Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial Exploit. Show all posts
TheMoon
Cyber Security Financial Exploit IoT devices Routers TheMoon

Malware Targets End-of-Life Routers and IoT Devices

 




A recent investigation by Black Lotus Labs team at Lumen Technologies has revealed a concerning trend in cybercriminal activity targeting end-of-life (EoL) routers and IoT devices. The research sheds light on a sophisticated campaign utilising updated malware known as TheMoon, which has quietly grown to infect over 40,000 devices across 88 countries by early 2024.

The primary target of this campaign appears to be small home and small office routers, which are often overlooked when it comes to security updates. Unlike desktop and server computing, where automatic updates are the norm, many IoT devices lack this crucial feature. This oversight leaves them vulnerable to exploitation by cybercriminals.

One of the key findings of the investigation is the emergence of a malicious proxy service called Faceless, which offers anonymity services to cybercriminals for a minimal fee. By routing their traffic through compromised devices, malicious actors can conceal their true origins, making it difficult for law enforcement to track their activities.

According to Jason Soroko, a cybersecurity expert, routers and networking equipment with weak passwords have long been easy targets for cyber attacks. However, what sets this campaign apart is the use of proxy networks to obfuscate command-and-control (C2) traffic, indicating a new level of sophistication among cybercriminals.

The Mechanism Behind The Threat

The malware responsible for these attacks is distributed through a botnet orchestrated by TheMoon. It targets vulnerable EoL routers and IoT devices, infecting them with a loader that fetches an executable file from a C2 server. This file includes a worm module that spreads to other vulnerable devices, as well as a component used to proxy traffic to the internet on behalf of the attacker.

Global Impact: Financial Sector Under Siege

Despite a majority of infected hosts being located in the U.S., the threat extends globally, with devices in 88 countries falling victim to the campaign. The financial sector, in particular, is a prime target for password spraying and data exfiltration attacks, posing significant risks to organisations worldwide.

Recommendations for Defenders

Network defenders are urged to remain vigilant against attacks on weak credentials and suspicious login attempts. Additionally, experts recommend implementing measures to protect cloud assets from communicating with malicious bots and blocking indicators of compromise (IoCs) with web application firewalls.

The advent of this new cyber threat calls for regular security updates and proper maintenance of IoT devices, especially those nearing the end of their lifecycle. Failure to address these vulnerabilities could have far-reaching consequences, as cybercriminals continue to exploit them for financial gain.




Read more »
Private Keys
Crypto Scam Cyber Attacks Ethereum Financial Exploit phishing Private Keys

Crypto Phishing Scams: $47M Lost in February

 


In February, cybercriminals orchestrated a series of sophisticated crypto phishing scams, resulting in a staggering $47 million in losses. These scams, often initiated through social media platforms like X (formerly Twitter), saw a dramatic 40% surge in victims compared to January, with over 57,000 individuals falling prey to their deceitful tactics. Despite the increase in victims, the overall amount lost decreased by 14.5%, indicating a slight reprieve amidst the relentless onslaught of crypto-related scams.

Leading the charge in terms of losses were Ethereum (ETH) and the layer-2 network Arbitrum (ARB), accounting for three-quarters and 7.4% of the total losses, respectively. ERC-20 tokens, a popular form of cryptocurrency, constituted a staggering 86% of the assets pilfered by cybercriminals, highlighting their preference for easily transferable digital assets.

At the heart of these scams lies a cunning strategy: impersonating legitimate entities, such as well-known crypto projects, to trick unsuspecting users into divulging sensitive information like private keys. These keys serve as a gateway to users' digital wallets, which are subsequently raided by the scammers, leaving victims reeling from substantial financial losses.

Scam Sniffer, a prominent anti-scam platform, shed light on the prevalent use of fake social media accounts in these fraudulent schemes. By impersonating X accounts of reputable crypto projects, phishers exploit users' trust in official channels, coaxing them into unwittingly surrendering their private keys.

The year 2023 witnessed a staggering $300 million in losses due to crypto phishing scams, ensnaring over 320,000 users in their intricate web of deception. In recent times, scammers have adopted a new tactic, luring users with enticing "airdrop claim" links, which, unbeknownst to the victims, serve as traps to drain their wallets of funds.

Even high-profile entities like MicroStrategy have fallen victim to these scams, with their social media accounts compromised to disseminate phishing airdrop links. Additionally, the email services of reputable Web3 companies have been hijacked to distribute fraudulent airdrop claim links, resulting in significant financial losses for unsuspecting victims.

To shield themselves from falling prey to these scams, users are urged to exercise utmost vigilance and meticulously scrutinise any suspicious communication. Signs such as typographical errors, content misalignment, and grammatical inconsistencies should serve as red flags, prompting users to exercise caution when engaging with crypto-related content online.

By staying informed and adopting proactive measures, individuals can practise safety measures against these malicious schemes, safeguarding their hard-earned assets from falling into the clutches of cybercriminals.


Read more »
Scammers
Amazon CIA agent Cyber Fraud Federal Trade Commission Financial Exploit Scammers

How a Fake CIA Agent Duped Someone out of $50,000

 



Given a recent incident reported by The Cut, freelance finance writer Charlotte Cowles fell victim to an elaborate scam that highlights the dangers of social engineering. The scam began with a call from a number appearing as "Amazon," leading Cowles to believe she was a victim of identity theft. The caller, posing as a Federal Trade Commission official, connected her with a fake CIA agent named Michael. Over hours on the phone, "Michael" convinced Cowles that she faced serious charges related to the identity theft and persuaded her to withdraw $50,000 in cash. The twist? She was instructed to hand over the money to the CIA, which would inexplicably issue her a check for her own funds.

Despite suspicions during the ordeal, the scammers manipulated Cowles into isolation, urging her not to involve her family or the police, claiming it could jeopardise their safety. This tactic of isolating the victim is a common element in scams, aiming to heighten emotions and push individuals into making decisions they might not otherwise make. The scammers played on Cowles' fears for herself and her family, using personal details like the last four digits of her Social Security number to further erode her judgement.

Experts emphasise that falling victim to professional scammers is not a matter of lacking savvy. Selena Larson, a senior threat intelligence analyst, stresses that fraud perpetrators excel at social engineering and employ tactics like instilling fear, excitement, or urgency to manipulate their targets. To protect against such scams, Larson advises people to be wary of anyone trying to isolate them from friends and family, cautioning against trusting individuals posing as government officials or celebrities. Immediate requests for money and a sense of urgency are red flags that should prompt individuals to break off contact and report the activity.

This cautionary tale serves as a reminder that anyone can be targeted by scams. Larson suggests a vigilant approach, emphasising the importance of staying connected with loved ones and not succumbing to isolation. Additionally, adopting a strategy similar to Cowles' newfound tactic—never answering calls from unknown numbers—can be an effective way to avoid falling prey to scams.

As online threats continue to multiply, it is crucial for individuals to remain informed and alert. The incident also borders on the broader issue of cyber threats, including state-backed hacking efforts, ransomware attacks on hospitals, and the impact of cyberattacks on vulnerable communities. Stay safe and informed as we venture through the complexities of online security.

Read more »
Indian Government
CyberCrime Cybersecurity Data Breach Financial Exploit Indian Government

Dawnofdevil Hackers on the Rise Again

 



In the ongoing battle to secure the cyber realm, the emergence of new hackers continues unabated, constantly innovating methods to breach the digital boundaries that safeguard your online world. A new hacking collective known as "dawnofdevil" has emerged as a potent threat to various Indian entities, with a particular focus on government organisations. This group, operating discreetly within the confines of BreachForums, has boldly asserted its successful infiltration into the security apparatus of the Income Tax Department of India. The potential compromise of sensitive information within this governmental body raises significant concerns about data confidentiality and the potential for unauthorised access to various affiliated websites.

Operating under the pseudonym "dawnofdevil," an unidentified individual has boldly claimed to breach the robust security infrastructure of the Income Tax Department. The purported breach involves gaining unauthorised access to an email account hosted on the incometax.gov.in domain, a development that could potentially open avenues for unauthorised registrations on a range of government-affiliated websites. Adding to the gravity of the situation, the hacker is actively seeking buyers for this compromised email access, attaching a price tag of US$500 to the illicit offering.

Expanding their cyber activities, dawnofdevil has recently made waves by claiming a successful breach of Hathway, a prominent broadband and cable TV service provider in India. The hacker boasts of obtaining personal data from a staggering 41.5 million customers, comprising names, addresses, phone numbers, and even password hashes. This extensive dataset is being offered for sale at a substantial price of US$10,000. Furthermore, the hacker asserts control over access to MySQL and Oracle databases, totaling over 400 GB of data spread across more than 800 tables with production data. Additionally, the claim includes possession of 4 million+ KYC documents, containing sensitive details like full names, Aadhar numbers, PAN cards, and other national ID information.

To underscore the magnitude of the breach, dawnofdevil has shared samples of the compromised data, revealing the depth and variety of information at risk. In a move to facilitate the sale of this illicit information and enable targeted searches, the hacker has established a Tor site. This dark web portal allows individuals to search for specific data entries using mobile numbers and email addresses.

The implications of these security breaches are profound, necessitating a comprehensive understanding of the potential risks involved. As investigations unfold, there is an urgent need to employ the importance of robust cybersecurity measures. The broader community, both organisations and individuals alike, should remain vigilant in the face of these evolving cyber threats, taking proactive steps to safeguard sensitive data and mitigate the risks associated with unauthorised access. Stay tuned for ongoing updates as the alleged organisations look closely into the investigation, and the cybersecurity world continues to make developments. 


Read more »
Online data breach
Alkem Laboratories Cyber Attacks Cybersecurity Financial Exploit Online data breach

Alkem Labs: Rs 52 Crore Cyber Fraud Shakes Security

 


Alkem Laboratories, a prominent pharmaceutical company, is grappling with a cybersecurity issue involving a Rs 52 crore fraudulent transfer. The company had taken steps to protect itself by teaming up with Check Point Software Technologies in November 2023 to prevent cyber attacks. 
The recent breach allowed unauthorised access to email accounts of some employees in one of Alkem's subsidiaries. Although the company is investigating, specific details about the incident are not disclosed. 

Despite the breach, Alkem Laboratories assured that the amount involved didn't surpass certain predefined limits. In the financial realm, the company reported a strong performance with an operating revenue of Rs 2,634.6 crore and a net profit of Rs 646.5 crore for the quarter ending September 2023. 

This incident highlights the ongoing challenges businesses face in the digital age. Even a well-established company like Alkem is not immune to cyber threats, emphasising the need for increased awareness and security measures in today's interconnected world. Following the cybersecurity incident at Alkem Laboratories, the company took proactive steps by enlisting an external agency to investigate the matter. The investigating agency submitted a detailed report to the Board of Directors, emphasising that the impact of the incident was confined to the previously mentioned amounts. 

In a move towards transparency and good governance, the Board of Directors, during their meeting on January 12, 2024, decided to disclose the cybersecurity incident to the stock exchanges. The decision, rooted in the principles of openness and accountability, aims to keep stakeholders informed about the situation. 

While the investigation's conclusion indicated that the impact was limited, the company recognizes the importance of sharing such incidents for the sake of transparency. This move aligns with industry best practices and demonstrates Alkem Laboratories' commitment to keeping shareholders and the public well-informed about developments that could affect the company's operations and reputation. 

Addressing the cybersecurity incident, Alkem Laboratories clarified that it did not stem from any fraudulent activities involving promoters, directors, key managerial personnel, or any staff within the company or its subsidiary. The company affirmed its commitment to ethical practices and reported taking necessary steps, including filing complaints with relevant governmental and regulatory authorities. 

In November 2023, Alkem Laboratories strategically partnered with Check Point Software Technologies, a Nasdaq-listed cybersecurity solutions company, to strengthen defences against cyber threats. This collaboration aimed to shield the pharmaceutical company's facilities from potential cyber attacks. 

As the company works out the aftermath of the cybersecurity breach, it remains dedicated to transparency and accountability. The assurance that the incident was not internally driven, coupled with proactive measures taken alongside Check Point Software Technologies, underscores Alkem Laboratories' commitment to prioritising cybersecurity and maintaining stakeholder trust. 

In an era where cybersecurity threats are on the rise, such actions not only serve to address the immediate situation but also contribute to the broader conversation around the need for robust cybersecurity measures in the corporate landscape. The disclosure to stock exchanges stresses upon the company's dedication to ethical business practices and maintaining trust with its stakeholders.


Read more »
IT Security
British Library Cyber Crime Data Breach Financial Exploit IT Security

British Library Braces for £7 Million Cyber Woes

 



The British Library faces a potential £7 million expenditure from a severe cyber attack that disrupted its website and internal WiFi in October. Perpetrated by the Rhysida group, the attackers demanded a £600,000 ransom, leading to the compromise of hundreds of thousands of files, including customer and personnel data, when the library refused to pay. 

Reports suggest the library plans to utilise approximately 40% of its reserves, around £6 to £7 million out of an unallocated £16.4 million, to rebuild its digital services. The final recovery costs are yet to be confirmed, and investigations are underway by the National Cyber Security Centre and cybersecurity specialists. 

In a recent post on social media, the library explained the ongoing challenges caused by the cyber attack. The incident affected the website, online systems, and some on-site services. The attack is confirmed as ransomware, raising concerns about the potential exposure of user data on the dark web. 

Working in conjunction with cybersecurity specialists and collaborating with the Metropolitan Police, the library anticipates a prolonged period for the thorough analysis of the breached data. Despite persistent issues with online systems, the library's physical locations remain accessible. To address user needs, a reference-only version of the primary catalogue is expected to be back online by January 15. 

Acknowledging the sustained patience and support from users and partners, Sir Roly Keating, the Chief Executive of the British Library, expressed gratitude. He highlighted the ongoing efforts to assess the impact of this criminal attack and implement measures for the secure and sustainable restoration of online systems. 

Providing a precise timeline for the restoration process is premature at this stage, but regular updates will be offered as progress is made in this critical endeavour. 

The primary motivation behind cyber attacks is financial gain. This criminal activity, aptly named ransomware, involves using malicious software to disrupt, damage, or gain unauthorised access to computer systems, compelling organisations and businesses to pay a ransom. 

While the Department for Digital, Culture, Media and Sport (DCMS) chose not to comment on the matter, a Government insider confirmed the expectation that the British Library would tap into its reserves for recovery. 

As the British Library deals with the consequences of this cyber attack, the challenges underscore the pervasive threat posed by ransomware, highlighting organisations must work on their resilience of digital fortifications and guard against the risks posed by such malevolent activities.


Read more »
Tech Giant
App Developers App Store Apple Data Breach Digital Services Epic Games Financial Exploit Fortnite Google Tech Giant

Epic Games Wins: Historic Decision Against Google in App Store Antitrust Case

The conflict between tech behemoths Google and Apple and Fortnite creator Epic Games is a ground-breaking antitrust lawsuit that has rocked the app ecosystem. An important turning point in the dispute occurred when a jury decided to support the gaming behemoth over Google after Epic Games had initially challenged the app store duopoly.

The core of the dispute lies in the exorbitant fees imposed by Google and Apple on app developers for in-app purchases. Epic Games argued that these fees, which can go as high as 30%, amount to monopolistic practices, stifling competition and innovation in the digital marketplace. The trial has illuminated the murky waters of app store policies, prompting a reevaluation of the power dynamics between tech behemoths and app developers.

One of the key turning points in the trial was the revelation of internal emails from Google, exposing discussions about the company's fear of losing app developers to rival platforms. These emails provided a rare glimpse into the inner workings of tech giants and fueled Epic Games' claims of anticompetitive behavior.

The verdict marks a significant blow to Google, with the jury finding in favor of Epic Games. The decision has broader implications for the tech industry, raising questions about the monopolistic practices of other app store operators. While Apple has not yet faced a verdict in its case with Epic Games, the outcome against Google sets a precedent that could reverberate across the entire digital ecosystem.

Legal experts speculate that the financial repercussions for Google could be substantial, potentially costing the company billions. The implications extend beyond financial penalties; the trial has ignited a conversation about the need for regulatory intervention to ensure a fair and competitive digital marketplace.

Industry observers and app developers are closely monitoring the fallout from this trial, anticipating potential changes in app store policies and fee structures. The ruling against Google serves as a wake-up call for tech giants, prompting a reassessment of their dominance in the digital economy.

As the legal battle between Epic Games and Google unfolds, the final outcome remains years away. However, this trial has undeniably set in motion a reexamination of the app store landscape, sparking debates about antitrust regulations and the balance of power in the ever-evolving world of digital commerce.

Tim Sweeney, CEO of Epic Games, stated "this is a monumental step in the ongoing fight for fair competition in digital markets and for the basic rights of developers and creators." In the coming years, the legal structure controlling internet firms and app store regulations will probably be shaped by the fallout from this trial.

Read more »
Technology
Blockchain Technology Crypto Hacking Data Privacy Financial Exploit North Korea Hackers Online Safety Technology

How Blockchain Technology is Playing a Major Role in Combating Crypto Hacking Risk

 

The world of cryptocurrencies is not immune to the shadows that come with living in a time when digital currencies are having such a significant impact on the global financial landscape. 

Malicious actors are devising complex plans to take advantage of this expanding market while remaining unseen and hidden in the shadows of the internet. Even if the situation involving the most recent Euler Finance exploit and the Ronin Network hack last year was frightening, it is not an isolated incident. 

The finding of a potential link between these instances has caused concern among those in the cryptocurrency community regarding the security and traceability of digital assets. 

The Ronin Bridge exploiter, who is thought to be connected to the notorious North Korean hacker group Lazarus Group, received 100 Ether, or $170,515, via a wallet address connected to the Euler Finance exploit. These occurrences serve as a sharp reminder of the cyberthreats that exist within the crypto sector and may jeopardise its integrity and safety. 

However, this cloud does have a silver lining. The discovery of these links further demonstrates the effectiveness of blockchain technology in locating and perhaps even reducing these concerns. As we continue reading this article, we'll examine the intricacies of cryptocurrency hacking and talk about how to effectively counter such malicious threats. 

How does crypto hacking work?

Crypto hacking, in its most basic form, is the unauthoritative access to and theft of digital assets kept in cryptocurrency wallets and exchanges. It is a type of cybercrime that targets the blockchain ecosystem specifically and takes advantage of flaws in hardware, software, or user behaviour to gain cryptocurrencies in an unauthorised manner. 

Crypto hackers use a variety of strategies. One of the most typical is phishing, where a hacker impersonates a reliable entity to deceive people into disclosing sensitive information like private keys or login passwords. The use of malware or ransomware, which infiltrates networks and either directly steals cryptoassets or holds them for ransom, is a further popular tactic. However, these aren't the only techniques available for crypto cracking. Since hot wallets on crypto exchanges are more prone to attack than cold wallets, hackers target them. 

This includes the current scandals surrounding the Ronin Network and Euler Finance. They depict what are referred to be DeFi exploits. DeFi platforms, like Euler Finance, run on smart contracts, which are self-executing contracts with the conditions of the agreement put directly into code. These smart contracts have numerous benefits, such as transparency and a reduction in the need for middlemen, but they may also have flaws or other weaknesses that cunning hackers might take advantage of. 

Rise in crypto crimes

In 2022, Chainalysis recorded bitcoin thefts of $3.8 billion, a startling increase from the $0.5 billion taken in 2020 and a 15% increase over the $3.3 billion reported in 2021. The increase in online holdings brought about by the rise in public use of digital currencies has made them more desirable and reachable targets for cybercriminals.

De-Fi protocols, essential pieces of technology that support major cryptocurrency exchanges and organisations, were identified by Chainalysis as the key target of assaults in both 2023 and 2022. De-Fi protocols accounted for 82% of all hacking instances in 2022, an increase from 73% in the previous year. 

North Korea continues to lead the pack in terms of dedication to bitcoin hacking. Chainalysis estimates that NK-connected cybercrime groups, such the Lazarus Group, stole $1.7 billion in 2022, making up about half of the annual global total. In 2022, NK stole more digital currency than ever before, according to a recent United Nations report on cyberattacks, albeit the value of the stolen assets vary. 

According to The Conversation, North Korea uses the stolen cryptocurrency to fund its sanctioned nuclear programme, indicating that its hacking activities are unlikely to slow down anytime soon. Compared to prior years, 2022 will see a significant increase in hacking activity, according to Chainalysis' year-over-year research. 

Prevention tips 

The increase in crypto hacking events and the daring actions of organisations like the Lazarus Group highlight the pressing need for strong deterrents. A multifaceted strategy combining technological, legal, and instructional tactics is necessary to tackle these dangers.

Technology-based barriers: The first line of defence against advanced persistent threats is strong cybersecurity measures. This entails the deployment of firewalls, secure, up-to-date software, and robust encryption for all data transmissions. MFA, or multi-factor authentication, can offer an additional layer of security to prevent unauthorised access. 

Regular smart contract audits by outside security companies can aid in identifying and fixing vulnerabilities in the DeFi space before they are exploited. Additionally, the usage of bug bounty programmes, in which ethical hackers are compensated for identifying and disclosing software vulnerabilities, might be an efficient tactic to foreseeably discover possible security weaknesses.

Legal obstacles: Another important component of stopping crypto hacking is using legal disincentives. This entails the creation and application of stringent legislation and rules to deter online criminal activity. The decentralised and international character of cryptocurrencies, however, can make enforcing laws more difficult. Despite these difficulties, there have been cases where hackers have been caught and charged, including the notorious Silk Road case, illustrating the effectiveness of legal deterrents. Blockchain forensics and international cooperation between law enforcement organisations can be crucial in locating and prosecuting these fraudsters. 

Educational barriers: Education is also a potent deterrent. In cybersecurity, the human element is frequently the weakest link since people are readily duped into disclosing private information or acting riskily. Therefore, educating people on how to protect their digital assets, spreading awareness of safe online conduct, and encouraging these behaviours are essential steps in preventing crypto hacking. 

Cybercrime is still a significant concern as we negotiate the complicated world of cryptocurrency. Axie Infinity's Ronin Network and the hacker group Lazarus' suspected involvement in such breaches serve as a sobering warning of the vulnerability of digital assets. Although law enforcement authorities and cybersecurity companies are stepping up their efforts to prevent and track down these hackers, the reality is that due to the anonymity and decentralised nature of cryptocurrencies, these efforts are made more difficult. 

Though it is still in its infancy, insurance is beginning to show promise as a way to reduce the risk of loss from cybercrimes. Crypto insurance may provide some amount of defence against losses brought on by theft, hacking, and other cybersecurity breaches. However, it is a challenging task due to the volatile nature of crypto assets and the absence of comprehensive rules.

In the end, protecting digital assets depends on personal watchfulness, technological breakthroughs, legal frameworks, and international cooperation. The necessity for effective legal deterrents and strong cybersecurity safeguards will only become more pressing as we continue to learn more about cryptocurrency. In this fast-changing environment, the development of crypto insurance and other preventive measures will surely play a crucial role.
Read more »
Subscribe to: Posts (Atom)