Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacker attack. Show all posts
Hacker attack
Bank Data Bank Hacking Credit Card hack Cyber Attacks Cyberhacking data security Hacker attack

Hacker Subscription Service Exposes 600,000 Bank Card Details

 

A disturbing new hacker subscription service has emerged, offering access to 600,000 stolen bank card details for a fee of just £120. This service, identified by cybersecurity researchers from Flare, is named “Breaking Security” and allows its subscribers to exploit stolen bank card information for various illicit activities, including unauthorized transactions and identity theft. 

The service provides subscribers with detailed information about the compromised cards, including card numbers, expiration dates, and CVV codes. This data enables hackers to make online purchases or even clone the cards for physical transactions. The subscription service’s affordability and extensive database make it particularly dangerous, as it lowers the barrier for individuals seeking to engage in cybercrime. Flare’s researchers have highlighted the significant threat posed by Breaking Security, noting that such services are part of a growing trend in the cybercrime industry. These services make it easier for less technically skilled individuals to access sophisticated tools and data, leading to a rise in cybercrimes. 

The availability of such a service underscores the evolving nature of cyber threats and the increasing sophistication of criminal networks. Authorities are currently investigating Breaking Security to identify and apprehend the perpetrators behind the service. Law enforcement agencies are working to mitigate the impact on the affected individuals and prevent further exploitation of the stolen card data. The investigation is focused on tracking down the source of the data breach and the infrastructure supporting the subscription service. This incident highlights the critical importance of robust cybersecurity measures for both individuals and organizations. 

For individuals, it is crucial to regularly monitor bank statements for unauthorized transactions and to use security features such as two-factor authentication wherever possible. Organizations, on the other hand, must invest in comprehensive security solutions to protect sensitive data and detect breaches promptly. The emergence of Breaking Security also points to a broader issue within the cybercrime ecosystem. As long as there is a market for stolen data, cybercriminals will continue to find innovative ways to monetize their activities. 

This calls for a coordinated effort between law enforcement, cybersecurity experts, and financial institutions to dismantle such operations and safeguard against future threats. In conclusion, the discovery of the Breaking Security subscription service represents a significant threat to financial security and privacy. The service’s ability to provide extensive access to stolen bank card details for a relatively low cost is alarming. It underscores the need for enhanced vigilance and proactive measures to combat the growing menace of cybercrime. 

As investigations continue, it is essential for individuals and organizations to remain vigilant and take necessary steps to protect themselves from such sophisticated threats.
Read more »
Ransom Demand
Data Breach data security Hacker attack Healthcare Hacking healthcare sectors hospital data London Patient Data Ransom Demand

Massive Data Breach Hits London Hospitals Following Cyber Attack

 

In a severe cyber attack targeting a London hospital, hackers have published a massive 400GB of sensitive data, raising significant alarm within the healthcare sector. This breach underscores the escalating threat posed by cybercriminals to critical infrastructure, especially within public health services. 

The attack, attributed to a sophisticated hacking group, involved infiltrating the hospital’s IT systems, exfiltrating vast amounts of data, and subsequently releasing it online. The compromised data reportedly includes patient records, internal communications, and operational details, posing severe privacy risks and operational challenges for the hospital. The cybercriminals initially demanded a hefty ransom for the decryption of the stolen data and for not making it public. When the hospital administration, adhering to governmental policies against ransom payments, refused to comply, the hackers followed through on their threat, releasing the data into the public domain. 

This move has not only compromised patient privacy but has also led to significant disruptions in hospital operations. Experts warn that the healthcare sector is increasingly becoming a prime target for ransomware attacks due to the sensitive nature of the data and the critical need for operational continuity. The incident has once again highlighted the urgent need for robust cybersecurity measures within healthcare institutions. Public healthcare providers often operate with complex IT systems and limited budgets, making them vulnerable targets for cyber attacks. 

The ramifications of such breaches are far-reaching, affecting not just the targeted institution but also the patients relying on its services. In response to the breach, the hospital has ramped up its cybersecurity protocols, working closely with cybersecurity experts and law enforcement agencies to mitigate the damage and prevent future incidents. Efforts are also underway to support affected patients, ensuring that their data is secured and providing necessary assistance in the wake of the breach.  

This incident serves as a stark reminder of the persistent and evolving threat landscape that healthcare providers face. It underscores the necessity for continuous investment in cybersecurity infrastructure and the implementation of proactive measures to safeguard sensitive data against potential breaches. 

As the investigation into this attack continues, healthcare institutions worldwide are urged to reassess their cybersecurity strategies, ensuring that they are equipped to defend against such malicious activities. The leak of 400GB of sensitive data stands as a testament to the devastating impact of cybercrime on critical public services, emphasizing the importance of vigilance and robust security practices in the digital age.
Read more »
Ticketmaster
cloud storage Cyber Attacks Data Security Breach Google Mandiant Hacker attack ShinyHunters Ticketmaster

Hackers Exploit Snowflake Data, Targeting Major Firms

 

Hackers who stole terabytes of data from Ticketmaster and other customers of the cloud storage firm Snowflake claim they gained access to some Snowflake accounts by breaching a Belarusian-founded contractor working with those customers. Approximately 165 customer accounts were potentially affected in this hacking campaign targeting Snowflake’s clients, with a few identified so far. 

It was a Snowflake account, with stolen data including bank details for 30 million customers and other sensitive information. Lending Tree and Advance Auto Parts might also be victims. Snowflake has not detailed how the hackers accessed the accounts, only noting that its network was not directly breached. Google-owned security firm Mandiant, involved in investigating the breaches, revealed that hackers sometimes gained access through third-party contractors but did not name these contractors or explain how this facilitated the breaches. 

A hacker from the group ShinyHunters said they used data from an EPAM Systems employee to access some Snowflake accounts. EPAM, a software engineering firm founded by Belarus-born Arkadiy Dobkin, denies involvement, suggesting the hacker’s claims were fabricated. ShinyHunters has been active since 2020, responsible for multiple data breaches involving the theft and sale of large data troves. EPAM assists customers with using Snowflake's data analytics tools. The hacker said an EPAM employee’s computer in Ukraine was infected with info-stealer malware, allowing them to install a remote-access Trojan and access the employee’s system. 

They found unencrypted usernames and passwords stored in a project management tool called Jira, which were used to access and manage Snowflake accounts, including Ticketmaster’s. The lack of multifactor authentication (MFA) on these accounts facilitated the breaches. Although EPAM denies involvement, hackers did steal data from Snowflake accounts, including Ticketmaster's, and demanded large sums to destroy the data or threatened to sell it. The hacker claimed they directly accessed some Snowflake accounts using the stolen credentials from EPAM’s employee. The incident underscores the growing security risks from third-party contractors and the importance of advanced security measures like MFA. 

Mandiant noted that many credentials used in the breaches were harvested by infostealer malware from previous cyber incidents. Snowflake’s CISO, Brad Jones, acknowledged the breaches were enabled by the lack of MFA and mentioned plans to mandate MFA for Snowflake accounts. This incident highlights the need for robust cybersecurity practices and vigilance, particularly when dealing with third-party contractors, to safeguard sensitive data and prevent similar breaches in the future.
Read more »
IT Infrastructure
Australia Australian Businesses Cyberattack cybercriminals Data Breach Fortinet Hacker attack Hackers IT Infrastructure

The Growing Threat of Data Breaches to Australian Businesses

 

Data breaches are now a significant threat to Australian businesses, posing the risk of "irreversible brand damage." A cybersecurity expert from Fortinet, a global leader in the field, has raised alarms about cybercriminals increasingly targeting the nation’s critical infrastructure. Cybercriminals are continually finding new ways to infiltrate Australia’s infrastructure, making businesses highly vulnerable to attacks. 

The Australian federal government has identified 11 critical sectors under the Security of Critical Infrastructure Act, which was amended in 2018 to enforce stricter regulations. Businesses in these sectors are required to complete annual reporting to notify the federal government of any attempts to access their networks. Michael Murphy, Fortinet’s Head of Operational Technology and Critical Infrastructure, recently discussed the severity of cyber threats on Sky News Business Weekend. During the 2022-2023 financial year, 188 cybersecurity incidents were reported across critical sectors, highlighting ongoing risks to national networks like water and energy supplies. 

Additionally, the Australian Bureau of Statistics found that 34 percent of businesses experienced resource losses managing cybersecurity attacks in the 2021-2022 financial year, and 22 percent of Australian businesses faced a cybersecurity attack during that period—more than double the previous year’s figure. Even small businesses are now vulnerable to cybercrime. Murphy pointed out that among entities with mandatory reporting, 188 incidents were reported, with 142 incidents reported by entities outside of critical infrastructure, demonstrating the widespread nature of the threat. He explained that hackers are motivated by various factors beyond financial gain, including the desire for control. 

The consequences of cyber attacks can be severe, disrupting systems and causing significant downtime, which leads to revenue loss and irreversible brand damage. Critical infrastructure sectors face unique challenges compared to the IT enterprise. Quick restoration of systems is often not an option, and recovery can take considerable time. This extended downtime not only affects revenue but also damages the reputation and trustworthiness of the affected organizations. Murphy noted that many incidents are driven by motives such as financial profiteering, socio-political influence, or simply the desire of hackers and syndicates to boost their credibility. 

As cyber threats evolve, it is crucial for businesses, especially those in critical infrastructure sectors, to strengthen their cybersecurity measures. While annual reporting and adherence to federal regulations are essential, proactive strategies and advanced security technologies are necessary to mitigate risks effectively.
Read more »
Windows
CPR Cyber Attacks Hacker attack Hacking Iranian hackers Isreal Linux Public Networks Windows

Iranian Hacker Group Void Manticore Linked to Destructive Cyber Attacks on Israel and Albania

 

A recent report from Check Point Research (CPR) has unveiled the activities of an Iranian hacker group known as Void Manticore, which has been linked to a series of destructive cyber attacks on Israel and Albania. Affiliated with Iran’s Ministry of Intelligence and Security (MOIS), Void Manticore operates alongside another Iranian threat actor, Scarred Manticore, to carry out these attacks. 

The group employs various online personas, such as "Karma" for attacks in Israel and "Homeland Justice" for those in Albania. Their tactics involve gaining initial access to target networks using publicly available tools and deploying custom wipers to render data inaccessible on both Windows and Linux systems. CPR’s analysis details a systematic collaboration between Void Manticore and Scarred Manticore. Initially, Scarred Manticore gains access and exfiltrates data from targeted networks. 

Control is then transferred to Void Manticore, which executes the destructive phase of the operation. This strategic partnership amplifies the scale and impact of their cyber attacks. The report underscores the similarities in the attacks on Israel and Albania, including the exploitation of specific vulnerabilities for initial access, the use of similar tools, and the coordinated efforts between the two groups. These overlaps suggest a well-established routine for the Iranian hacker groups. 

Void Manticore's toolkit includes several custom wipers, such as the CI Wiper, Partition Wipers like LowEraser, and the recently deployed BiBi Wiper, named after Israeli Prime Minister Benjamin Netanyahu. These wipers specifically target files and partition tables, using advanced techniques to corrupt files and disrupt system functionality. 

The revelation of Void Manticore's activities and its collaboration with Scarred Manticore underscores the growing sophistication and coordination of state-affiliated cyber threat actors. The combined use of psychological tactics and destructive malware represents a significant escalation in cyber warfare, posing substantial risks to national security and critical infrastructure. 

As these cyber threats continue to evolve, it is imperative for nations and organizations to strengthen their cybersecurity defenses and enhance their capabilities to detect, mitigate, and respond to such sophisticated attacks. The report from CPR serves as a crucial reminder of the persistent and evolving nature of cyber threats posed by state-affiliated actors like Void Manticore and Scarred Manticore.
Read more »
Symantec
Cyber Attacks Cyberhacking Hacker attack Hacker group Kimsuky Linux Malware Malware Trojan North Korea Hackers Software Symantec

North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers

 

North Korean hacker group Kimsuky has unveiled a new Linux malware named "Gomir," a variant of the GoBear backdoor. This development marks a significant advancement in the group's cyber espionage tactics. Kimsuky, linked to North Korea’s military intelligence, the Reconnaissance General Bureau (RGB), has a history of sophisticated cyber attacks aimed primarily at South Korean entities. 

In early February 2024, researchers at SW2, a threat intelligence company, reported a campaign by Kimsuky involving trojanized versions of various software solutions. These included TrustPKI and NX_PRNMAN from SGA Solutions and Wizvera VeraPort. The primary targets were South Korean entities, and the malicious software delivered the Troll Stealer and Go-based Windows malware known as GoBear. 

Further investigation by Symantec, a Broadcom company, revealed that the same campaign also deployed a Linux variant of the GoBear backdoor, dubbed "Gomir." This new malware shares many similarities with its Windows counterpart, featuring direct command and control (C2) communication, persistence mechanisms, and support for executing a wide range of commands. Upon installation, Gomir checks the group ID value to determine if it runs with root privileges on the Linux machine. 

It then copies itself to /var/log/syslogd for persistence, creates a systemd service named ‘syslogd,’ and issues commands to start the service. Following these steps, the original executable is deleted, and the initial process is terminated. To ensure it runs on system reboot, the backdoor attempts to configure a crontab command by creating a helper file ('cron.txt') in the current working directory. If successful, the helper file is removed. Gomir supports 17 operations triggered by commands received from the C2 via HTTP POST requests. 

These operations include pausing communication with the C2 server, executing arbitrary shell commands, reporting the current working directory, probing network endpoints, and more. Notably, these commands are almost identical to those supported by the GoBear Windows backdoor, highlighting the malware's versatility and Kimsuky's ability to adapt its tools across different operating systems. Symantec researchers have pointed out that supply-chain attacks, such as trojanized software installers and fake installers, are a preferred attack method for North Korean espionage actors. 

The choice of software for trojanization seems to be carefully selected to maximize infection rates among South Korean targets. By compromising widely used software solutions, Kimsuky increases its chances of infiltrating targeted systems and exfiltrating valuable data. The implications of Kimsuky's activities are significant. By enhancing their malware capabilities and expanding their target range to include Linux systems, Kimsuky poses a heightened threat to organizations, particularly those in South Korea. 

The use of advanced malware like Gomir demonstrates the group's continuous evolution and sophistication in cyber espionage. Symantec's report on this campaign includes a set of indicators of compromise (IOCs) for multiple malicious tools observed, including Gomir, Troll Stealer, and the GoBear dropper. These IOCs are crucial for cybersecurity professionals to detect and mitigate the impact of these threats. 

As the digital landscape continues to evolve, the need for robust cybersecurity measures becomes ever more critical. Organizations, especially those in high-target regions like South Korea, must remain vigilant and proactive in their defense strategies. This includes regularly updating software, conducting thorough security assessments, and implementing comprehensive threat detection and response mechanisms. 

The emergence of Gomir and similar threats underscores the importance of international cooperation in combating cybercrime. By sharing intelligence and collaborating on cybersecurity initiatives, nations can better protect their critical infrastructure and sensitive data from sophisticated threat actors like Kimsuky.
Read more »
Password Security
Cyber Hacking Cyber Security data security Hacker attack Password Password Hacking Password Security

The Race Against Time: How Long Does It Take to Crack Your Password in 2024?

In the ever-evolving landscape of cybersecurity, the battle between hackers and defenders rages on. One of the fundamental elements of this battle is the strength of passwords. As technology advances, so too do the methods and tools available to hackers to crack passwords. 

In 2024, the time it takes to crack a password depends on various factors, including its length, complexity, and the resources available to the hacker. Gone are the days when a simple six-character password could provide adequate protection. With the increasing computational power of modern machines and the prevalence of sophisticated hacking techniques, such passwords can be cracked in mere seconds. In 2024, the gold standard for password security lies in lengthy, complex combinations of letters, numbers, and symbols. 

So, how long does it take for a hacker to crack a password in 2024? The answer is not straightforward. It depends on the strength of the password and the methods employed by the hacker. For instance, a short, simple password consisting of only lowercase letters can be cracked almost instantly using a brute-force attack, where the hacker systematically tries every possible combination until the correct one is found.  

However, longer and more complex passwords present a significantly greater challenge. In 2024, state-of-the-art hacking tools utilize advanced algorithms and techniques such as dictionary attacks, where common words and phrases are systematically tested, and rainbow tables, which are precomputed tables used to crack password hashes. These methods can significantly reduce the time it takes to crack a password, but they are still thwarted by sufficiently strong passwords. 

The concept of password entropy plays a crucial role in determining its strength against cracking attempts. Password entropy measures the randomness or unpredictability of a password. A password with high entropy is more resistant to cracking because it is less susceptible to brute-force and dictionary attacks. In 2024, experts recommend using passwords with high entropy, achieved through a combination of length, complexity, and randomness. 

To put things into perspective, let's consider an example. A randomly generated 12-character password consisting of uppercase and lowercase letters, numbers, and symbols has an extremely high entropy. Even with the most advanced cracking techniques available in 2024, it could take billions or even trillions of years to crack such a password using brute-force methods. 

However, the human factor remains a significant vulnerability in password security. Despite the availability of password managers and education on password best practices, many people still choose weak passwords or reuse them across multiple accounts. This behavior provides hackers with ample opportunities to exploit security vulnerabilities and gain unauthorized access to sensitive information. 

The time it takes for a hacker to crack a password in 2024 varies depending on factors such as password strength, hacking techniques, and computational resources. While advances in technology have empowered hackers with increasingly sophisticated tools, the key to effective password security lies in employing strong, unique passwords with high entropy. By staying vigilant and adopting best practices, individuals and organizations can fortify their defenses against malicious cyber threats in the digital age.

Read more »
Patient Data
Cybersecurity Data Breach Data Safety data security Hacker attack Healthcare Breach IT system Patient Data

DocGo Confirms Cyberattack: Patient Health Data Breach

 

In a recent turn of events, DocGo, a prominent mobile medical care firm providing healthcare services across the United States and the United Kingdom, has fallen victim to a cyberattack. The breach, confirmed by the company in a filing with the U.S. Securities and Exchange Commission (SEC), has raised concerns about the security of patient health data and the impact on DocGo's operations. 

Here's what we know so far: According to the SEC filing, DocGo discovered unauthorized activity within its systems and promptly initiated an investigation with the assistance of third-party cybersecurity experts. While the company has not disclosed the specific nature of the cyberattack, it is common practice for organizations to shut down affected IT systems to prevent further compromise. 

As part of their investigation, DocGo determined that the hackers gained access to a "limited number of healthcare records" belonging to the company's U.S.-based ambulance transportation business. This breach has raised serious concerns about the security of patient health information and the potential impact on individuals affected by the attack. In response to the breach, DocGo is actively reaching out to individuals whose data may have been compromised. The company assures that no other business units have been affected, and they have not found evidence of continued unauthorized access. 

Despite the breach, DocGo believes that the incident will not have a significant impact on its operations and finances. One of the key concerns following a cyberattack of this nature is the possibility of ransomware involvement. If the attackers deployed ransomware and a ransom demand is not met, there is a risk that the stolen data could be used as leverage for future extortion attempts against DocGo. However, as of now, no threat actors have claimed responsibility for the breach. The breach at DocGo underscores the importance of robust cybersecurity measures in protecting sensitive medical data. 

Healthcare organizations must remain vigilant against evolving cyber threats and prioritize the security of patient information. Additionally, swift and transparent communication with affected individuals is crucial in mitigating the potential impact of a data breach. As the investigation into the cyberattack continues, DocGo is likely to implement additional security measures to prevent future incidents and safeguard patient health data. 

However, the full extent of the breach and its implications for affected individuals remain to be seen. The cyberattack on DocGo serves as a stark reminder of the persistent threat posed by cybercriminals to organizations across all sectors, including healthcare. It highlights the need for continuous monitoring, robust cybersecurity protocols, and proactive response strategies to mitigate the risks associated with data breaches
Read more »
Singapore
Cyber Crime Cyber Safety CyberCriminal data security Data Stolen Data Theft Database Breach Hacker attack KYC Singapore

Cybercriminals Threaten Release of Stolen World-Check Database, Exposing Millions to Financial Risk

 

A financially motivated criminal hacking group, self-identified as GhostR, has claimed responsibility for the theft of a confidential database containing millions of records from the renowned World-Check screening database. The stolen data, totaling 5.3 million records, includes sensitive information used by companies for screening potential customers and assessing their links to sanctions and financial crime.
 
World-Check, a vital tool for conducting "know your customer" (KYC) checks, enables companies to identify high-risk individuals with potential ties to money laundering, government sanctions, or other illicit activities. The hackers disclosed that they obtained the data from a Singapore-based firm with access to the World-Check database, though the specific company remains unnamed. 

A portion of the stolen data encompasses individuals sanctioned as recently as this year. The compromised records include details of current and former government officials, diplomats, politically exposed persons (PEPs), individuals associated with organized crime, suspected terrorists, intelligence operatives, and even a European spyware vendor. These individuals are deemed high-risk for involvement in corruption, bribery, or other illicit activities. 

The stolen data comprises a wealth of sensitive information, including names, passport numbers, Social Security numbers, online cryptocurrency account identifiers, bank account numbers, and more. Such a breach poses significant risks, as it could potentially expose innocent individuals to unwarranted scrutiny and financial harm. 

Simon Henrick, a spokesperson for the London Stock Exchange Group (LSEG), which oversees World-Check, clarified that the breach did not originate from LSEG's systems but involved a third party's data set. While LSEG did not disclose the identity of the third-party company, they emphasized their commitment to collaborating with the affected party to safeguard data integrity and notify relevant authorities. 

Privately operated databases like World-Check are not immune to errors, raising concerns about the accuracy and fairness of their content. Past incidents, such as the 2016 leak of an older World-Check database, underscore the potential repercussions of erroneous data, including wrongful accusations and financial repercussions for innocent individuals. 

The breach highlights the critical need for enhanced cybersecurity measures and regulatory oversight to protect sensitive personal information and mitigate the risks associated with data breaches. As investigations into the incident continue, stakeholders must prioritize transparency, accountability, and proactive measures to prevent future breaches and safeguard consumer data privacy.
Read more »
Unauthorized access
Cyber Attacks Hacker attack Hotel Personal Security Breach Safety concerns Software Unauthorized access

How Hackers Breached 3 Million Hotel Keycard Locks

 

The Unsaflok hack technique has raised concerns about the security of Saflok hotel locks. This sophisticated method exploits vulnerabilities in Saflok's system, potentially compromising the safety of guests and the reputation of hospitality establishments. 

The Unsaflok hack technique, first uncovered by security researchers, demonstrates how cybercriminals can exploit weaknesses in the Saflok electronic locking system to gain unauthorized access to hotel rooms. By leveraging a combination of hardware and software tools, hackers can bypass the locks' security mechanisms, granting them entry without leaving any visible signs of tampering. 

The implications of such a breach are profound. Beyond the immediate security risks to guests and their belongings, a compromised locking system can tarnish a hotel's reputation and lead to financial losses. Moreover, the trust between guests and hospitality providers, essential for maintaining customer loyalty, can be severely undermined. 

To mitigate the risks associated with the Unsaflok hack technique and similar threats, hotel operators must take proactive steps to enhance their security measures. Firstly, conducting a thorough assessment of existing locking systems to identify vulnerabilities is crucial. This includes examining both hardware and software components for any weaknesses that could be exploited by hackers. Implementing robust access control measures is essential for safeguarding against unauthorized entry. This may involve upgrading to newer, more secure locking systems that incorporate advanced encryption techniques and tamper-resistant features. 

Additionally, deploying intrusion detection systems and surveillance cameras can help detect and deter unauthorized access attempts in real-time. Regular security audits and penetration testing can provide valuable insights into the effectiveness of existing security measures and identify areas for improvement. By staying vigilant and proactive in addressing potential vulnerabilities, hotel operators can minimize the risk of falling victim to cyberattacks and protect the safety and privacy of their guests.

Furthermore, fostering a culture of cybersecurity awareness among staff members is critical. Employees should receive comprehensive training on identifying and reporting suspicious activities, as well as adhering to best practices for safeguarding sensitive information. By empowering staff to play an active role in cybersecurity defense, hotels can create a more resilient security posture. 

The Unsaflok hack technique highlights the importance of robust cybersecurity measures in the hospitality industry. By understanding the vulnerabilities inherent in electronic locking systems and taking proactive steps to enhance security, hotels can mitigate the risks posed by cyber threats and ensure the safety and satisfaction of their guests. Ultimately, investing in cybersecurity is not just a matter of protecting assets; it's a commitment to maintaining trust and reputation in an increasingly digital world.
Read more »
user data security
Cyber Attacks Hacker attack Latin American Government Malicious PDF Attachment Malware attacks user data security

Colombian Government Impersonation Campaign Targets Latin American Individuals in Cyberattack

 

In a concerning development, a sophisticated cyberattack campaign has emerged, targeting individuals across Latin America by malicious actors who impersonate Colombian government agencies. These attackers have devised a cunning strategy, distributing emails containing PDF attachments that falsely accuse recipients of traffic violations or other legal infractions. 

The ultimate goal of these deceptive communications is to coerce unsuspecting victims into downloading an archive that conceals a VBS script, thereby initiating a multi-stage infection process. Initially, the script acquires the payload’s address from resources like textbin.net before proceeding to download and execute the payload from platforms such as cdn.discordapp(.)com, pasteio(.)com, hidrive.ionos.com, and wtools.io. 

This intricate execution chain progresses from PDF to ZIP, then to VBS and PowerShell, and finally to the executable file (EXE). The resulting payload is identified as one of several well-known remote access trojans (RATs), including AsyncRAT, njRAT, or Remcos. These malicious programs are notorious for their capability to provide unauthorized remote access to the infected systems, posing significant risks to victims’ privacy and data security. To combat this threat, cybersecurity professionals and researchers are urged to consult the TI Lookup tool for comprehensive information on these samples. 

This resource can greatly assist in identifying and mitigating threats associated with this campaign. It’s essential to note that while this campaign targets individuals in Latin America, the technique employed by the attackers is adaptable and could be utilized against targets in other regions as well. The cybersecurity community must remain vigilant and proactive in defending against such sophisticated threats. Employing robust security measures, including up-to-date antivirus software, intrusion detection systems, and regular security awareness training for employees, is crucial. 

Additionally, organizations should implement strict email security protocols to prevent malicious emails from reaching employees' inboxes. Furthermore, individuals should exercise caution when interacting with unsolicited emails, especially those containing attachments or links. Verifying the legitimacy of email senders and carefully scrutinizing email content can help prevent falling victim to phishing attacks. It’s also advisable to avoid downloading attachments or clicking on links from unknown or suspicious sources. 

In conclusion, the emergence of this cyberattack campaign underscores the ever-present threat posed by malicious actors seeking to exploit vulnerabilities for their gain. By staying informed, adopting proactive security measures, and fostering a culture of cybersecurity awareness, organizations and individuals can better protect themselves against such threats and safeguard their digital assets and personal information.
Read more »
lazarus
Cyber Attacks Hacker attack Kaspersky lazarus

Kaspersky has reported hacker attacks on COVID-19 researchers

The hacker group Lazarus attacked the developers of the coronavirus vaccine: the Ministry of Health and a pharmaceutical company in one of the Asian countries

Kaspersky Lab reported that the hacker group Lazarus has launched two attacks on organizations involved in coronavirus research. The targets of the hackers, whose activities were discovered by the company, were the Ministry of Health in one of the Asian countries and a pharmaceutical company.

According to Kaspersky Lab, the attack occurred on September 25. Hackers used the Bookcode virus, as well as phishing techniques and compromising sites. A month later, on October 27, the Ministry of Health servers running on the Windows operating system was attacked. In the attack on the Ministry, according to the IT company, the wAgent virus was used. Similarly, Lazarus previously infected the networks of cryptocurrency companies.

"Two Windows servers of a government agency were compromised on October 27 by a sophisticated malware known to Kaspersky Lab as wAgent. The infection was carried out in the same way that was previously used by the Lazarus group to penetrate the networks of cryptocurrency companies," said Kaspersky Lab.

Both types of malware allow attackers to gain control over an infected device. Kaspersky Lab continues its investigation.

"All companies involved in the development and implementation of the vaccine should be as ready as possible to repel cyber attacks," added Kaspersky Lab.

The Lazarus group is also known as APT38. The US Federal Bureau of Investigation (FBI) reported that their activities are sponsored by the DPRK authorities.

Recall that in July, the National Cyber Security Centre (NCSC) and similar departments of the United States and Canada accused the hacker group APT29, allegedly associated with the Russian special services, in an attempt to steal information about the coronavirus vaccine. Dmitry Peskov, press secretary of the Russian President, denied the Kremlin's involvement in the break-ins.

Read more »
Russia
Cyber Crime Hacker attack Hackers Steal Money Russia

Hackers steal money from cards through the Uber and VTB applications


A resident of Russia Anna Kozlova, resting in Spain, lost 14 thousand rubles ($220). The money was stolen from her VTB Bank card through the Bank's mobile app and Uber.

At first, the woman was charged 2 rubles from the card, it looked like a standard check of the solvency of Uber customer, especially since the money immediately returned to the account.

However, immediately after this, 2829 rubles were debited from the card. The app’s notification said it was Uber service fee that Anna hadn’t actually used since she was sleeping.
Then notifications, according to the tourist, began to come one after another. After 22 minutes, when she woke up, the girl blocked her card, but by that time the cost of four more trips that she had not made was debited from the card.

Unknown stole from Kozlova 14 118 rubles and did not stop trying to withdraw money from her account even after blocking the card. It is curious that all write-offs were allegedly made by the international service Uber, which in Russia was merged with Yandex.Taxi.

When Anna contacted the support team of this company, the staff could not give her information about the write-offs. The VTB support service clarified that the last write-offs were made from Moscow, and then Anna appealed to Uber Russia.

The Russian company Kozlova explained that if she did not use a taxi, it means that someone received the data of her Bankcard, including CCV code, and used it for payment.
Kaspersky Lab experts explained that fraud schemes through taxi services are no longer uncommon.

According to them, there are channels in the messengers where you can order a taxi at a great discount. The scheme looks something like this: the passenger sends a message to such a channel indicating the details of the trip, and the attacker calls a taxi using the stolen account.

After completing the trip, the driver receives money from the owner of the stolen account, and the passenger transfers the money directly to the attacker. In order to remain unnoticed for as long as possible, attackers can track the owner of a hacked account on social networks and organize such trips at night when it is likely that a person is sleeping, or during the victim’s travel abroad.
Read more »
Subscribe to: Posts (Atom)