Search This Blog

Showing posts with label Government Sites. Show all posts

Expert Opinion: The Consequences of the War of the Hacker Group Anonymous against Russia

 

Anonymous hacktivists announced on Twitter about the beginning of the war with Russia because of the special operation in Ukraine. The group is known for its massive DDoS attacks, declassification of government documents, and hacking of politicians' accounts. Information security experts told how Anonymous can harm Russia. 


Information security experts are confident that a real threat may be hiding behind the Anonymous statement. "Government websites, government online services such as Gosuslugi, email, social media accounts of politicians, websites and IT infrastructure of state banks and defense companies can be attacked", said Sergey Nenakhov, head of the information security audit department of Infosecurity a Softline Company. 

According to him, this community has repeatedly manifested itself earlier in hacktivism, hacking government websites, e-mails of politicians from different countries. They also manifested themselves in the online fight against the Islamic State organization (it is banned in Russia), obtaining and publishing information about members of the terrorist organization. 

Group-IB noted that the danger lies in the fact that other groups, including pro-state hacker groups targeting critical infrastructure facilities, may operate under the guise of Anonymous. 
"As for Anonymous, they act as follows: first, in public communities, for example, on Twitter, they call for attacks on certain organizations as part of a particular campaign. In order for users to easily identify these attacks, they usually use special hashtags for each event and the hashtag Anonymous. These campaigns can be joined by young hackers without professional skills and abilities. However, the strength of such actions lies precisely in the mass character of hacktivists," the company explained.

Fedor Dbar, commercial director of Security Code, believes that much will depend on whom the group will carry out the attacks. "The most serious consequences could be caused by attacks on critical information infrastructure (CII) facilities, but it cannot be said that tomorrow we will be left without electricity or electricity."

NSW Government Database Compromises 500,000+ Addresses

 

The government of New South Wales (NSW) has admitted to a data breach that exposed more than 500,000 addresses via a government website. 

According to 9News, the NSW Customer Services Department acquired hundreds of thousands of locations through its QR code registration system before making them public on a government website. The locations belonged to firms that were registered as COVID-safe businesses, which was an option offered to all NSW businesses as well as those from other jurisdictions with interests in NSW. 

Skeeve Stevens, a technology specialist in the security and intelligence space who spotted the dataset in September and stated he notified cyber security professionals, who then informed the government. Defence sites, missile maintenance facilities, domestic violence shelters, essential infrastructure networks, and correctional facilities were among the targets. Locations in Western Australia, Victoria, Queensland, South Australia, and the Australian Capital Territory were also included in the database. 

Last October, the government forwarded the matter to the privacy commissioner, who determined that the incident did not constitute a privacy breach. The issue was brought to the attention of NSW Premier Dominic Perrottet this week, and he admitted that the material had been posted incorrectly. 

Perrottet stated, "That was worked through [the] privacy commissioner. My understanding is they were satisfied that the matter was resolved and that information was taken down. It shouldn't have happened."

According to 9News, the NSW Department of Customer Services classified fewer than 1% of the 566,318 locations as sensitive. 

A department spokesperson stated, "These businesses were all contacted by telephone and letter. No issues of concern were raised by any recipients." 

The COVID-Safe Businesses and Organization dataset has been withdrawn, according to a notice on the NSW data website dated 12 October 2021. “We have identified issues with the integrity of the data with the recent increase in volume of registrations. We apologise for any inconvenience,” stated the notice, without revealing what the issue was. 

Last weekend, a marketing stunt by Coinbase used QR codes to bring potential consumers to its site, prompting experts to debate whether they pose a true cyber security danger. Some experts believe they shouldn't be trusted because of the risk of being hijacked by cyber thieves, while others believe the fear around the technology is exaggerated and the real-world threat is minimal.

 New Mexico Jail went on Lockdown due to Cyberattack

 

The Metropolitan Detention Center (MDC) in Bernalillo County, New Mexico, went on lockdown five days after the new year. In the wake of a ransomware attack, an Albuquerque jail lost access to its video feeds and its automatic door mechanisms were rendered ineffective. As a result, inmates have been confined to their cells as technicians work to restore service. The jail's internet connection has been knocked out by a ransomware attack, putting most of their data systems, security cameras, and automatic doors inoperable. While MDC personnel worked to get everything back up and running, inmates were confined to their cells. 
 
"Most county buildings are closed to the public," officials said shortly after the incident in a statement. "However, given the circumstances, county personnel are working remotely and will assist the public as much as possible. County system vendors are notified, and are working to resolve the problem and restore system functionality." 

The Metropolitan Detention Center in the state lost access to some of its most important security technologies, such as camera feeds and automated jail doors. For obvious reasons, the county was compelled to lock down the whole jail, confining all of the inmates to the cells for the time being. 

Ransomware is becoming one of the most serious dangers to both commercial companies and government institutions around the world. As more official and commercial businesses are conducted online, ransomware attacks, in which a hacker steals data from the victim or takes control of a computer system until a ransom is paid, are becoming more widespread. 

A township spokeswoman, Tia Bland, said workers had some luck getting MDC cameras to work over the weekend. Officials at the facility expressed optimism that additional progress would be made on Monday. Beginning Monday at 8 a.m., public access to the county headquarters at Alvarado Square will be restricted. Following this, companies and organizations are under a lot of pressure to pay up not only to get the company's data unlocked but also to avoid enraged clientele and authorities who issue severe warnings about giving money to criminals.

FBI: Fake Government Websites Used to Steal Private & Financial Data

 

The FBI has alerted the public in the United States that threat actors are proactively capturing sensitive financial and personal information from innocent victims via phoney and fraudulent unemployment benefit websites. 

Websites used in these assaults are built to seem just like official government platforms in order to deceive victims into giving over their information, infecting them with malware, and claiming unemployment benefits on their behalf. 

The federal law enforcement agency stated in a public service announcement published on Internet Crime Complaint Center's site, "These spoofed websites imitate the appearance of and can be easily mistaken for legitimate websites offering unemployment benefits. The fake websites prompt victims to enter sensitive personal and financial information. Cyber actors use this information to redirect unemployment benefits, harvest user credentials, collect personally identifiable information, and infect victim's devices with malware.” 

"In addition to a loss of benefits, victims of this activity can suffer a range of additional consequences, including ransomware infection and identity theft." 

As per the FBI, 385 domains were detected, with eight of them spoofing government sites related to official unemployment benefits platforms. Domain and status are listed below:
  • employ-nv[.]xyz:  Active 
  • employ-wiscon[.]xyz: Inactive 
  • gov2go[.]xyz : Active 
  • illiform-gov[.]xyz : Active 
  • mary-landgov[.]xyz : Active 
  • Marylandgov[.]xyz: Inactive 
  • newstate-nm[.]xyz:  Active 
  • Newstatenm[.]xyz: Inactive 
There is also a possibility that the data obtained through these fake sites will end up in the hands of identity fraudsters, who would use it in different benefit fraud schemes. The US Federal Trade Commission (FTC) reported in February 2021 that the overall number of identity theft reports doubled in 2020 compared to 2019, with 1.4 million reports in a single year. 

The FTC stated, "2020’s biggest surge in identity theft reports to the FTC related to the nationwide dip in employment. After the government expanded unemployment benefits to people left jobless by the pandemic, cybercriminals filed unemployment claims using other people’s personal information." 

For example, the FTC received 394,280 reports of government benefits fraud attempts last year, the majority of which were connected to unemployment benefit identity theft fraud, compared to 12,900 reported in 2019. 

The Internal Revenue Service (IRS) also issued taxpayer guidelines in January on recognizing theft activities involving unemployment payments. The US federal revenue service stated, "The Internal Revenue Service today urged taxpayers who receive Forms 1099-G for unemployment benefits they did not actually get because of identity theft to contact their appropriate state agency for a corrected form." 

"Additionally, if taxpayers are concerned that their personal information has been stolen and they want to protect their identity when filing their federal tax return, they can request an Identity Protection Pin (IP PIN) from the IRS." 

The FBI also offered some advice on how to safeguard yourself against identity theft in the release and a few are listed below: 
  • To identify limitations, the spelling of web addresses should be verified. 
  • Check that the website you're visiting has an SSL certificate. 
  • Software upgrades are required; 
  • It is recommended that two-factor authentication be utilized. 
  • Avoid phishing emails at all costs.