Search This Blog

Showing posts with label Hacking News. Show all posts

Group-IB specialists confirmed the fact of hacking The Bell portal

On October 8, experts from the cybersecurity company Group-IB reported that the criminals on September 2 really hacked The Bell website and sent a newsletter on behalf of the publication.

The Group-IB Computer Forensics and Malware Research Laboratory found out that on the evening of August 29, hackers began sending requests in an attempt to exploit a vulnerability that allows remote code execution. The next day, the program for checking for a number of web application vulnerabilities Burp Suite started to scan the website.

On August 30, the attackers gained access to the administrative panel of the publication's website. This allowed hackers to send a fake newsletter on September 2.

On the morning of September 2, the editorial board of The Bell reported the hacking of the email account, before that subscribers received a newsletter calling for a boycott of the elections to the Duma of Russia and to go on pickets on election day. The text of the letter and the design were stylized for the daily newsletter of the publication. 

The general director of the publication Elizaveta Ossetinskaya called the newsletter a provocation, “the purpose of which is to accuse us of political activity, which we have not engaged in, are not engaged in and were not going to engage in.”

In addition, earlier, it was reported that unknown people tried to hack the phone of The Bell journalist Irina Pankratova. They ordered the details of her calls and SMS messages using a fake notarial power of attorney in the office of MegaFon.

It is worth noting that Group-IB cooperates with Interpol, Europol and the OSCE. The organization provides assistance to Russian special services and law enforcement agencies in operations against hacker groups.

Earlier, CySecurity News reported that on September 29, the head of Group-IB Ilya Sachkov was arrested for two months. The Investigative Committee charged him with high treason.

Cybersecurity experts have discovered a new hacker group

Cybersecurity experts have discovered a new hacker group ChamelGang, which attacks institutions in ten countries around the world, including Russia. Since March, Russian companies in the fuel and energy sector and the aviation industry have been targeted, at least two attacks have been successful. Experts believe that pro-government groups may be behind the attacks.

According to Positive Technologies, the first attacks were recorded in March. Hackers are interested in stealing data from compromised networks.

India, the United States, Taiwan and Germany were also victims of the attacks. Compromised government servers were discovered in those countries.

The new group was named ChamelGang from the word chameleon, as hackers disguise malware and network infrastructure as legitimate services. The grouping tools include the new, previously undescribed ProxyT malware, BeaconLoader and the DoorMe backdoor, which allows a hacker to gain access to the system.

In one of the attacks, the hackers first attacked the subsidiary, and two weeks later, the parent company. They found out the password of the local administrator on one of the servers and penetrated the company's network using the Remote Desktop Protocol (RDP). Hackers remained undetected on the corporate network for three months and during that time gained control over most of the network, including critical servers and nodes.

In the second attack in August, attackers took advantage of a chain of related vulnerabilities in Microsoft Exchange to penetrate the infrastructure. Hackers were in the organization's infrastructure for eight days and did not have time to cause significant damage.

Kaspersky Lab cybersecurity expert Alexey Shulmin confirmed the targeted nature of the attack and the wide geography of victims. He added that some grouping utilities have an interface in Chinese.

Experts believe that attacks on strategically important industrial facilities, including the fuel and energy sector and the aviation industry, are often carried out by cyber mercenaries and pro-government groups.

Bi. Zone: most of the leaks and hacks in Russian companies are related to old forgotten software

About 60% of information leaks and 85% of hacks in corporate computer networks are related to unaccounted-for digital assets.

According to Bi. Zone, the main reason for hacking and data leaks in Russian companies is digital assets unaccounted for during inventory. Most often, security services forget about public cloud storage like Google Drive, DropBox and files in them. This allows attackers to penetrate the networks of organizations and gain access to confidential information. Digital assets often remain unaccounted for due to the high speed of business digitalization: local security services do not have time to keep track of new software.

Bi.Zone specialists obtained this information by analyzing the data of more than 200 Russian and foreign companies.

“Let's say the company had an information system (IS) A. Then it is changed to an information system B. At the same time, no one disposes of the first IS, it remains. It may still have access to the Internet. As system A stops even being updated, the risk of intruders penetrating through it increases because they may use the vulnerability that the company forgot to close with the appropriate update”, said Andrey Konusov, CEO of Avanpost.

According to him, there is also a risk that an employee of the company who has not worked in it for a long time could give access to the old system to cybercriminals.

During the inventory of digital assets, the company should take into account all its files and services, including those that are stored or work on the Internet. If anything is missed, there is a risk of leaks or compromise of the network. According to Alexei Parfentiev, head of analytics at SerchInform, unaccounted assets are essentially an open door for intruders to access sensitive data.

Digital assets often remain unaccounted for during the inventory due to the fact that local IT and information security services do not keep up with the high speed of business digitalization.

Rostelecom-Solar noted that often the reasons for the discussed violations are a lack of resources and neglect of information security requirements for the sake of convenience.

CBI Investigates Hacking Incident in Jee Maine Examination, Three Director Arrested

 

CBI (Central Bureau of Investigation) is investigating the chances of a potential hack into TCS' iON digital platform related to JEE Mains exam hack which appeared recently. The suspected issue surfaced when CBI charged 3 Noida-based directors last week. iON of TCS is India's biggest digital assistant software provider. NTA (National Testing Agency) selected the iON to organize national level examinations like JEE Mains and NEET, in a safe and secure way. Besides conducting examinations, iON also provides logistics requisites for the test, which includes the appointment of venue heads and management of test labs. 

As per sources, CBI is investigating various iON labs at different locations where examinations were organized. TCS hasn't said anything on the issue. As of now, CBI has arrested seven accused of the incident, including three directors from Affinity Education (a private coaching institute). iON doesn't let any other software or tool operate on its platform and also blocks internet access. However, in this particular case, currently under investigation, the examination center computers might've already had some external softwares pre-installed that may have led to remote internet connection and gained access to systems during the examination. It mostly happens with coaching centers in remote areas. 

They conspire with the venue heads and assist students screen share their exams and someone else (most probably from the coaching institute) helps the students by completing their exams. The students give around 2-3 lakhs per hacked system. The systems have pre-installed external softwares prior to the examination. Ethical hacker Sunny Nehra told BusinessLine," these tools are externally installed and connected with a Windows system through which remote access is given. Though iLEON operating systems are very strong and hard to crack, the company would have to identify the loopholes in the back-end and rework the architecture of the software.” 

Experts suggest that a candidate appearing in the examination should only have the option to access URL-based links linked to the exams, which once opened, won't allow other applications to run until the exam is over. It can be made possible by installing a network firewall at examination centers, via which external traffic will flow. If firewall isn't possible,  endpoint security can be installed and the admin can use it to control and restrict access to other softwares.

Alleged TrickBot Gang Member Arrested While Leaving South Korea




A Russian native – on accusations of being associated with the TrickBot cybercrime gang – was recently arrested by the authorities at Seoul International airport, while trying to leave South Korea. 

Reportedly, the Russian resident – identified as Mr. A by media –  was leaving for his home in Russia after waiting for over a year in the South Asian country. As per local media reports (Seoul's KBS) the alleged individual was prevented from leaving South Korea due to COVID-19 travel restrictions – international travel had been canceled by Seoul officials as the global pandemic broke out. Subsequently, Mr. A's passport expired, and he was stranded in South Korea as he waited to renew his passport. 

The Russian man who allegedly worked as a web browser developed for the malware spreading TrickBot gang in 2016 during his stay in Russia, denied 'being aware' of working for a cybercrime group. “When developing the software, the user manual did not identify malware,” said the individual at Seoul High Court. 

As per a Korean newspaper, on September 01, an interrogation was held at the 20th Criminal Division of the Seoul High Court – for the extradition request case against the alleged developer of the malware. While fighting the US extradition attempt, the lawyer of the accused argued that the US will prosecute the man unjustly. "If you send it to the United States, it will be very difficult to exercise your right of defense and there is a good chance that you will be subject to excessive penalties,” claimed the attorney. 

As per the reports, the suspect continued to maintain that the operation manual did not fall under malicious software when he developed the software. He received work from TrickBot via a job search site, following which he developed a web browser for the gang, according to The Record. Notably, the recruiters preferred applicants who did not ask a lot of questions. 

TrickBot is an advanced banking trojan that targets Windows machines. Initially created to steal the banking information of unsuspecting users, TrickBot has evolved over the last five years to be versatile, widely available, and easy to use. With new variants being increasingly released, TrickBot infections have become more frequent on home office networks; continuous advancement since its inception has cemented TrickBot's reputation as a highly adaptive modular malware.

Hacker gained access into a major CIS drug marketplace

Part of the database of the forum and its owners is available free of charge, the hackers offered to purchase the rest for 1 bitcoin. Experts hope that the action will allow a series of arrests and deal a major blow to the drug trade.

According to the leaked data, the owner and developer of the forum is a citizen of Latvia Artem Shvedov, one of the former developers is Roman Kukharenko, registered in the Moscow region, and the current administrator is a citizen of Ukraine Alexander Prokhozhenko.

Cybersecurity experts pointed out that in 99% of cases a person, whose name domain and hosting such resources are registered, may not even know about it.

According to Blockchair, a total of 20.57 bitcoins (about $1 million) went through the Legalizer forum's cryptocurrency wallet. At the same time, it is associated with larger wallets. More than 5.3 thousand bitcoin (about $248 million) passed through one of them.

In addition, the email address given by the hacker who hacked Legalizer matches the contact whose user calls himself a Russian-speaking hacker and an information security specialist at the shadow site o3shop.

An analyst of the operational monitoring group Angara Professional Assistance said that usually shadow forums are hacked "because of competition or partner revenge." In his opinion, the attack on Legalizer may be related to the redistribution of the drug market or extortion.

The expert admitted that hacking Legalizer can lead to arrests.

State borders may also become an obstacle for law enforcement agencies. Although the forum is oriented at the Russian-speaking audience from the CIS, it may be physically located on servers hosted in a country where drugs are legal.

Logins and passwords of at least 1.2 million Russians have been leaked online

 The credential verification service developed by cybersecurity company BI.ZONE (a subsidiary of Sberbank) has revealed that information about logins and passwords of more than 1.2 million Russians is freely available as a result of data leaks.

"BI.ZONE, a strategic digital risk management company, helped over one and a half million Russians check their credentials for leaks containing their usernames and open passwords. The owners of more than 1 million 200 thousand contacts could become potential victims," the company said.

Experts note that this information is available not only on the darknet but also on the normal Internet. At the same time, since it is freely available, attackers do not even need to buy it.

According to Anton Okoshkin, director of anti-fraud at BI.ZONE, many Russians use the same credentials for many sites, so their leakage can lead to hacking of all accounts.

"In most cases, people use the same username and password on a variety of resources: from accounts in social networks and online stores to work services. In such a situation, if your account is compromised on one of them, the risk of hacking all accounts increases," Okoshkin noted.

At the same time, the expert noted that attackers usually begin automated verification of credentials on different services a few hours after the appearance of the leak in the public domain. "It is very important to promptly warn users about the compromise of their data," he stressed.

Almost 1.7 million Russians have already used the Bi.zone company's credential verification service. The service checks for a set of 5 billion credentials that have exactly fallen into the hands of attackers and contain user usernames and passwords. The leaked database is updated weekly.

Russian hackers reportedly stole secret device blueprints from Apple

Hackers reportedly gained access to blueprints of the latest Apple developments by attacking the servers of the Taiwanese company Quanta Computer. The announcement of the results of the attack was made in Russian.

One of Apple's main suppliers, the Taiwanese company Quanta Computer, faced a ransomware attack. The hackers demanded to pay them $50 million. Quanta Computer also produces goods for HP, Facebook and Google Alphabet.

The attack was carried out by a group of REvil ransomware operators, also known as Sodinokibi. The group announced the penetration into the computer network of Quanta Computer in its blog on the Darknet. On Sunday, a REvil spokesman, known as Unknown, said the ransomware group would soon announce "the largest attack in history," the message was made in Russian on a channel where the REvil group is recruiting new partners.

Quanta acknowledged the attack without explaining whether data was stolen.

According to the agency, REvil members tried to engage Quanta Computer in ransomware talks in the past week, ahead of Apple's first new product launch in 2021, which took place April 20.

A spokesman for the hackers claimed to have stolen and encrypted "all the local network data," demanding $50 million for the decryption key.

The hackers received a response two days later from a person who said he was "not responsible for the company," but wanted to find out the terms of the interaction. Two days later, a REvil spokesperson threatened to release data about new Apple products. This was followed by the first publication of images, which, according to the hackers, were working materials about new Apple laptops. The materials contained specific component serial numbers, dimensions and performance parameters detailing the many components inside an Apple laptop. One of the images was signed by Apple designer John Andreadis and dated March 9, 2021.

Now REvil is trying to get money from Apple, the group has demanded a ransom by May 1, and until then plans to continue publishing new files every day.

Apple declined to respond to questions about the hack.

Recall, on April 20, Apple held a presentation of its new products, it showed a new generation of iMacs with processors of its own design, iPad Pro tablets, as well as Air Tag tags for tracking the location of objects through the application.

Hackers attacked major Telegram channels via video on Yandex

 On November 10, hackers conducted a major attack on popular Telegram channels. Reddit's administrators completely lost access to the channel, to which 236 thousand people were subscribed. The attackers used the old scheme: they simply sent the Trojan-infected file to the administrators

Hackers stole the Telegram channel of the Reddit forum, administrators could not log in to the control panel. The Telegram channel Baza was also attacked, but the attackers failed to gain access to the channel.

The hackers had the following scheme: they offered to buy advertising space, but first they asked to watch a video with their materials, which could be downloaded from Yandex.Disk. The document could not be opened on a mobile device, and hackers offered to download it to a desktop computer.

After launching the file, the owner of the Reddit channel with 236 thousand subscribers was no longer able to access it.

General Director of the lab Studio.AG Artem Geller explained that this is a very old method of fraud, and Windows is an object for such files. Hackers, under various pretexts, send material containing malware. It allows access to the entire operating system if the victim opens the file. In this particular case, the attackers were interested in Telegram, so the Reddit account was stolen.

Can't blame Yandex.Disk for missing the Trojan. According to Geller, about 300,000 new viruses appear every day in the world, so it's simply impossible to catch them all. Moreover, it may not be a new virus, but a modification of the old one. At the same time, the Trojan has no task to destroy the computer system.

Cloud storage is a convenient way for fraudsters, because they can upload a file of any size there, unlike email. Unprotected, unencrypted files without passwords are loaded into these vaults.

According to the information security expert Alexander Vlasov, we must remember one thing: those who provide the service for free, never sign up to the fact that they will protect your files. Yes, they are trying to track malware, but within the general outline of the ecosystem.

Hackers Stole $2.3M, Wisconsin Republicans Claims

 

Wisconsin: Republican officials said that hackers stole $2.3m from the party's account being used to support Donald Trump's re-election. 

Following the discovery of the suspicious activity on 22nd October, the FBI has been contacted to investigate the matter, as per the statements given by the state party chairman Andrew Hitt. He also that the state was warned regarding such cyberattacks in August during the party's national convention. 
 
The campaign invoices from four vendors were manipulated by hackers to steal the funds, as per the reports by the Associated Press. These vendors were being paid to send out direct mail and handing out pro-Trump material like hats to support the Trump campaign. 
 
Seemingly, the attackers began from a phishing scam and proceeded with altering the invoices to direct payments from vendors to themselves, Mr. Hitt said. A party spokesman added that no data seemed to be stolen. However, millions were stolen from the Wisconsin Republicans' federal account. 
 
According to Joe Tidy, BBC cyber-security reporter, "The information security world is tense right now waiting and watching for cyberattacks that could affect the US election." 
 
"It sounds like an almost standard case of something called Business Email Compromise (BEC). Effectively the hackers have either gained access to or spoofed an email address to put themselves between the Wisconsin Republican party HQ and one of their suppliers. The party then transferred the money to the hackers instead of its campaign partner," he said. 
 
"The reported hack comes as Mr. Trump and Democratic rival Joe Biden are both making a final push this week to secure Wisconsin ahead of the 3 November election." 
 
"There have also been hundreds of attempted attacks on the Wisconsin Democratic campaign, a spokeswoman told the Associated Press." 
 
"The Midwestern state is one of a handful of core battleground states - areas which could realistically go to the Republicans or Democrats - this election season. Candidates will need to win in several states like Wisconsin in order to win the presidency." He further added.


An IT expert at the Russian State Duma Explains Data Risks of Using VPN


"To prevent hackers from getting personal data of users, users don't need to use a VPN connection in their daily life", said Yevgeny Lifshits, a member of the expert council of the State Duma Committee on Information Policy, Information Technology and Communications.

He explained that a VPN is a virtual network that is supposed to protect the user's personal data from hackers. It is assumed that using this network allows users to maintain network privacy. However, according to the expert, VPN services carry more danger than protection.According to Lifshits, such services are not needed in everyday life.

"Sometimes VPN services are necessary for work to transfer commercial data. In everyday life, they have no value."

According to the expert, if a person does not commit crimes that he wants to hide with a VPN, then he does not need to protect himself.  Otherwise, passwords may end up in the hands of hackers.

"A user installing a VPN believes that he has secured himself, but the service provider may allow a data leak,” said Lifshitz. 

According to him, if the VPN service is unreliable, hackers can get passwords and other personal data of the user. The expert noted that now there are thousands of companies offering a secure connection and an ordinary person can make a mistake with the choice of a reliable one.

Earlier it was reported that the personal data of 20 million users of free VPN services were publicly available on the Internet. Experts found on the open server email addresses, smartphone model data, passwords, IP addresses, home addresses, device IDs, and other information with a total volume of 1.2 terabytes. It is noted that the leak occurred from networks such as UFO VPN, Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN. Some of them have millions of downloads from Google Play and the App Store and high ratings.

Russian hacker who hacked Dropbox and LinkedIn found guilty


Russian citizen Yevgeny Nikulin, accused of hacking LinkedIn eight years ago, was found guilty by a jury in San Francisco

The verdict in Nikulin's case was announced on Friday after a trial that began in March, which was interrupted due to the coronavirus pandemic and resumed in July.

In 2016, there were a number of large-scale data leaks, and many dumps, including MySpace, LinkedIn, Tumblr and Vkontakte, were eventually put up for sale.
In 2016, one of the hackers, Russian Evgeny Nikulin, was arrested and extradited to the United States in 2017.

Nikulin was accused of a number of articles, and all of them were connected with penetration into other people's networks and data theft. According to court documents, Nikulin hacked Dropbox, Formspring and LinkedIn in the spring and summer of 2012 and stole about 117,000,000 user records, including usernames, passwords and email addresses.

Nikulin then used the data stolen from LinkedIn to send phishing emails to employees of other companies. Authorities said that this way Nikulin managed to collect a lot of information about 68,000,000 Dropbox users, including usernames, email addresses and hashed passwords.
Similarly, Nikulin managed to get into the account of the Formspring engineer. Thus, in June 2012, he gained access to the company's internal user database, which at that time numbered more than 30,000,000 people.

According to data from Radio Free Europe journalists, his activity brought a good income. Nikulin bought expensive cars, watches and traveled a lot. For example, Nikulin admitted that he owns a Lamborghini Huracan, Bentley, Continental GT and Mercedes-Benz G-Class.

The sentence to Nikulin will be announced on September 29. The jury took less than one day to reach a verdict. Nikulin faces up to 32 years in prison and fines exceeding a million dollars.
Lawyer Arkady Bukh said that the defense intends to challenge the verdict. According to him, the psychiatrist who was appointed by the judge previously recognized Nikulin as mentally abnormal.
Nikulin always denied guilt and even called the charges revenge of the United States for providing political asylum in Russia to Edward Snowden.

The voting site of the United Russia party was attacked by hackers


"Initially, the voting went as usual. At seven in the morning, a rapid increase in attempts to vote began. After some time, technical support detected a DDoS attack — attempts were made to upload votes from non-existent voter IDs to the system," commented the press service of the party.
Deputy Secretary of the General Council of United Russia Sergey Perminov said that within two hours, the growth of hundreds of thousands of fake requests was stopped. At this time, there was a queue of real people who went to vote on the site.

"We use the blockchain to conduct preliminary voting — accordingly, all data comes to us in encrypted form and goes through several stages of verification. All ballots are anonymous — we don't have access to the personal information of the electors who sent them, which means we can't track the attack vector. Accordingly, we process all requests without exception. Therefore, we are now increasing our capacity in order not to lose any of the real votes," explained Perminov.

Deputy Secretary noted that they managed to stop the attack within two hours, now the system is gradually improving. All the data of real electors who managed to vote has been included in the blockchain and will be available for verification. The correctness of the vote, according to him, is not violated.

It is worth noting that United Russia is the only party in the Russian Federation that conducts primaries to nominate candidates for elected posts. Any Russian citizen can participate. This year, due to the coronavirus pandemic, primaries are held in electronic format.

Recall that on May 23, Russian President Vladimir Putin signed a law on remote voting. According to the document, a new type of voting without a paper ballot is being introduced in the Russian Federation. Special software will be used instead.

Email of the Pskov Churchman Tikhon was hacked


The Churchman Tikhon (Mr. Shevkunov), who is called "Vladimir Putin's Confessor" in the media, told about the hacking of his mail. Now blackmailers are threatening to publish information of many years

"A few months ago it turned out that my email was hacked for many years. My private and business correspondence began to be published on the Black Mirror website. In parallel, these materials were published on other telegram channels. I was asked to pay ten million rubles to suspend publication. I, of course, refused," said Tikhon.

The attackers, according to the clergyman, demanded to pay 10 million rubles ($132,000) to suspend the publication. The Churchman answered hackers that he can put all the information of his mail in open access if they will donate the same amount to the Pskov diocese.

Tikhon said that he did not want to "accept the terms of blackmailers and encourage dirty business." Shevkunov added that he did not pay attention to the hack at all and commented on it only because of many questions from the media. "I know that the competent authorities are looking for hackers, but whether they find them or not, we will see," said the Metropolitan.

"There is the COVID-19 virus, there are computer viruses, and there are such viruses in our society. They affect both those who steal other people's letters, wanting to make money on it and those who eagerly read other people's letters," stated the Churchman
Tikhon.

It is worth noting that letters from his hacked mail continue to be published so far. In particular, recently an audio file of his conversation with the filmmaker Nikita Mikhalkov was published

Hackers attacked hospitals in the Czech Republic: Russia is suspected


According to the Lidové noviny newspaper, a foreign state may be behind the cyberattacks, and hacker groups from Russia may be involved.

"The organizer is a foreign country. It is beginning to become clear that Russia may be behind this. IP addresses lead there," a high-ranking officer who is part of the team of investigators told the newspaper. His words were confirmed by a member of the Czech Security Council.

Last week, hackers tried to hack into hospital networks in the Czech Republic. According to Health Minister Adam Vojtech, all attacks were repelled, "but other attacks may follow."

Attacks to the Czech Republic, caused during the pandemic, was mentioned in a speech last weekend by US Secretary Mike Pompeo. He warned that such attacks will not go unpunished.

"I highly appreciate the support of the United States and all its allies who are helping to ensure our country's cybersecurity. Cyberattacks on Czech medical institutions during the fight against the COVID-19 epidemic are similar to the behavior of hyenas. I hope our experts will soon find those who are interested in the defeat of the Czech Republic in the fight against infection,” said Czech Foreign Minister Tomas Petrsicek, in turn.

Meanwhile, the Ukrainian Embassy in the Czech Republic said that they condemn cyberattacks on Czech medical institutions, which is especially cynical during pandemics: "Ukraine, which has been facing Russia's war for six years, including the cyberwar, stands in solidarity with its Czech friends and will share its experience in fighting the aggressor."

The Russian Embassy on its Facebook page called the publications "fake news".

"In this regard, the Embassy of the Russian Federation in the Czech Republic would like to emphasize that parasitising the topic of the coronavirus epidemic ... goes beyond all possible moral and ethical limits."

Dozens of cyberattacks on the website of the Mayor of Moscow have been recorded since the beginning of February


Group-IB specialists recorded several DDoS attacks on Moscow electronic services, including the mos.ru portal. This was announced by the CEO of the company Ilya Sachkov.

As the head of the Moscow Government’s IT department, Eduard Lysenko, reported, the site experienced as many attacks in three hours as it has not experienced in the last two quarters.
At the moment, the cyber defense company Group-IB is figuring out who needed to carry out massive attacks on government resources and is looking for perpetrators.

"The investigation has begun, our task is to understand the reasons for cyberattacks and find the perpetrators. At the moment, we can not provide details, this will interfere with the tasks of investigators", said the head of Group-IB, Ilya Sachkov.

According to him, the huge load on the website mos.ru it also caused many requests for passes from citizens. In addition, the interruptions were affected by the interest of Moscow residents, as there were numerous attempts by users to go to the portal just to explore and understand how it works.

At the same time, Sachkov added, it is possible to ensure stable operation of mos.ru, even despite increased loads. “The portal experiences problems that are standard when launching large-scale services of this kind. Such services are tested for fault tolerance, security, and implementation quality in order to ensure stability and continuity of service.”

Recall that from March 30, Moscow introduced a regime of complete self-isolation. Residents of Moscow are allowed to leave the apartment only as a last resort. Starting April 15, they will need to have a special pass to travel around the city by public or private transport. Such measures are designed to stop the spread of coronavirus infection.

Earlier, E Hacking News reported that hackers hacked the digital Pass System of Moscow residents.

Experts warned of a wave of repeated attacks on victims of cyber fraud



Group-IB specialists identified the spread of a popular scam on the Network. The Double Deception scheme is as follows: people who have already become victims of Internet scams are offered assistance in obtaining compensation for damage, after which scammers steal their personal information, including bank card information.

"The scheme has several scenarios — scammers offer to refund money for participating in popular fake polls, give away or dishonest lotteries. In another case, they promise VAT compensation for expenses on the purchase of foreign goods: medicines and dietary supplements, clothes and shoes, food, fuel, building materials, household appliances, etc.,” said Group-IB.

Experts have studied the working scheme of one of the fraudulent resources. As it turned out, behind it is a network of sites of more than 170 domain names registered for one person. Fraudsters often register their sites in the domain zone .xyz and not in .ru. This allows them to avoid quick locks.

In order to attract victims, fraudsters use several methods. They can send newsletters in social networks, messengers and by mail, or use clones of popular media. Group-IB experts gave an example of the title of one of such fake publications: "a 76-year-old pensioner received 170,000 rubles of VAT compensation and spent all the money on a stripper." From this page, users were redirected to a website where they were asked to calculate their VAT refund amount. To do this, the victim must enter four digits of the Bank card number. The final step of this scheme is to redirect the person who wants to receive compensation to the chatbot. There, the user was asked to talk to a lawyer who would help them get compensation, and finally pay for their services to get a refund. As a result, the victim's card details and money are debited by fraudsters.

Earlier, EHackingNews reported than according to cybersecurity experts, attacks on the network perimeter of domestic companies have begun to grow. Hackers are trying to get access over servers and get into the local network. This boom is caused by the transfer of employees to remote work.

Imperva Firewall Breached: Users API keys, SSL Certificates Exposed



Imperva, a leading security vendor, disclosed a security breach which exposed API keys, SSL certificates, scrambled passwords and email addresses for a subset of its customers using the Cloud Web Application Firewall (WAF) product.

Previously known as, Incapsula, the Cloud WAF examines the incoming requests into applications and obstructs any kind of malicious activity.

The breach was made known to the California based firm by a third party on August 20 and the details of the disclosure are yet to be made public.

In conversation with the Threatpost, Chris Morales, Head of Security Analytics at Vectra, said, “Losing SSL certificates and API access to an enterprise network is concerning. Secure web gateways, firewalls, intrusion detection, and prevention systems, and data loss prevention (DLP) products all perform some form of SSL intercept and decryption to perform DPI,”

“While we often point to lack of maturity of security operations or misconfiguration of cloud systems as to why a company would miss an attack, it is even more unfortunate when a security vendor who builds a cloud security product is compromised that should have the skills and capabilities to detect and respond to cyberattacks,” He further told.

Referencing from the writings of CEO, Chris Hylen, “We want to be very clear that this data exposure is limited to our Cloud WAF product… Elements of our Incapsula customer database through September 15, 2017, were exposed. These included: email addresses; hashed and salted passwords. And for a subset of the Incapsula customers through September 15, 2017: API keys and customer-provided SSL certificates.”

Assuring the users, he told, “We continue to investigate this incident around the clock and have stood up a global, cross-functional team.”

As a remedial measure, Imperva brought into force password resets and 90-day password expiration for the product which notably is a key component of the company's leading application security solution.








Teen Hacker Elliott Gunton Taking Cryptocurrency for Stolen Data


In April 2018, Elliott Gunton, a teenager from Norwich, England, was caught by the police on the charges of hacking and his PC was taken hold of by the authorities.

He was convicted at Norwich Crown Court where he admitted five charges which included illegal data exchanges, computer exploitation and money laundering offences.

Gunton was subjected to a three and a half year community  order which kept him from using internet and software and he was made to pay a sum of £407,359 by the court order.

On the charges of stealing sensitive information of people and selling it in exchange of pounds in cryptocurrency, the Norwich Crown Court sentenced him to 20 months imprisonment and let out owing to the time spent on remand.

On the examination of Gunton's computer, it was found that he had scheduled supplies of stolen data of people which included their contact information for malicious purposes like texts to carry out fraud.

At the age of 16, Gunton hacked a telecommunications firm and was found guilty of the same.

The teen made constant and sophisticated efforts to conceal his fraudulent acts and hide the payments from police and therefore he dealt in Bitcoin instead of hard currency. However, he happened to leave behind some parts of conversations where he negotiated criminal deals.

Referencing from a tweet made by Gunton last year, "Having lots of money is cool… but having lots of money without people knowing is cooler." He called himself as a "full-time crypto trader."

Cyber attacks on medical institutions have become more frequent in Russia


Kaspersky Lab has discovered a series of targeted attacks on large public health institutions in Russia.

The number of hacker attacks on Russian medical institutions has doubled this year. According to Kaspersky Lab, ten major Russian state medical institutions were attacked in spring 2019. The identity of the hackers is still unknown, but the Kaspersky Lab believes that the attackers speak Russian fluently but are outside the country.

The main purpose of the attackers is to collect financial documents, contracts for expensive treatment, invoices and other important documentation.

Spy software CloudMid has infected computers. Kaspersky lab notes that this is "unique malware" that the company has not met before. CloudMid is sent by e-mail and disguised as a VPN client of one of the Russian companies. After installing CloudMid, the program proceeds to collect documents on the infected computer, for which, in particular, it takes screenshots several times a minute.

It is known that the mailing did not become mass, only some organizations received messages.

The anti-virus expert of Kaspersky Lab Dmitry Kuznetsov says: "Cyber attackers began to be interested in the health sector. In this case, the attacks were not well technically developed, but they were targeted, and the attackers still managed to get what they wanted.”

Another expert at Kaspersky Lab, Alexey Shulmin, added that such attacks would be repeated.

Evgeny Gnedin, the head of the Analytics Department of Positive Technologies, said that hacker attacks on medical institutions are becoming a dangerous trend. The expert believes that the low level of security is primarily due to the insufficient allocation of funds for information security in medical organizations. So the attacks on medical institutions will remain relevant in the second half of 2019.

According to Andrey Arsentiev, the analyst of the group of companies InfoWatch, cybercriminals have formed groups specializing in attacks of medical institutions, which are aimed primarily at an extensive network of clinics with large volumes of structured personal data of patients.

"Protected medical information is one of the most liquid information on the black market, the cost of one record in some cases can be hundreds or even thousands of dollars. In some other cases, hackers may be interested in research conducted in large medical centers, "said the expert.