Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Online Security. Show all posts
Safety
Cyber Safety Cyber Security Data Online Security Safe Safety

How to Protect Your Online Accounts from Hackers

 

Hackers are increasingly targeting individuals to steal cryptocurrency, access bank accounts, or engage in stalking. Although these attacks are relatively rare, it's crucial to know how to protect yourself if you suspect someone has accessed your email or social media accounts.

A few years ago, I wrote a guide to help people secure their accounts. Many companies provide tools to enhance account security, which you can use even before contacting their support teams.

Here, we break down steps you can take across various online services.

First, it's important to note that these methods don't guarantee complete security. If you still feel compromised, consider consulting a professional, especially if you are a journalist, dissident, activist, or someone at higher risk.

Enable multi-factor authentication (MFA) on all your accounts, or at least the most critical ones like email, banking, and social media. This directory provides instructions for enabling MFA on over 1,000 websites. You don't have to use the recommended MFA app; many alternatives are available.

Some services also offer physical security keys or passkeys stored in password managers, providing high-level protection against password-stealing malware and phishing attacks.

Securing Your Gmail Account

If you suspect your Gmail account has been compromised, scroll to the bottom of your inbox and click on "Last account activity" in the bottom right corner. Then click on "Details" to see all the locations where your Google account is active. If you notice any unfamiliar activity, such as logins from different countries, click on "Security Checkup." Here, you can see which devices your account is active on and review recent security activity.

If you spot suspicious activity, click on "See unfamiliar activity?" and change your password. Changing your password will sign you out of all devices except those used for verification and third-party apps you've granted access to. To sign out from those devices, visit Google Support and click on the link to view apps and services with third-party access.

Consider enabling Google’s Advanced Protection for enhanced security. This feature makes phishing and hacking more difficult but requires purchasing security keys. It's highly recommended for individuals at higher risk.

Remember, your email account is likely linked to other important accounts, so securing it is crucial.

Checking Microsoft Outlook Security

To check if your Microsoft Outlook account has been accessed by hackers, go to your Microsoft Account, click on "Security" in the left-hand menu, and then under "Sign-in activity," click on "View my activity." You'll see recent logins, the platform and device used, browser type, and IP address. If anything looks suspicious, click on "Learn how to make your account more secure," where you can change your password and find instructions for recovering a hacked or compromised account.

Given that your email is often linked to other critical accounts, securing it is vital.

Securing Your Yahoo Account

Yahoo also provides tools to check your account and sign-in activity for unusual signs of compromise. Go to your Yahoo My Account Overview or click on the icon with your initial next to the email icon on the top right corner, then click on "Manage your account." Next, click on "Review recent activity." You can see recent activity on your account, including password changes, phone numbers added, and connected devices with their IP addresses.

Since your email is likely linked to sensitive sites like your bank, social media, and healthcare portals, it's essential to secure it diligently.

By following these steps and using the tools provided by these services, you can enhance the security of your online accounts and protect yourself from potential threats
Read more »
Scam Recovery
Cyber Security Double-Scam Alert fraud prevention Online Security Scam Recovery

Double-Scam Alert: How Fraudsters Exploit Scam Victims Twice

Double-Scam Alert: How Fraudsters Exploit Scam Victims Twice

The ACCC (Australian Competition and Consumer Commission) has cautioned that scammers are approaching victims with false offers to assist them in recovering from scams. 

Scammers and Fake Recovery Offers

The National Anti-Scam Centre warns Australians who have had their money stolen by scammers to be wary of offers to recover it for an upfront charge.

The ACCC cautioned that scammers are targeting victims of scams with schemes that demand an upfront charge to recover funds lost in previous scams.

The ACCC advisory said “Reports that involve a money recovery element are on the rise. Between December 2023 and May 2024, Scamwatch received 158 reports with total losses of over $2.9 million, including losses from the original scam. The number of reports increased by 129 percent compared to the six months prior, however, financial losses decreased by 29 percent from $4.1 million.”

Victims of prior frauds are easily identifiable by thieves, who frequently retain and sell information about those they have abused. Australians 65 and over were the largest reporting category, with the highest average losses.

The Double-Scam Strategy

  • Initial Scam: Victims fall prey to an initial scam—whether it’s a romance scam, investment fraud, or phishing attack. They lose money, personal information, or both.
  • Enter the “Recovery” Scammers: Seemingly out of the blue, victims receive unsolicited calls or emails from individuals claiming to be fund recovery experts. These scammers promise to help victims retrieve their lost funds—for a fee..
  • The Catch: Victims are asked to pay an upfront fee or a percentage of the recovered amount. Desperate to recoup their losses, some victims comply.

Authorities are concerned about re-victimization, which can aggravate the financial and emotional suffering caused by scams.

Red Flags

1. Unsolicited Contact: Legitimate recovery services don’t cold-call or email victims. Be wary if someone reaches out to you unexpectedly.

2. Upfront Fees: Legitimate recovery services typically work on a no-win, no-fee basis. If someone demands payment upfront, it’s a red flag.

3. Pressure Tactics: Scammers use urgency and fear to manipulate victims. They might claim that time is running out or that they need immediate payment.

4. Requests for Personal Information: Scammers often ask for personal details under the guise of verifying your identity. Be cautious about sharing sensitive information.

Read more »
Technology
Buy Now Online Payment Online Security Pay Later Technology

Gen Z’s Payment Preferences are Transforming Retail and Dining

 

The future of payment technologies and consumer trends are exploding; GenZ’s are more tuned to flexible, and reliable payment sources. The market is evolving with the needs of this generation and adapting new business models and technologies to meet the evolving demands of younger generations. Let’s understand what and how new payment preferences are changing traditional methods of payments. 

The Rise of BNPL 

Buy Now, Pay Later (BNPL) has become a favored payment method for Gen Z, particularly for smaller purchases under $100, nearly 43 per cent of Gen Z will use BNPL, appreciating its ease of use and ability to budget expenses without incurring high credit card interest rates. This generation's preference for flexible, secure, and transparent financial transactions is driving merchants to adopt modern payment technologies, said Thomas Priore, CEO of Priority, in a recent conversation with Tearsheet. 

Benefits for Retailers and Restaurants 

For businesses, offering BNPL and other flexible payment options can lead to increased sales and improved customer loyalty. Data shows that half of Gen Z consumers abandon shopping carts if their preferred payment methods aren’t available. Providing these options not only boosts sales but also attracts new customers and gives businesses a competitive edge. 

Prepaid vouchers and online cash solutions offer secure transactions and reduce costs compared to traditional card payments. These methods are particularly beneficial for financial inclusion, catering to young adults and those without traditional banking access. They also enhance security, reducing fraud risk and building trust between merchants and consumers. 

Data security remains a top priority with new payment technologies. Priore emphasized the importance of exceeding industry compliance standards, conducting risk assessments, implementing strong access controls and encryption, continuous monitoring, and having a robust incident response plan. 

Challenges and Solutions in Implementation 

Integrating new payment solutions with legacy systems is a common challenge. Businesses, especially small and mid-sized ones, should seek experienced tech partners to navigate this transition. Staying up-to-date with regulatory changes and educating consumers about new payment options are also crucial steps for successful implementation. 

Looking Ahead 

As Gen Z continues to influence commerce, the adoption of alternative payment methods and modern wallets will accelerate. Priore advises businesses to embrace these new solutions, partner with supportive tech companies, and stay informed about emerging trends. This proactive approach will help businesses stay competitive and capitalize on future innovations in the payment landscape.
Read more »
Privacy
Algorithm Data Kaspersky Online Security Passwords Privacy

Many Passwords Can Be Cracked in Under an Hour, Study Finds


 

If you're not using strong, random passwords, your accounts might be more vulnerable than you think. A recent study by cybersecurity firm Kaspersky shows that a lot of passwords can be cracked in less than an hour due to advancements in computer processing power.

Kaspersky's research team used a massive database of 193 million passwords from the dark web. These passwords were hashed and salted, meaning they were somewhat protected, but still needed to be guessed. Using a powerful Nvidia RTX 4090 GPU, the researchers tested how quickly different algorithms could crack these passwords.

The results are alarming: simple eight-character passwords, made up of same-case letters and digits, could be cracked in as little as 17 seconds. Overall, they managed to crack 59% of the passwords in the database within an hour.

The team tried several methods, including the popular brute force attack, which attempts every possible combination of characters. While brute force is less effective for longer and more complex passwords, it still easily cracked many short, simple ones. They improved on brute force by incorporating common character patterns, words, names, dates, and sequences.

With the best algorithm, they guessed 45% of passwords in under a minute, 59% within an hour, and 73% within a month. Only 23% of passwords would take longer than a year to crack.

To protect your accounts, Kaspersky recommends using random, computer-generated passwords and avoiding obvious choices like words, names, or dates. They also suggest checking if your passwords have been compromised on sites like HaveIBeenPwned? and using unique passwords for different websites.

This research serves as a reminder of the importance of strong passwords in today's digital world. By taking these steps, you can significantly improve your online security and keep your accounts safe from hackers.


How to Protect Your Passwords

The importance of strong, secure passwords cannot be overstated. As the Kaspersky study shows, many common passwords are easily cracked with modern technology. Here are some tips to better protect your online accounts:

1. Use Random, Computer-Generated Passwords: These are much harder for hackers to guess because they don't follow predictable patterns.

2. Avoid Using Common Words and Names: Hackers often use dictionaries of common words and names to guess passwords.

3. Check for Compromised Passwords: Websites like HaveIBeenPwned? can tell you if your passwords have been leaked in a data breach.

4. Use Unique Passwords for Each Account: If one account gets hacked, unique passwords ensure that your other accounts remain secure.

Following these tips can help you stay ahead of hackers and protect your personal information. With the increasing power of modern computers, taking password security seriously is more important than ever.


Read more »
Websites
Black hat malware Online Security URL Websites

Cybercriminals Exploit Web Hosting Platforms to Spread Malware


 

Cybersecurity researchers at Zscaler ThreatLabz have uncovered a concerning trend in which cybercriminals are exploiting popular web hosting and blogging platforms to disseminate malware and steal sensitive data. This sophisticated tactic, known as SEO poisoning within the realm of Black Hat SEO techniques, has been employed to manipulate search engine results, pushing fraudulent websites to the forefront of users' search queries, thereby increasing the risk of unwittingly accessing malicious content.


How They Operate

The cybercriminals orchestrating these operations have devised intricate strategies to evade detection and entice unsuspecting users into downloading malware. They fabricate fraudulent websites spanning a wide array of topics, ranging from pirated software to culinary recipes, often hosted on well-established platforms such as Weebly. By adopting the guise of legitimate sites, complete with endorsements like "Powered by Weebly," they exploit users' trust in reputable services to perpetrate their malicious activities.


The process commences with cybercriminals setting up sham sites on web hosting services, adeptly avoiding detection by both hosting providers and users. When individuals search for relevant content and click on links from search results, they unknowingly find themselves on these malevolent sites. To circumvent scrutiny from security researchers, the perpetrators implement evasion techniques, including scrutinising referral URLs. Should a user access the site directly, indicating a potential analysis, the site tactfully sidesteps redirection to preserve its cloak of invisibility.


The Payload Delivery System

Malicious payloads are secretly delivered through multi-layered zipped files concealed within seemingly innocuous content. For instance, an individual seeking cracked software may inadvertently download malware instead of the anticipated content. Upon execution, the malware puts together a sequence of activities, encompassing process hollowing and DLL sideloading, aimed at downloading additional malware and establishing communication with command-and-control servers.


Tricks to Avoid Detection

To further complicate their activities, threat actors employ techniques, including string concatenation, mathematical manipulation, and the utilisation of password-protected ZIP archives. These tactics serve to confound security measures, rendering the malicious code arduous to decipher and bolstering the malware's ability to slightly pass over detection.


Data Theft and Deceptive Tactics

Once ensconced within a system, the malware embarks on an mission to harvest extensive troves of data, encompassing system information, browser data, credentials, and browsing history. Additionally, it sets its sights on emails pertaining to cryptocurrency exchanges, adeptly modifying email content and intercepting one-time authentication codes to facilitate unauthorised access.


How To Protect Yourself?

Keeping in mind such campaigns, users are advised to exercise utmost caution when procuring software from unfamiliar sources and to prioritise visiting reputable websites. Staying abreast of emerging cybersecurity threats and securing defences with robust protocols can substantially mitigate the risk of succumbing to potential infections.



Read more »
SurveyLama
Data Breach Emails Online Security Password Personal Data SurveyLama

SurveyLama Data Breach Exposes Millions of Users' Information

 



A major data breach has impacted the online survey platform SurveyLama, putting the sensitive data of over four million individuals at risk. The breach, which occurred in February of this year, was confirmed by the company to Troy Hunt, the creator of the well-known website Have I Been Pwned?, which tracks email addresses exposed in data breaches.

What Happened:

Unknown attackers gained unauthorised access to SurveyLama's database, compromising users' names, dates of birth, email addresses, IP addresses, passwords, phone numbers, and postal addresses. This breach leaves users vulnerable to identity theft and phishing scams.

Implications for Users:

SurveyLama rewards its users for completing surveys, making them potential targets for phishing emails. While passwords were stored in encrypted forms (salted SHA-1, bcrypt, and argon2 hashes), some could still be susceptible to brute-force attacks, especially those hashed with SHA-1, which has known vulnerabilities. Users are strongly advised to update their passwords immediately as a precautionary measure.

Protective Measures:

SurveyLama has reportedly notified affected users via email about the breach. However, users should remain cautious of any suspicious emails, particularly those promising rewards in exchange for quick action. Although the stolen information has not yet been publicly posted or sold on the dark web, proactive steps should be taken to secure accounts.

Expert Insight:

Troy Hunt, upon receiving information about the breach, independently verified the data's authenticity. SurveyLama confirmed the security incident and assured users that passwords were stored in encrypted forms. Nonetheless, users are encouraged to reset their passwords not only on SurveyLama but also on other platforms where similar credentials may have been used.

While SurveyLama has taken steps to address the breach and notify affected users, the potential risks remain significant. The possibility of the stolen data being exploited privately or leaked to cybercriminals underscores the importance of immediate action by users to safeguard their personal information.

All in all, the SurveyLama data breach serves as a reminder of the ever-present threats to online security and the importance of vigilance in protecting personal data. Users must stay informed, remain cautious of suspicious activities, and take proactive measures to enhance their online security posture.


Read more »
Online Security
CISOs Cyber Security Data Privacy Digital Literacy Generative AI IP addresses Online Security

What Are The Risks of Generative AI?

 




We are all drowning in information in this digital world and the widespread adoption of artificial intelligence (AI) has become increasingly commonplace within various spheres of business. However, this technological evolution has brought about the emergence of generative AI, presenting a myriad of cybersecurity concerns that weigh heavily on the minds of Chief Information Security Officers (CISOs). Let's synthesise this issue and see the intricacies from a microscopic light.

Model Training and Attack Surface Vulnerabilities:

Generative AI collects and stores data from various sources within an organisation, often in insecure environments. This poses a significant risk of data access and manipulation, as well as potential biases in AI-generated content.


Data Privacy Concerns:

The lack of robust frameworks around data collection and input into generative AI models raises concerns about data privacy. Without enforceable policies, there's a risk of models inadvertently replicating and exposing sensitive corporate information, leading to data breaches.


Corporate Intellectual Property (IP) Exposure:

The absence of strategic policies around generative AI and corporate data privacy can result in models being trained on proprietary codebases. This exposes valuable corporate IP, including API keys and other confidential information, to potential threats.


Generative AI Jailbreaks and Backdoors:

Despite the implementation of guardrails to prevent AI models from producing harmful or biased content, researchers have found ways to circumvent these safeguards. Known as "jailbreaks," these exploits enable attackers to manipulate AI models for malicious purposes, such as generating deceptive content or launching targeted attacks.


Cybersecurity Best Practices:

To mitigate these risks, organisations must adopt cybersecurity best practices tailored to generative AI usage:

1. Implement AI Governance: Establishing governance frameworks to regulate the deployment and usage of AI tools within the organisation is crucial. This includes transparency, accountability, and ongoing monitoring to ensure responsible AI practices.

2. Employee Training: Educating employees on the nuances of generative AI and the importance of data privacy is essential. Creating a culture of AI knowledge and providing continuous learning opportunities can help mitigate risks associated with misuse.

3. Data Discovery and Classification: Properly classifying data helps control access and minimise the risk of unauthorised exposure. Organisations should prioritise data discovery and classification processes to effectively manage sensitive information.

4. Utilise Data Governance and Security Tools: Employing data governance and security tools, such as Data Loss Prevention (DLP) and threat intelligence platforms, can enhance data security and enforcement of AI governance policies.


Various cybersecurity vendors provide solutions tailored to address the unique challenges associated with generative AI. Here's a closer look at some of these promising offerings:

1. Google Cloud Security AI Workbench: This solution, powered by advanced AI capabilities, assesses, summarizes, and prioritizes threat data from both proprietary and public sources. It incorporates threat intelligence from reputable sources like Google, Mandiant, and VirusTotal, offering enterprise-grade security and compliance support.

2. Microsoft Copilot for Security: Integrated with Microsoft's robust security ecosystem, Copilot leverages AI to proactively detect cyber threats, enhance threat intelligence, and automate incident response. It simplifies security operations and empowers users with step-by-step guidance, making it accessible even to junior staff members.

3. CrowdStrike Charlotte AI: Built on the Falcon platform, Charlotte AI utilizes conversational AI and natural language processing (NLP) capabilities to help security teams respond swiftly to threats. It enables users to ask questions, receive answers, and take action efficiently, reducing workload and improving overall efficiency.

4. Howso (formerly Diveplane): Howso focuses on advancing trustworthy AI by providing AI solutions that prioritize transparency, auditability, and accountability. Their Howso Engine offers exact data attribution, ensuring traceability and accountability of influence, while the Howso Synthesizer generates synthetic data that can be trusted for various use cases.

5. Cisco Security Cloud: Built on zero-trust principles, Cisco Security Cloud is an open and integrated security platform designed for multicloud environments. It integrates generative AI to enhance threat detection, streamline policy management, and simplify security operations with advanced AI analytics.

6. SecurityScorecard: SecurityScorecard offers solutions for supply chain cyber risk, external security, and risk operations, along with forward-looking threat intelligence. Their AI-driven platform provides detailed security ratings that offer actionable insights to organizations, aiding in understanding and improving their overall security posture.

7. Synthesis AI: Synthesis AI offers Synthesis Humans and Synthesis Scenarios, leveraging a combination of generative AI and cinematic digital general intelligence (DGI) pipelines. Their platform programmatically generates labelled images for machine learning models and provides realistic security simulation for cybersecurity training purposes.

These solutions represent a diverse array of offerings aimed at addressing the complex cybersecurity challenges posed by generative AI, providing organizations with the tools needed to safeguard their digital assets effectively.

While the adoption of generative AI presents immense opportunities for innovation, it also brings forth significant cybersecurity challenges. By implementing robust governance frameworks, educating employees, and leveraging advanced security solutions, organisations can navigate these risks and harness the transformative power of AI responsibly.

Read more »
Technology
CPU Generative AI GPUs NVIDIA Online Security Technology

Are GPUs Ready for the AI Security Test?

 


As generative AI technology gains momentum, the focus on cybersecurity threats surrounding the chips and processing units driving these innovations intensifies. The crux of the issue lies in the limited number of manufacturers producing chips capable of handling the extensive data sets crucial for generative AI systems, rendering them vulnerable targets for malicious attacks.

According to recent records, Nvidia, a leading player in GPU technology, announced cybersecurity partnerships during its annual GPU technology conference. This move underscores the escalating concerns within the industry regarding the security of chips and hardware powering AI technologies.

Traditionally, cyberattacks garner attention for targeting software vulnerabilities or network flaws. However, the emergence of AI technologies presents a new dimension of threat. Graphics processing units (GPUs), integral to the functioning of AI systems, are susceptible to similar security risks as central processing units (CPUs).


Experts highlight four main categories of security threats facing GPUs:


1. Malware attacks, including "cryptojacking" schemes where hackers exploit processing power for cryptocurrency mining.

2. Side-channel attacks, exploiting data transmission and processing flaws to steal information.

3. Firmware vulnerabilities, granting unauthorised access to hardware controls.

4. Supply chain attacks, targeting GPUs to compromise end-user systems or steal data.


Moreover, the proliferation of generative AI amplifies the risk of data poisoning attacks, where hackers manipulate training data to compromise AI models.

Despite documented vulnerabilities, successful attacks on GPUs remain relatively rare. However, the stakes are high, especially considering the premium users pay for GPU access. Even a minor decrease in functionality could result in significant losses for cloud service providers and customers.

In response to these challenges, startups are innovating AI chip designs to enhance security and efficiency. For instance, d-Matrix's chip partitions data to limit access in the event of a breach, ensuring robust protection against potential intrusions.

As discussions surrounding AI security evolve, there's a growing recognition of the need to address hardware and chip vulnerabilities alongside software concerns. This shift reflects a proactive approach to safeguarding AI technologies against emerging threats.

The intersection of generative AI and GPU technology highlights the critical importance of cybersecurity in the digital age. By understanding and addressing the complexities of GPU security, stakeholders can mitigate risks and foster a safer environment for AI innovation and adoption.


Read more »
Online Security
Authentication Cyber Phishing Data Breach ISO MOAB Online Security

Massive Data Breach Sends Shockwaves Through Businesses

 



A colossal breach of data has rattled the digital world affecting billions of users across various platforms and organisations. This vile breach, dubbed the "mother of all breaches" (MOAB), has exposed a staggering 26 billion entries, including those from LinkedIn, Twitter, Dropbox, and others. Government agencies in several countries have also been hit.

The implications for businesses are imminent. The leaked data, totaling 12 terabytes, poses an ongoing threat to personal information and corporate security. It not only comprises information from past breaches but also includes new data, providing cybercriminals with a comprehensive toolkit for orchestrating various cyberattacks, including identity theft.

In response to this unprecedented threat, businesses are urged to adopt a proactive stance in monitoring their infrastructure. Key signals to watch for include unusual access scenarios, suspicious account activity, a surge in phishing attempts, abnormal network traffic, an increase in helpdesk requests, and customer complaints about unauthorised access or suspicious transactions.

This incident underscores the need for a new security paradigm, where companies prioritise user security over user experience. While some may resist this shift, it is essential for long-term protection against cyber threats. Implementing global security standards such as ISO/IEC 27001 and enhancing authentication policies are crucial steps in fortifying defences.

Authentication measures like multi-factor authentication and liveness detection technology are rapidly gaining traction as the go-to standards across industries. These methods not only reinforce security but also seamlessly integrate into user experiences, striking a delicate balance between safeguarding sensitive data and ensuring user convenience. By embracing these sophisticated authentication techniques, businesses can erect formidable defences against cyber threats while enhancing overall user satisfaction.

The recent MOAB incident serves as a sign of trouble for businesses worldwide to bolster their defence mechanisms and hone their cyber acumen. While the paramountcy of data security cannot be overstated, it is equally crucial for companies, particularly those engaging with consumers directly, to uphold user-friendly processes. By harmonising stringent security measures with intuitive and accessible procedures, businesses can adeptly traverse the complex system of cybersecurity, instilling trust among stakeholders and effectively mitigating potential risks in a rampant semblance of digital development.

To get a hold of the events, the MOAB data breach underlines the exponential need for businesses to invest in robust security measures while ensuring a smooth user experience. By staying a step ahead and proactive, companies can mitigate the risks posed by cyber threats and safeguard their customers' sensitive information.


Read more »
Plugins
ChatGPT Data Breach Online Security PII Plugins

Security Flaws Discovered in ChatGPT Plugins

 


Recent research has surfaced serious security vulnerabilities within ChatGPT plugins, raising concerns about potential data breaches and account takeovers. These flaws could allow attackers to gain control of organisational accounts on third-party platforms and access sensitive user data, including Personal Identifiable Information (PII).

According to Darren Guccione, CEO and co-founder of Keeper Security, the vulnerabilities found in ChatGPT plugins pose a significant risk to organisations as employees often input sensitive data, including intellectual property and financial information, into AI tools. Unauthorised access to such data could have severe consequences for businesses.

In November 2023, ChatGPT introduced a new feature called GPTs, which function similarly to plugins and present similar security risks, further complicating the situation.

In a recent advisory, the Salt Security research team identified three main types of vulnerabilities within ChatGPT plugins. Firstly, vulnerabilities were found in the plugin installation process, potentially allowing attackers to install malicious plugins and intercept user messages containing proprietary information.

Secondly, flaws were discovered within PluginLab, a framework for developing ChatGPT plugins, which could lead to account takeovers on third-party platforms like GitHub.

Lastly, OAuth redirection manipulation vulnerabilities were identified in several plugins, enabling attackers to steal user credentials and execute account takeovers.

Yaniv Balmas, vice president of research at Salt Security, emphasised the growing popularity of generative AI tools like ChatGPT and the corresponding increase in efforts by attackers to exploit these tools to gain access to sensitive data.

Following coordinated disclosure practices, Salt Labs worked with OpenAI and third-party vendors to promptly address these issues and reduce the risk of exploitation.

Sarah Jones, a cyber threat intelligence research analyst at Critical Start, outlined several measures that organisations can take to strengthen their defences against these vulnerabilities. These include:


1. Implementing permission-based installation: 

This involves ensuring that only authorised users can install plugins, reducing the risk of malicious actors installing harmful plugins.

2. Introducing two-factor authentication: 

By requiring users to provide two forms of identification, such as a password and a unique code sent to their phone, organisations can add an extra layer of security to their accounts.

3. Educating users on exercising caution with code and links: 

It's essential to train employees to be cautious when interacting with code and links, as these can often be used as vectors for cyber attacks.

4. Monitoring plugin activity constantly: 

By regularly monitoring plugin activity, organisations can detect any unusual behaviour or unauthorised access attempts promptly.

5. Subscribing to security advisories for updates:

Staying informed about security advisories and updates from ChatGPT and third-party vendors allows organisations to address vulnerabilities and apply patches promptly.

As organisations increasingly rely on AI technologies, it becomes crucial to address and mitigate the associated security risks effectively.


Read more »
Zero-Knowledge Proofs
Blockchain Technology Cryptomining News Cyber Security Online Security Zero-Knowledge Proofs

Unveiling the Power of Zero-Knowledge Proofs in Blockchain Technology

In the dynamic realm of blockchain technology, a groundbreaking innovation is emerging as a beacon of privacy and security: Zero-Knowledge Proofs (ZKPs). These cryptographic marvels are poised to redefine the landscape of blockchain transactions, offering unparalleled privacy and integrity. Let's delve into the intricate world of ZKPs and explore their transformative potential within the blockchain ecosystem. 

Let’s Understand What is ZKPs Zero-knowledge Proofs 

(ZKPs) stand as a cornerstone of modern cryptography, enabling individuals to assert knowledge of specific data without disclosing the data itself. Their utility extends across various domains, particularly in scenarios where data confidentiality is paramount. 

Privacy on Blockchains: While blockchains offer transparency, preserving privacy is often crucial, especially when dealing with sensitive financial or personal information within smart contracts. To safeguard this data, smart contracts typically require specific inputs before execution. 

Prover and Verifier: In Zero-Knowledge Proofs (ZKPs), one party (the prover) demonstrates cryptographically to another party (the verifier) that they possess accurate knowledge of hidden data. The data remains undisclosed, known only to the prover with a high level of certainty. 

Maintaining Privacy: ZKPs emerge as a key method for ensuring privacy on public blockchains. They enable the prover to prove knowledge without revealing the actual data, crucial for preserving confidentiality in transactions. 

Enhanced Security: Beyond privacy, ZKPs also bolster security. With 66% of organizations experiencing cyber attacks in the past year, such technology becomes increasingly vital for safeguarding sensitive information. 

Understand With This Example: 
Imagine your friend, Chani, claims she knows the password to your favorite online game but does not want to reveal it. Instead, she aims to prove her knowledge without disclosing the password itself. Enter Zero-Knowledge Proofs (ZKPs). 

In this scenario, Chani serves as the prover, while you are the verifier. Chani seeks to demonstrate her knowledge of the password without giving it away. Using a Zero-Knowledge Proof, Chani can achieve this by engaging in a series of interactions with you that showcase her knowledge without directly revealing the password. 

For example, Chani might ask you to input any word as a password and then perform a sequence of actions that only someone aware of the actual password could execute correctly. Perhaps she requests you to enter the password into a login screen multiple times, each time making slight modifications to the input to prove her familiarity with the correct password. After witnessing several successful attempts, you become convinced of Chani's knowledge of the password, even though she never explicitly discloses it. 

In this manner, Chani effectively proves her knowledge without divulging any additional information beyond the fact that she knows the password. This straightforward illustration underscores the efficacy of Zero-Knowledge Proofs in real-life scenarios, enabling individuals to demonstrate possession of specific knowledge without exposing the knowledge itself. Such a concept finds broad applicability across various domains, including cryptography, cybersecurity, and everyday interactions where privacy and security are paramount. 

Understand How ZKP Works? 

Advanced Verification: This is like a security guard checking if someone trying to enter a restricted area knows the secret moves or actions. If someone tries to fake it, the security system detects the trickery. 

Interactive ZKP: This is when the prover has to go through the secret handshake process separately with each verifier every time they want to prove their knowledge. 

Non-Interactive ZKP: Here, the prover creates a special proof that anyone else who knows the secret handshake can easily check without having to interact directly with the prover. It is like having a stamp of approval that others can use to verify your knowledge. 

Zero-Knowledge Proofs (ZKPs) Come in Different Types, Each With its Own Strengths: 

PLONK: This ZKP is highly versatile and can handle various tasks involving many people. It is like a Swiss Army knife of ZKPs, ready for any challenge. 

ZK-SNARKS: These proofs are fast and easy to verify. They are like simple puzzles that you can quickly solve once you have the right pieces. Using smart math tricks, they keep things running smoothly. 

ZK-STARKS: These proofs are lightning-fast. They do not need much chatting back and forth between the prover and verifier, so they speed through the process. 

Bulletproofs: These ZKPs are short and to the point. They do not require any special setup, making them perfect for keeping cryptocurrency transactions private without relying on trust. 

Zero-Knowledge Proofs (ZKPs) are rapidly becoming a standard in various fields, offering solutions to pressing challenges. They enable private transactions, as seen in cryptocurrencies like Zcash, ensuring anonymity for users. Additionally, ZKPs contribute to decentralized identity systems, safeguarding personal information while allowing for verification. Furthermore, they facilitate verifiable computations in decentralized networks, enhancing the trustworthiness of smart contracts accessing off-chain data. With their versatility and security features, ZKPs are poised to continue revolutionizing cybersecurity, Web3 projects, and beyond, shaping the future of digital transactions and identity management. 
Read more »
Virtual Private Network
Cyber Security Data Privacy Network Server Online Security Virtual Private Network

Everything You Need To Know About VPN

 


In an era where our daily lives intertwine with the digital world, the internet becomes both a companion and a potential threat, understanding the role of Virtual Private Networks (VPNs) is key to safeguarding your online experience. Whether you're working remotely, enjoying a coffee shop's Wi-Fi, or travelling, a VPN functions as a dependable safeguard against potential security risks.


What is a VPN? 

A VPN, or Virtual Private Network, is your online security guard. Its purpose is to create a secure, private tunnel over the internet, encrypting your data and protecting it from prying eyes. This extra layer of security is especially crucial given the internet's initial design prioritising data transfer reliability over privacy.


How does it work? 

Imagine your computer wanting to visit a website like ZDNET. Instead of sending unprotected data, a VPN encrypts it and sends it through a secure tunnel to a VPN server. This server then decrypts the information, establishing a safe connection between your device and the destination, ensuring your data remains confidential.

There are two main types of VPNs. Corporate VPNs connect private networks within the same organisation over the internet, securing data transmission. Consumer VPNs, offered as a service, protect your data transmission to the provider's data centre, enhancing security, especially on public Wi-Fi.


When should you use a VPN? 

Whenever you're away from your secure home or office network and using public Wi-Fi, a VPN is your go-to. It adds an extra layer of protection against potential snoopers on open networks, especially when accessing services with personal information.

Choosing the right VPN service matters. While free VPNs exist, they often come with privacy risks. Some are even set up by malicious entities to harvest personal data. Opting for a reputable paid VPN service is a safer choice.

However, a VPN does not serve as an infallible solution for privacy. While it secures your connection, it does not have the capability to prevent websites from tracking your activities. Users are advised to maintain vigilance regarding potential privacy infringements that may extend beyond the scope of the VPN.


Concerned about your computer slowing down? 

Advancements in CPU performance have effectively mitigated the impact of data encryption and decryption processes. However, network performance remains susceptible to the quality of public Wi-Fi and the geographical location of the VPN server. 

Certain VPN services may impose limitations on usage, such as data caps or speed restrictions. These restrictions are often associated with free services. Therefore, opting for a dependable paid service that aligns with your specific requirements becomes imperative.

In the domain of online security, VPNs play a pivotal role. Whether safeguarding sensitive work data or ensuring privacy on public networks, a comprehensive understanding of VPN fundamentals empowers users to traverse the internet securely. It is advised to make informed choices, stay updated, and consider your VPN as a reliable tool for online protection.


Read more »
Online Security
Cloudfare CrowdStrike Cyber Attacks Cybersecurity Okta Data Breach Online Security

Cloudflare Faces Cybersecurity Breach in Okta Supply-Chain Attack



Cloudflare, a prominent Internet security and DDoS protection company, recently fell victim to a cyberattack linked to the widespread Okta supply-chain campaign last fall. The breach, affecting Cloudflare's Atlassian Bitbucket, Confluence, and Jira platforms, commenced on Thanksgiving Day.

Cloudflare, in collaboration with industry and government partners, determined that a nation-state attacker aimed to gain persistent and widespread access to its global network. Working with CrowdStrike, the company found that cyber attackers initially accessed the internal wiki (Confluence) and bug database (Jira). They later established persistence on the Atlassian server and proceeded to explore potential points of entry. The assailants successfully breached Cloudflare's source code management system (Bitbucket) and an AWS instance.

The analysis revealed the attackers sought information about the configuration and management of Cloudflare's global network. They accessed various Jira tickets related to vulnerability management, secret rotation, MFA bypass, network access, and the company's response to the Okta incident. Fortunately, due to network segmentation and a zero-trust authentication approach limiting lateral movement, the attackers were largely prevented from accessing critical systems.

Despite minimal access, Cloudflare took comprehensive measures, rotating over 5,000 production credentials, segmenting test and staging systems, and conducting forensic triages on nearly 5,000 systems. The company also reimaged and rebooted every machine in its global network and all Atlassian products.

Experts emphasise the severity of supply chain attacks, highlighting the risk of non-human access being exploited by attackers to gain high-privilege access to internal systems. This breach underscores the importance of monitoring both cloud-based and on-premises solutions.

Notably, Cloudflare identified the compromise's connection to a prior Okta breach in October. Okta, an identity and access management services provider, disclosed a compromise in its customer support case management system, exposing sensitive customer data. The attackers leveraged access tokens and service account credentials obtained during the Okta compromise. All threat actor access was terminated on November 24, according to CrowdStrike.

In response, Cloudflare conducted a thorough security remediation, emphasising the need for credential rotation after a security incident. Okta confirmed its prior notification to customers about the October security incident, urging them to rotate credentials and providing indicators of compromise.

This incident draws attention to the ongoing challenges posed by sophisticated cyber threats, making it clear that the importance of continuous vigilance and proactive security measures is substantial. The collaboration between companies and security experts remains crucial in mitigating the impact of such attacks.

As cybersecurity threats continue to evolve, it is imperative for organisations to stay informed, implement robust security practices, and prioritise swift responses to potential breaches.


Read more »
Synergia operation
Cyber Security cybercriminal arrests Cybersecurity digital space protection global C2 servers Interpol Law Enforcement Online Security phishing Ransomware Synergia operation

Interpol's Operation 'Synergia' Secures Numerous Cybercriminal Arrests, Disrupts Global C2s

 

An international operation aimed at countering the rising threat of phishing, banking malware, and ransomware attacks globally has successfully dismantled command-and-control (C2) servers across Africa and the Middle East. Led by Interpol, the Synergia operation engaged 60 law enforcement agencies, including 17 from the Middle East and Africa (MEA) region. 

Notably, significant takedowns occurred in South Sudan and Zimbabwe, resulting in four arrests. Kuwait law enforcement collaborated with Internet Service Providers (ISPs) to identify victims, conduct field investigations, and provide technical guidance to mitigate the impacts of cyber threats.

Collaborating with local law enforcement and cybersecurity firms such as Group-IB, Kaspersky, ShadowServer, Team Cymru, and TrendMicro, Interpol executed the operation from September to November. The global initiative led to the arrest of 31 individuals and the identification of 70 additional suspects.

Beyond the MEA region, the operation yielded notable results worldwide:

- Europe witnessed the majority of C2 server takedowns, resulting in 26 arrests.
- The Hong Kong and Singapore Police successfully took down 153 and 86 servers, respectively.
- Bolivia mobilized various public authorities to identify malware and vulnerabilities.

Synergia also uncovered malicious infrastructure and resources in over 50 countries, spread across 200 web hosting providers globally. Currently, 70% of the C2 servers have been taken offline, with the remainder under investigation.

Bernardo Pillot, Assistant Director to the Interpol Cybercrime Directorate, emphasized the collaborative efforts of multiple countries and partners, underscoring the commitment to safeguarding the digital space. By dismantling the infrastructure supporting phishing, banking malware, and ransomware attacks, the operation aims to create a more secure online environment for users worldwide.
Read more »
Online Security
Car Maker Data Breach Data Leak Leak Source Code Online Security

Mercedes-Benz Accidentally Leaked Private Data, Including Source Code

 

Mercedes-Benz unintentionally leaked a trove of internal data by leaving an obscure key online that gave "unrestricted access" to the company's source code, according to the security research team that unearthed it. 

TechCrunch was notified of the exposure by RedHunt Labs' co-founder and chief technology officer Shubham Mittal, who also requested help in notifying the automaker. The London-based cybersecurity firm claimed that during a standard internet scan in January, it found the authentication token of a Mercedes employee in a public GitHub project.

According to Mittal, this token, which is a substitute to using a password for authentication on GitHub, could allow anyone complete access to Mercedes's GitHub Enterprise Server, allowing them to acquire the company's proprietary source code repositories. 

“The GitHub token gave ‘unrestricted’ and ‘unmonitored’ access to the entire source code hosted at the internal GitHub Enterprise Server,” Mittal explained. “The repositories include a large amount of intellectual property… connection strings, cloud access keys, blueprints, design documents, [single sign-on] passwords, API Keys, and other critical internal information.”

Mittal provided TechCrunch evidence that Mercedes source code, a Postgres database, and keys for Microsoft Azure and Amazon Web Services (AWS) were all there in the exposed repository. If any customer data was present in the repositories is unknown. 

Mercedes was informed of the security flaw by TechCrunch on Monday of last week. Mercedes official Katja Liesenfeld stated on Wednesday that the company has revoked the respective API token and removed the public repository immediately. 

“We can confirm that internal source code was published on a public GitHub repository by human error. The security of our organisation, products, and services is one of our top priorities. We will continue to analyse this case according to our normal processes. Depending on this, we implement remedial measures,” Liesenfeld added. 

Mercedes declined to comment on whether it was aware of any unauthorised access by third parties to the leaked data or whether it possesses the technological know-how, such as access logs, to ascertain whether unauthorised access to its data repositories occurred. The representative gave vague security justifications. 

The personal information of Hyundai Motor India customers who had their vehicles serviced at Hyundai-owned stations throughout India, including names, mailing addresses, email addresses, and phone numbers, was exposed due to a bug that was fixed by the company's India subsidiary, as TechCrunch exclusively reported earlier this month.
Read more »
Zeppelin2
CISA cybersecurity advisory Dark Web FBI malware Online Security Ransomware Threat Zeppelin2

Zeppelin2 Ransomware: An Emerging Menace in the Dark Web Ecosystem

 

In a recent update from an underground online forum, a user is actively promoting the sale of Zeppelin2 ransomware, providing both its source code and a cracked version of its builder tool. This malicious software, known for its destructive capabilities, has garnered the attention of cybersecurity experts and law enforcement agencies globally.

The forum post asserts that the user successfully breached the security measures of the Zeppelin2 builder tool, originally designed for data encryption. The post includes screenshots of the source code, shedding light on the intricate details of the build process and revealing that the ransomware is programmed in Delphi.

The Zeppelin2 ransomware builder tool, being promoted by the threat actor, showcases various features, such as file settings, ransom notes, IP logging, startup commands, task killers, and auto-unlocking busy files. The threat actor underscores the ransomware's capability to comprehensively encrypt files, rendering data recovery impossible without a unique private key held by the attackers.

Upon completing the encryption process, victims are presented with a ransom note declaring the encryption of all their files. The note instructs victims to contact the attackers via email and offers a method for testing the legitimacy of the decryptor by sending a non-valuable file.

Reports indicate that Zeppelin2 ransomware demands ransom payments in Bitcoin, with extortion amounts ranging from several thousand dollars to over a million dollars. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a cybersecurity advisory to address the Zeppelin2 threat.

Zeppelin2, employed by threat actors since 2019 and continuing at least until June 2022, targets various sectors through its ransomware-as-a-service (RaaS) model. These sectors include defense contractors, educational institutions, manufacturers, technology companies, and notably, organizations in the healthcare and medical industries.

The ransomware's modus operandi involves exploiting vulnerabilities such as remote desktop protocol (RDP) exploitation, SonicWall firewall vulnerabilities, and phishing campaigns to gain access to victim networks. Before deploying the Zeppelin2 ransomware, threat actors meticulously map and enumerate the victim's network, identifying critical data enclaves, including cloud storage and network backups.

Consistent with ransomware groups, Zeppelin2 operators exfiltrate sensitive corporate data with the intention of making it accessible to buyers or the public if the victim resists complying with their demands.

Of significance, the FBI has observed instances where Zeppelin2 actors execute their malware multiple times within a victim's network, generating different IDs or file extensions for each attack instance, necessitating multiple unique decryption keys.
Read more »
Privacy Breach
affected individuals CBS parent company Cybersecurity Incident Data Breach Online Security Paramount hack Privacy Breach

Parent Company of CBS and Paramount Discloses Cybersecurity Breach Impacting 80K Individuals

 

The parent company of CBS and Paramount, National Amusements, has recently reported a data breach that occurred a year ago, affecting 82,128 individuals. TechCrunch initially covered the incident, which was disclosed in a legal filing with the Attorney General of Maine under the state's 2005 digital privacy law. Despite the company not making public comments about the breach beyond the legal filing, it remains unclear whether the compromised data pertains to customers or exclusively employees.

According to Maine's data breach notification, the hack took place from December 13 to 15, 2022, with 82,128 people impacted, including 64 Maine residents. The notice, filed by National Amusements' senior vice president of human resources, suggests a focus on internal employee data. 

The company reportedly began notifying affected customers in writing on December 22, 2023, approximately 372 days after the breach was identified. In a letter to victims, National Amusements stated that it became aware of suspicious network activity on or about December 15, 2022, taking immediate steps to secure its network.

However, an inconsistency arises as the notice from Maine's Attorney General's office lists the "date breach discovered" as August 23, 2023. This indicates that the company may not have been aware of the intrusion until eight months after the incident, contradicting the claim of immediate action.

The legal filing mentions that hackers accessed financial information, including account and credit/debit card numbers in combination with security codes, access codes, passwords, or PINs. National Amusements has committed to providing 12 months of Experian credit monitoring and identity theft services to individuals whose social security numbers were compromised.

Engadget has reached out to National Amusements for confirmation and additional information.  

It's important to note that National Amusements, which gained a controlling stake in Paramount and CBS in 2019 through the Viacom-CBS merger, experienced a separate hack from the one disclosed by Paramount in August through Massachusetts' Attorney General's Office. The latter breach was reported to have occurred between May and June 2023.
Read more »
Threat Landscape
Cyber Crime DDOS Attack Online Security Online Traffic Threat Landscape

Hackers are Launching DDoS Attacks During Peak Business Hours

 

Threat groups' tactics to avoid detection and cause harm are becoming increasingly sophisticated. Many security practitioners have seen distributed denial-of-service (DDoS) attacks carried out during peak business hours, when firms are more likely to be understaffed and caught off guard.

DDoS attacks are a year-round threat, but we've seen an increase in attacks around the holiday season. Microsoft mitigated an average of 1,435 assaults per day in 2022. These attacks peaked on September 22, 2022, with roughly 2,215 documented attacks, and continued at a greater volume until the last week of December. From June to August, the number of attacks were reduced.

One reason for this trend could be that many organisations operate with fewer security staff and limited resources to monitor their networks and apps during the holidays. The huge volume of traffic and income made by organisations during this peak business season make this time of year even more tempting to attackers. 

Cybercriminals frequently take advantage of this opportunity to carry out lucrative attacks at a low cost. A DDoS assault can be ordered via a DDoS subscription service for as little as $5 under a cybercrime-as-a-service business model. In the meantime, small and medium-sized businesses spend an average of $120,000 to restore services and manage operations during a DDoS attack. 

With this knowledge, security teams can take preemptive steps to fight against DDoS assaults during busy business seasons. Continue reading to find out how. 

Understanding the varieties of DDoS attacks 

Before we can discuss how to protect against DDoS attacks, we must first comprehend what they are. DDoS attacks are classified into three groups, each with its own set of cyberattacks. Attackers can utilise a variety of attack types against a network, including those from distinct categories. 

The first type of attack is a volumetric attack. This type of attack focuses on bandwidth and is intended to overload the network layer with traffic. A domain name server (DNS) amplification attack, which leverages open DNS servers to flood a target with DNS answer traffic, is one example.

Then there are protocol attacks. This category primarily targets resources by exploiting flaws in the protocol stack's Layers 3 and 4. A protocol attack may be a synchronisation packet flood (SYN) attack, which uses all available server resources, rendering the server unusable. 

The last type of DDoS assault is resource layer attacks. This category is meant to disrupt data flow between hosts by targeting Web application packets. Consider an HTTP/2 Rapid Reset attack, for example. In this case, the attack delivers a predetermined amount of HTTP requests followed by RST_STREAM. This pattern is then repeated to produce a large volume of traffic on the targeted HTTP/2 servers.
Read more »
U.S. targets
Agent Raccoon Backdoor Hacking malware Online Security Threat actor U.S. targets

Hackers Use This New Malware to Backdoor Targets in Middle East, Africa and U.S

 

Various entities in the Middle East, Africa, and the United States have fallen victim to an unidentified threat actor orchestrating a campaign involving the dissemination of a recently discovered backdoor named Agent Racoon. According to Chema Garcia, a researcher at Palo Alto Networks Unit 42, the malware is crafted using the .NET framework and exploits the domain name service (DNS) protocol to establish a covert communication channel, facilitating diverse backdoor functionalities.

The targeted organizations hail from a range of sectors, including education, real estate, retail, non-profit, telecommunications, and government. Despite the lack of attribution to a specific threat actor, the campaign is suspected to be state-sponsored due to discernible victimology patterns and the utilization of sophisticated detection and defense evasion techniques. Palo Alto Networks is monitoring this threat cluster under the label CL-STA-0002. The exact method of infiltration and the timeline of the attacks remain unclear at this point.

The adversary employs additional tools alongside Agent Racoon, such as a customized version of Mimikatz named Mimilite and a novel utility known as Ntospy. The latter utilizes a custom DLL module implementing a network provider to pilfer credentials for a remote server. Notably, while Ntospy is employed across the affected organizations, Mimilite and Agent Racoon are specifically found in the environments of non-profit and government-related organizations.

Agent Racoon, executed through scheduled tasks, enables the execution of commands, uploading and downloading of files, all while camouflaging itself as Google Update and Microsoft OneDrive Updater binaries. The command-and-control (C2) infrastructure linked to the implant dates back to at least August 2020, with the earliest sample of Agent Racoon uploaded to VirusTotal in July 2022.

Unit 42's investigation revealed instances of successful data exfiltration from Microsoft Exchange Server environments, resulting in the theft of emails matching various search criteria. The threat actor has also been observed harvesting victims' Roaming Profile. Despite these findings, the tool set associated with this campaign has not been definitively linked to a specific threat actor and appears to extend beyond a single cluster or campaign, according to Garcia.
Read more »
penetration tests
Cyber Security Dark Web data security Hacker-for-hire Online Security penetration tests

Hackers for Hire: Navigating the Dark Web, Penetration Tests, and More

 

As the digital landscape undergoes transformation, it is imperative for organizations to remain vigilant in the face of a persistent threat from for-hire hackers. 

To safeguard their networks, customers, and financial stability, organizations must comprehend the risks associated with cyber threats and take proactive measures. 

Sourcing Hackers for Hire:

Hackers for hire, malevolent individuals who offer their hacking services to carry out cyberattacks on behalf of others or as a paid service, provide a range of offerings. These services encompass malware as a service (MaaS), ransomware as a service (RaaS), phishing as a service (PhaaS), distributed denial of service (DDoS) as a service, and targeted attacks on specific systems or environments.

These nefarious hacker-for-hire services are widely available on the dark web, an unregulated corner of the internet beyond the reach of conventional search engines like Chrome™, Safari®, or Firefox™. The dark web serves as a notorious marketplace for hackers offering services such as MaaS, RaaS, PhaaS, and DDoS attacks. Potential clients can peruse various hackers' offerings on dark web marketplaces and select the services they require. 

Payment is typically made using cryptocurrencies, which offer a degree of anonymity to both parties involved. Privacy-centric digital currencies like Monero, Zcash, and AXEL provide the highest level of anonymity, although investigative techniques can still be employed to trace transaction origins.

However, hacker-for-hire services are not limited to the dark web. These services can also be found on social media platforms and messaging apps such as WhatsApp and Telegram, as these apps provide end-to-end encryption for all messages, making them attractive to both hackers and their customers.

Crowe cybersecurity experts conducted an investigation to assess the ease of hiring a hacker, both on the regular internet and the dark web. The study found that DDoS services are the most straightforward to access. A simple search using terms like "IP booter" or "IP stresser," along with advanced techniques for identifying forums and communities that offer these tools, yielded a wealth of information from active sites providing hacker-for-hire services.

DDoS services are often categorized into tiers based on resource usage, application programming interface (API) access, and attack duration. For instance, Tier 1 offers a 300-second attack duration, while Tier 4 extends to 3,600 seconds with access to the developer API (dev API) for use in other applications. DDoS services are accessible and affordable to individuals or groups with disposable income.

To explore more significant hacker-for-hire services such as malware and ransomware, the investigators turned to the dark web, utilizing a specialized browser to search for hubs offering these services. They identified marketplaces, vendors, and individual developers offering custom payloads for customer-specific scenarios. 

Some marketplaces provided guaranteed escrow, indicating a level of professionalism and significant resources allocated to market, sell, and purchase these services. The range of offerings included malware, adware, worms, keyloggers, and other custom-developed tools, many of which included developer support for setup and execution.

The researchers also encountered a market on the dark web selling stolen cryptocurrency wallets, offering access to the wallets' private keys in exchange for bitcoin (BTC).

Investigation Results:

The investigation unveiled the disconcerting reality that virtually anyone with internet access can engage the services of hackers, employ their skills, and purchase compromised credentials, wallets, and personal information. These threats demand serious attention, and organizations and individuals should take immediate action to mitigate these potential risks before they materialize.

The services identified in the investigation were tailored based on specific exploitation criteria, the hacker's skill set, and available toolkits. Most of these services were reasonably affordable for individuals with the financial means and motivation to acquire them. The scope of hacker-for-hire services is limited only by the online presence of potential targets, suggesting that anyone can become a target for the right price.

Typical Customers:

A report from the cyberthreat intelligence firm Mandiant identified government-sponsored groups like UNC2589 and APT28 as significant clients for hackers for hire. Government-sponsored groups leverage hackers for hire to carry out espionage, sabotage, or disruptive activities against their adversaries. Corporate entities also resort to hacker-for-hire services to access their competitors' trade secrets, customer financial data, or to launch attacks like DDoS on competitors' websites. Individuals use hacker-for-hire services for personal motives, including revenge or personal gain.

Potential customers do not need to possess an in-depth understanding of cyberattacks; they merely need to provide a target and payment. Hiring a hacker for DDoS services, for example, can be as straightforward as searching for relevant keywords.

Serious Consequences:

Cyberattacks orchestrated by hackers for hire can inflict severe damage on organizations and individuals. In addition to the direct financial costs associated with a breach, organizations experience reputational harm, potentially leading to a loss of revenue as customers lose trust in a compromised business. According to a 2022 report by IBM, 83% of organizations have faced multiple data breaches.

Hackers for hire themselves can also face severe consequences if caught. For instance, in December 2022, the Federal Bureau of Investigation (FBI) seized approximately 48 domains related to DDoS-for-hire services. These domains were operated by six individuals who were subsequently arrested and faced criminal charges. The FBI linked these domains to DDoS attacks on educational organizations, government agencies, and prominent gaming platforms between 2014 and 2022.

Consequences have also befallen hackers offering ransomware as a service (RaaS). In January 2023, the FBI dismantled Hive, a major Russian crime syndicate that had been selling ransomware tools and services to affiliates since spring 2021.

The Importance of Pen Tests:

One of the most effective means for organizations to mitigate the threat posed by hackers for hire is by employing penetration testers (pen testers). These experts evaluate an organization's security by assessing its external internet presence, internal network, websites, applications, and even simulating scenarios like ransomware, malware, and social engineering campaigns.

Pen tests identify vulnerabilities that could be exploited by malicious hackers, enabling organizations to address these issues before they are used against them. Pen tests often reveal specific areas where improvements can be made, including network segmentation, Microsoft Active Directory™ security, and missing security patches on various systems.

Pen tests are a valuable investment for organizations of all sizes, ranging from small businesses like restaurants and banks to large multinational corporations and government entities. Even seemingly insignificant businesses can be targeted by hackers for hire, and the costs associated with a successful breach can be devastating.

Pen Tests and Staying Ahead of Threats:

The proliferation of hackers for hire represents a significant threat to both organizations and individuals. These malicious actors offer an array of services, including malware, ransomware, phishing, and DDoS attacks, and their services are increasingly accessible. 

However, organizations can protect themselves by conducting regular pen tests, which identify vulnerabilities in their systems or networks before they can be exploited by malevolent hackers. It is crucial for businesses to regularly assess the security of their environments and services and take proactive steps to enhance their security posture.
Read more »
Subscribe to: Posts (Atom)