home network provider using PET technology, all traffic remains encrypted, as the key is inaccessible to both the home network's backend and the visiting network, which serves as a forwarder. It is due to this setup that authorities are prevented from obtaining evidence through the use of local Internet service providers (ISPs) as part of lawful interception activities. 

It explains that by implementing Home Routing, any suspect using a foreign SIM card cannot be intercepted after that device is deployed, says the European agency in a press release. If this is the case, then it may be necessary for police forces to rely on the cooperation of foreign service providers or issue a European Investigation Order (EIO), which can take significantly longer than it would normally take to complete an investigation, especially in cases where emergency interceptions are required; for example, replying to an EIO can take up to four months in most cases. 

There is no doubt that criminals are aware of this loophole in the law and are exploiting it to avoid being caught by law enforcement in their respective countries, as summarized by the European agency. The European Union's law enforcement agency Europol is appealing to stakeholders to consider two possible solutions that would effectively eliminate delays and procedural frictions associated with lawful communication interceptions. 

One of the first variants being considered is the enforcement of a regulation in the European Union that disables PE in the home routing protocol. It will be possible for domestic service providers to intercept calls made by individuals who are using foreign SIM cards but they will not have to share information about the person of interest with outside parties. A spokesperson for the agency said that by using this solution, both roaming subscribers, as well as subscribers in their local area, will be able to take advantage of the same level of encryption as communication through their national SIM card. 

However, subscribers abroad do not benefit from the added encryption of their home country, which is included in the subscription package. Furthermore, there is a second proposal where companies propose implementing a cross-border mechanism that allows law enforcement agencies within the European Union to issue interception requests that are promptly handled by the service providers to assist law enforcement agencies. Europol has identified two potential solutions to address the challenges posed by Home Routing and mobile encryption in criminal investigations. 

The first solution allows Privacy-Enhancing Technologies (PET) to be enabled for all users. However, this could result in a service provider in another EU member state learning about individuals of interest in an investigation, which may not be desirable. The second proposed solution involves establishing a mechanism for rapidly processing interception requests from service providers in other EU member states. Europol emphasizes that these two solutions are merely possible avenues for safeguarding and maintaining existing investigatory powers. 

The agency's goal is to highlight the impact that Home Routing encryption has on investigations, urging national authorities, legislatures, and telecommunications service providers to collaborate in finding a viable solution to this problem.
Read more »
Privacy
Cyberattacks CyberCrime Cybernews CyberThreat Data threats Hacking ObamaCare Password Privacy

Hackers Leak 10 Billion Passwords How Users Should Respond

 


Several months ago, security researchers discovered the world's largest collection of stolen passwords and credentials had been uploaded to an infamous criminal marketplace where cybercriminals would trade such credentials for a considerable amount of money. A hacker known as 'ObamaCare' has posted a database which, according to the hacker, contains nearly 10 billion unique passwords built over many years as a result of numerous data breaches and hacks he has been spreading across the web for several years. 

'ObamaCare', a user identified as 'ObamaCare', posted on a popular hacking forum on Thursday a collection of leaked passwords known as 'RockYou2024'. In the past, 'ObamaCare' has outsourced stolen data on the internet several times and it is not the first time they have done so. According to the report, the user had previously shared a database of Simmons & Simmons employees, a lead from the online casino AskGamblers, and applications from Rowan College in New Jersey before taking down the reports. 

The researchers at CyberNews have reported that on July 4, 2014, a hacker using the handle "ObamaCare" posted a file on a hacking forum that contained 9,948,575,739 unique plaintext passwords. The password dump that was recently found on the web is a more recent version of the "RockYou2021" data leak collection that surfaced in June 2021. 

In that particular instance, there were 8.4 billion unique passwords within the stolen collection of passwords at the time. This goldmine of thousands of unique passwords has been expanded by cybercriminals since 2021. The goldmine now includes 1.5 billion new and unique passwords added by these cyber criminals. “The team verified the leak passwords by cross-referencing the RockYou2024 leak passwords with a leaked password checker provided by Cybernews, which showed that these passwords were obtained from a mix of both old and new leaks,” Cybernews researchers wrote. 

There seem to have been a record number of stolen and leaked credentials discovered on the BreachForums criminal underground forum by security researchers from Cybernews. This collection has been the largest collection that has ever been seen on that site. A compilation of RockYou2024 appears to consist of an astonishing 9,948,575,739 unique passwords, all in plaintext form, with a total of 9,948,575,739 passwords. 

The database is said to have been built from an earlier credentials database called RockYou 2021, which contained eight billion passwords, and that has been added to with roughly 1.5 billion new passwords. The credential files cover a period to be measured between the years 2021 and 2024, and a total of 4,000 huge databases of stolen credentials have been estimated to contain information spanning a minimum of two decades in the latest credential file. 

Researchers stated that, in essence, the RockYou2024 leak contains a compilation of passwords that are used by people around the world. They also stated that, according to the researchers, the number of passwords used by threat actors is very large, which translates into a substantial risk of credential-stuffing attacks. There are several ways in which credential stuffing and brute force attacks can be mounted on passwords that have been leaked in such datasets. In credential stuffing attacks, the criminal acts by which they use passwords that have been stolen from one device or account to gain access to another device or account are described as the practice of the criminals. 

There is a premise at the foundation of this attack that users often have a single password for all of their accounts and devices, which allows criminals to access their account information, including other accounts or all their accounts, using that password. It is a process of using trial and error methods to try and guess sign-in information, passwords, and encryption keys for network systems. This is called a brute force attack. In a report published by Cybernews, the researchers said the database, which can be used to target all sorts of services, from online to offline, to internet-facing cameras and industrial hardware, is among the data. 

"By combining the data from RockYou2024 with other leaked databases from hacker forums, marketplaces, and other places where electronic mail addresses and other credentials can be published, it has the potential to trigger a cascade of data breaches, identity thefts, and financial frauds," the researchers stated. The multi-platform password manager that Bitdefender offers offers numerous benefits, including automatic password leak alerts that alert you as soon as your passwords and emails have been exposed online, with the ability to change them immediately. 

Users are advised to utilize a digital identity protection service to monitor their online identity and receive real-time alerts about data breaches and leaks involving their online information. One such service, Bitdefender Digital Identity Protection, offers a comprehensive solution for identity protection. Bitdefender Digital Identity Protection enables users to respond immediately to data breaches and privacy threats. 

Through instant alerts, users can take swift action to prevent damage, such as changing passwords with one-click action items. The service provides real-time monitoring by continuously scanning the internet and the dark web for personal information. Users receive alerts whenever their data is involved in a data breach or leak. Additionally, Bitdefender Digital Identity Protection offers peace of mind by immediately flagging suspicious activity and actively monitoring personal information. Users can rest assured that their digital identity is under constant surveillance. 

Furthermore, the service provides a 360° view of all data associated with a user’s digital footprint. This includes traces from services no longer in use but still retaining the user’s data. Users can also send requests for data removal from service providers, ensuring a more secure online presence. Overall, Bitdefender Digital Identity Protection is recommended for users seeking to safeguard their online identity and stay informed about potential security threats in real-time.
Read more »
Subscribe to: Posts (Atom)