Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

VPN security
Safe Browsing Technology VPN VPN Hacking VPN security

Is Your VPN Safe? Or Can It be Hacked?


A virtual private network is one of the simplest ways for consumers to secure their internet activity. VPNs utilize tunneling technology to encrypt a user's online traffic and make it unreadable to prying eyes.

This additional layer of security has become a popular choice for both businesses and customers seeking to secure their privacy. According to Statista, more than 24% of all internet users in 2023 utilized a VPN to protect their internet connection.

With such widespread use, one might wonder if VPNs are impervious to hacking. Are they susceptible to hacking? Can VPNs be used to steal user data instead of securing it?

Can VPNs be hacked?

VPNs, like any other software, can be hacked. No software is perfect, and VPNs, like all internet-based technologies, are vulnerable to various threats. That being said, a good VPN will be extremely difficult to crack, especially if it has a secure server infrastructure and application.

VPNs function by creating a secret connection via which your internet activity is encrypted and rendered unreadable. Your internet traffic is routed via a VPN server, which masks your IP address and gives you an extra degree of privacy online.

This encryption protects critical user data including your IP address, device location, browsing history, and online searches from your internet service provider, government agencies, and cybercriminals.

VPNs provide simple safety for your online activity by encrypting user data and routing it over a secure channel. However, this does not render them invincible.

There are a few vulnerabilities in VPNs that hackers can exploit or target. Let's look at a few of them:

How VPNs Can Be Hacked

Breaking the VPN encryption

One approach to hack VPNs is to break through the encryption. Hackers can employ cryptographic attacks to break poorly constructed encryption ciphers. However, breaking encryption requires a significant amount of effort, time, and resources.

Most current VPNs use the Advanced Encryption Standard (AES-256) encryption method. This encryption standard encrypts and decrypts data with 256-bit keys and is commonly regarded as the gold standard in encryption.

This is because AES-256 is nearly impregnable, taking millions to billions of years to brute force and crack even with today's technology. That is why many governments and banks employ AES-256 encryption to protect their data.

In any event, most modern VPN companies use AES-256 encryption, so there isn't anything to worry about.

VPNs employing outdated tunneling protocols

Hackers can also attack older VPN tunneling standards. Tunneling protocols are simply a set of rules governing how your data is processed and transmitted via a certain network.

We wish to avoid utilizing old protocols like PPTP and L2TP/IPSec. These protocols are outdated and are regarded as medium to low security by modern standards.

PPTP, in example, is an older technology with documented weaknesses that unscrupulous actors can exploit. In contrast, L2TP/IPSec provides better security but slower performance than newer protocols.

Fortunately, more recent VPN protocols such as OpenVPN, WireGuard, and IKEv2 offer an excellent balance of high-level security and speed.

DNS, IP, and WebRTC leaks

Malicious actors can also steal user data via VPN leaks. VPN leaks occur when user data is "leaked" from the secure VPN tunnel as a result of a bug or vulnerability inside the software. The primary types of VPN leaks include the following:

DNS leaks occur when the VPN reveals your internet activity, such as DNS queries or browsing history, to the ISP DNS server despite being connected over an encrypted VPN connection.

IP leaks occur when your IP address is accidentally leaked or exposed to the internet, undermining the primary function of a VPN in disguising your true IP address and location.

WebRTC leaks are browser-based leaks in which websites gain unauthorized access to your actual IP address by bypassing the encrypted VPN connection.

VPNs inherently log user data

Finally, hacking is possible when VPN providers access customer data without their authorization.

While many VPN services promise to have no-logs policies, indicating that they are not keeping user data, VPNs have been shown to store user information notwithstanding these rules.

Why should you still invest in a VPN?

Even after understanding the various ways VPNs can be exploited, utilizing a VPN is significantly more secure than not using one. VPNs enable you and your organization to mask your IP address with the touch of a button.

Hiding your IP address is critical because criminal actors can exploit it to send you invasive adverts, learn your location, and collect information about your personal identity. VPNs are one of the simplest and most accessible ways to accomplish this.

VPNs are also an excellent solution for larger enterprises to maintain the security of company data, especially if your company has distant employees who access company resources via the Internet.

Read more »
Social Media
2FA data security Discord Privacy Social Media

Discord Users' Privacy at Risk as Billions of Messages Sold Online

 

In a concerning breach of privacy, an internet-scraping company, Spy.pet, has been exposed for selling private data from millions of Discord users on a clear web website. The company has been gathering data from Discord since November 2023, with reports indicating the sale of four billion public Discord messages from over 14,000 servers, housing a staggering 627,914,396 users.

How Does This Breach Work?

The term "scraped messages" refers to the method of extracting information from a platform, such as Discord, through automated tools that exploit vulnerabilities in bots or unofficial applications. This breach potentially exposes private chats, server discussions, and direct messages, highlighting a major security flaw in Discord's interaction with third-party services.

Potential Risks Involved

Security experts warn that the leaked data could contain personal information, private media files, financial details, and even sensitive company information. Usernames, real names, and connected accounts may be compromised, posing a risk of identity theft or financial fraud. Moreover, if Discord is used for business communication, the exposure of company secrets could have serious implications.

Operations of Spy.pet

Spy.pet operates as a chat-harvesting platform, collecting user data such as aliases, pronouns, connected accounts, and public messages. To access profiles and archives of conversations, users must purchase credits, priced at $0.01 each with a minimum of 500 credits. Notably, the platform only accepts cryptocurrency payments, excluding Coinbase due to a ban. Despite facing a DDoS attack in February 2024, Spy.pet claims minimal damage.

How To Protect Yourself?

Discord is actively investigating Spy.pet and is committed to safeguarding users' privacy. In the meantime, users are advised to review their Discord privacy settings, change passwords, enable two-factor authentication, and refrain from sharing sensitive information in chats. Any suspected account compromises should be reported to Discord immediately.

What Are The Implications?

Many Discord users may not realise the permanence of their messages, assuming them to be ephemeral in the fast-paced environment of public servers. However, Spy.pet's data compilation service raises concerns about the privacy and security of users' conversations. While private messages are currently presumed secure, the sale of billions of public messages underscores the importance of heightened awareness while engaging in online communication.

The discovery of Spy.pet's actions is a clear signal of how vulnerable online platforms can be and underscores the critical need for strong privacy safeguards. It's crucial for Discord users to stay alert and take active measures to safeguard their personal data in response to this breach. As inquiries progress, the wider impact of this privacy violation on internet security and data protection is a substantial concern that cannot be overlooked.


Read more »
Threat Intelligence
APT Group Cyber Attacks Data Leak Telecom Firm Threat Intelligence

ToddyCat APT Is Siphoning Data on 'Industrial Scale'

 

ToddyCat, an advanced persistent threat (APT) gang that targets the government and defence industries, has been seen collecting stolen data "on an industrial scale" from victim organisations in Asia-Pacific. 

Kaspersky researchers first disclosed details regarding the elusive gang's actions in 2022, despite the fact that it has been functioning since December 2020. ToddyCat is believed to be a Chinese-speaking gang, though its origins and ties are unknown.

Initially, the threat group targeted only certain organisations in Taiwan and Vietnam. When the ProxyLogon vulnerabilities in Microsoft Exchange Server were discovered in early 2021, it broadened the scope of its operations, now targeting multiple European and Asian organisations. 

ToddyCat upgraded its tools and strategies in 2023, and launched a long-running attack against government entities and telecom providers in multiple Asian countries. 

In Kaspersky's most recent review of the group, published last week, researchers Andrey Gunkin, Alexander Fedotov, and Natalya Shornikova explained the techniques the gang had lately been seen employing to exfiltrate massive volumes of data. 

“During the observation period, we noted that this group stole data on an industrial scale,” researchers explained. “To collect large volumes of data from many hosts, attackers need to automate the data harvesting process as much as possible, and provide several alternative means to continuously access and monitor systems they attack.”

One of the group's attacks was its predilection for creating many tunnels with various tools to gain access to the infrastructure of the organisations it targeted. This allowed the gang to continue using the compromised systems even after one of the tunnels was identified and eliminated, according to the experts.

ToddyCat used reverse SSH tunnels to get access to remote network services. The gang also employed SoftEther VPN, an open-source tool that allows for the establishment of VPN connections using a variety of popular protocols.

“In virtually every case we observed, the attackers renamed vpnserver_x64.exe to hide its purpose in the infected system,” the researchers added. “To transfer the tools to victim hosts, the attackers used their standard technique of copying files through shared resources, and downloaded files from remote resources using the curl utility.” 

To protect against the gang, the researchers advised defenders to add the resources and IP addresses of cloud providers that allow traffic tunnelling to their firewall deny lists. The researchers also recommended limiting the tools administrators can use to remotely access hosts.
Read more »
Windows 10
Content Censorship Digital Platform Microsoft Online Streaming Vulnerabilities and Exploits Windows 10

Unveiling Vulnerabilities in Microsoft PlayReady DRM: Impact on Streaming Platforms

 

In a meticulous research endeavor, Security Explorations, a division of AG Security Research, embarked on an exhaustive analysis of Microsoft's Warbird and Protected Media Path (PMP) technologies. The culmination of this investigation has unearthed critical deficiencies within the security architecture of Microsoft's PlayReady Digital Rights Management (DRM) system, posing profound implications for content security across a spectrum of streaming platforms. 

At the core of Microsoft's content protection ecosystem lies Protected Media Path (PMP), an amalgamation of cryptographic protocols, code integrity checks, and authentication mechanisms designed to fortify content security within Windows OS environments. In tandem, Microsoft Warbird endeavors to erect formidable barriers against reverse engineering attempts, encrypting and obfuscating binaries to thwart unauthorized access. 

However, despite the multifaceted security measures embedded within these technologies, Security Explorations' research has illuminated vulnerabilities within PMP components. These vulnerabilities lay bare the underbelly of Microsoft's DRM infrastructure, allowing for the extraction of plaintext content keys essential for the decryption of high-definition content. The ramifications of such exploits extend far and wide, implicating prominent streaming platforms including Canal+ Online, Netflix, HBO Max, Amazon Prime Video, and Sky Showtime. 

Of particular concern is the vulnerability's prevalence on Windows 10 systems lacking Hardware DRM capability, a demographic constituting a significant portion of the user base due to compatibility constraints with Windows 11. The exploitation of Software DRM implementations prevalent in these environments underscores the urgent need for remedial action. While Microsoft's PlayReady team has been apprised of these findings, Security Explorations has refrained from disclosing detailed technical information through the MSRC channel, citing proprietary concerns and the imperative to safeguard intellectual property. 

Beyond the immediate ramifications for individual platforms, the research underscores broader implications for the content security landscape. With the burgeoning digital streaming industry valued at $544 billion, the imperative of ensuring robust DRM solutions cannot be overstated. The compromise of plaintext content keys not only imperils individual platforms but also undermines consumer trust and revenue streams, posing a systemic risk to the digital content ecosystem. 

Mitigating these vulnerabilities demands a concerted effort from industry stakeholders. Streaming platforms may consider transitioning to alternative DRM technologies or implementing interim safeguards to mitigate the risk of exploitation. However, the challenge lies in striking a delicate balance between security measures and user accessibility, ensuring seamless functionality without compromising content security. The research findings underscore the imperative for collaborative efforts between security researchers and industry stakeholders to fortify DRM ecosystems against evolving threats. 
Moreover, they highlight the pressing need for enhanced regulatory scrutiny and industry standards to bolster content security in the digital age. 

In light of these revelations, streaming platforms must reassess their security posture and implement robust measures to safeguard against unauthorized access and content piracy. Failure to address these vulnerabilities not only jeopardizes consumer confidence but also undermines the viability of streaming platforms in an increasingly interconnected world. As the digital landscape continues to evolve, proactive measures are indispensable to safeguarding content integrity and preserving the sanctity of digital content distribution channels. Only through collective vigilance and concerted action can the industry fortify itself against the ever-looming specter of security threats.
Read more »
UnitedHealth
Cyberattacks CyberCrime Cyberhacks Cybersecurity Data Breach Healthcare Personal Data UnitedHealth

Cyberattack Fallout: UnitedHealth Reveals Personal Data Breach Impact

 


As part of its ongoing data breach response, UnitedHealth Group has informed its subsidiaries, Change Healthcare, that they have recently experienced a data breach. Following the February cyberattack on its subsidiary Change Healthcare, UnitedHealth Group revealed on Monday that it had paid ransom to cyber threat actors to protect patient data. 

Additionally, the company confirmed that there was a breach of files with personal information that had been compromised. In the aftermath of the attack, Change Healthcare's payment processing service was affected, and other vital services such as prescription writing, payment processing, and insurance claims were adversely affected, affecting healthcare providers and pharmacies across the United States. 

It was reported that $872 million worth of financial damage had been sustained as a result of the cyberattack. On Monday, UnitedHealth Group announced that it had published an update about the status of its monitoring of the internet and dark web to determine if data had been leaked. The update was published along with leading external industry experts. 

There are many tools provided by Change Healthcare for managing the payment and revenue cycle. This company facilitates more than 15 billion transactions each year, and one in three patient records pass through the company's systems each year. 

UnitedHealth has revealed that 22 screenshots of compromised files, allegedly taken from the compromised files, had been uploaded to the dark web, which means even patients who are not UnitedHealth customers may have been affected by the attack. There has been no publication of any additional data by the company, and they have not seen any evidence that doctor's charts or full medical histories have been accessed in the breach. 

As part of its earlier ransomware attack on its subsidiary, Change Healthcare, UnitedHealth Group has revealed that the company has suffered a significant breach that has exposed private healthcare data from "substantially a quarter" of Americans. The Change Healthcare Group manages the insurance and billing for hospitals, pharmacies, and medical practices in the U.S. healthcare industry, which offers extensive health data on approximately half of all Americans, as well as providing insurance services to numerous hospitals, pharmacies, and medical practices. 

Considering the complexity and ongoing nature of the data review, it is likely to take several months to be able to identify and notify individuals and customers who have been affected by the situation. Rather than waiting until the completion of the data analysis process for the company to provide support and robust protections, the company is immediately providing support and robust protections as part of its ongoing collaboration with leading industry experts to analyze the data involved in this cyberattack. 

In May, The Record reported that UnitedHealth Group's CEO Andrew Witty will be expected to testify before a House panel regarding the ransomware attack. Two representatives of the House Subcommittee on Health testified at the hearing last week about the cyberattack. UnitedHealth Group failed to make anyone available during the hearing. 

UnitedHealth Group reported in March that it had spent $22 million on recovering data and systems encrypted by the Blackcat ransomware gang after paying the ransom. As a result of their attack on UnitedHealth in 2008, BlackCat was accused by a member of the gang known as "Notchy" of cheating them out of their ransom payment because they had UnitedHealth data. After all, they had conducted the attack and BlackCat had fallen into their trap. 

It was confirmed by researchers that the transaction was visible on the Bitcoin blockchain and that it had reached a wallet used by BlackCat hackers at the time the transaction was reported. The U.S. government launched an investigation about a week after the ransomware attack on Optum, investigating whether or not any health data had been stolen. 

On February 21, 2018, a cyberattack hit Change Healthcare, a subsidiary of UnitedHealth Group that is owned by Optum, a company that is a subsidiary of Optum. Due to this downtime, hospitals and physician groups across the country were unable to receive their claims payments from the company. Change has been working to restore connectivity to the provider network; however, delays in the submission and receipt of payments continue to affect provider revenue, despite the improvement in connectivity. 

There was "strong progress" being made by UnitedHealth in the restoration of its Change services during its status update on Monday. After the cyberattack on Change Healthcare, UnitedHealth Group has been vigilantly monitoring the internet and dark web to ensure that any sensitive data has not been exposed further on the internet and dark web. 

There has been an increase in external cybersecurity experts that the company has enlisted to enhance its monitoring capabilities. The company has also developed a group of advanced monitoring tools that search continuously for evidence of data misuse on the Internet and dark web, which allows it to identify and take action quickly when there is any evidence. 

UnitedHealth Group has developed expert cybersecurity partnerships which are intended to mitigate data breaches by collaborating with cybersecurity professionals. Furthermore, UnitedHealth Group's law enforcement and regulatory agencies, as well as other regulatory bodies, are constantly communicating with and cooperating with UnitedHealth Group.
Read more »
Threat actor
CD Projekt data Cisco breach Cyber Security Cybersecurity Dark Web Data Leak digital decryption keys HelloGookie rebrand HelloKitty ransomware Threat actor

HelloKitty Ransomware Renames to 'HelloGookie,' Unveils CD Projekt and Cisco Data

 

The operator behind the HelloKitty ransomware has rebranded it as 'HelloGookie,' with passwords for previously leaked CD Projekt source code, Cisco network data, and decryption keys from earlier attacks being released.

Identified as 'Gookee/kapuchin0,' the threat actor claims to be the original creator of the now-defunct HelloKitty ransomware, coinciding the rebranding with the launch of a new dark web portal for HelloGookie. To mark the occasion, four private decryption keys were disclosed, enabling the recovery of files from previous attacks, alongside internal data stolen from Cisco in 2022 and passwords for leaked CD Projekt source code.

Developers have already utilized the leaked Witcher 3 source code to compile the game, showcasing screenshots and videos of development builds. The leaked source code contains binaries to launch a developer build of Witcher 3, with efforts underway to compile the game from the source.

HelloKitty, initially launched in November 2020, garnered attention for targeting corporate networks, encrypting systems, and stealing data. Notably, the ransomware group breached CD Projekt Red in February 2021, encrypting servers and pilfering source code, including for Witcher 3.

In 2022, Yanluowang's data leak site was allegedly hacked, revealing conversations linking the group closely to the HelloKitty developer. Gookee/kapuchin0 subsequently leaked the HelloKitty builder and source code, signaling the end of operations. However, rebranded as HelloGookie, the threat actor has not disclosed new victims or evidence of recent attacks but released stolen data from prior breaches.

The leaked data includes NTLM hashes from Cisco's breach, indicating a closer relationship between HelloGookie and Yanluowang. Cisco acknowledged the incident, referring to a 2022 blog post by Cisco Talos detailing the security breach.

The future success and notoriety of HelloGookie remain uncertain, contrasting with the operational achievements of HelloKitty.
Read more »
Social Engineering
AI Cyber Attacks Hackers Intelligence Social Engineering

Where Hackers Find Your Weak Spots: A Closer Look


Social engineering is one of the most common attack vectors used by cyber criminals to enter companies. These manipulative attacks often occur in four stages: 

  1. Info stealing from targets
  2. Building relationships with target and earning trust
  3. Exploitation: Convincing the target to take an action
  4. Execution: Collected info is used to launch attack 

Five Intelligence Sources

So, how do attackers collect information about their targets? Cybercriminals can employ five types of intelligence to obtain and analyze information about their targets. They are:

1. OSINT (open-source intelligence)

OSINT is a hacking technique used to gather and evaluate publicly available information about organizations and their employees. 

OSINT technologies can help threat actors learn about their target's IT and security infrastructure, exploitable assets including open ports and email addresses, IP addresses, vulnerabilities in websites, servers, and IoT (Internet of Things) devices, leaked or stolen passwords, and more. Attackers use this information to conduct social engineering assaults.

2. Social media intelligence (SOCMINT)

Although SOCMINT is a subset of OSINT, it is worth mentioning. Most people freely provide personal and professional information about themselves on major social networking sites, including their headshot, interests and hobbies, family, friends, and connections, where they live and work, current job positions, and a variety of other characteristics. 

Attackers can use SOCINT software like Social Analyzer, Whatsmyname, and NameCheckup.com to filter social media activity and information about individuals to create tailored social engineering frauds. 

3. ADINT (Advertising Intelligence)

Assume you download a free chess app for your phone. A tiny section of the app displays location-based adverts from sponsors and event organizers, informing users about local players, events, and chess meetups. 

When this ad is displayed, the app sends certain information about the user to the advertising exchange service, such as IP addresses, the operating system in use (iOS or Android), the name of the mobile phone carrier, the user's screen resolution, GPS coordinates, etc. 

Ad exchanges typically keep and process this information to serve appropriate adverts depending on user interests, behavior, and geography. Ad exchanges also sell this vital information. 

4. DARKINT (Dark Web Intelligence)

The Dark Web is a billion-dollar illegal marketplace that trades corporate espionage services, DIY ransomware kits, drugs and weapons, human trafficking, and so on. The Dark Web sells billions of stolen records, including personally identifiable information, healthcare records, financial and transaction data, corporate data, and compromised credentials. 

Threat actors can buy off-the-shelf data and use it for social engineering campaigns. They can even hire professionals to socially engineer people on their behalf or identify hidden vulnerabilities in target businesses. In addition, there are hidden internet forums and instant messaging services (such as Telegram) where people can learn more about possible targets. 

5. AI-INT (artificial intelligence)

In addition to the five basic disciplines, some analysts refer to AI as the sixth intelligence discipline. With recent breakthroughs in generative AI technologies, such as Google Gemini and ChatGPT, it's easy to envisage fraudsters using AI tools to collect, ingest, process, and filter information about their targets. 

Threat researchers have already reported the appearance of dangerous AI-based tools on Dark Web forums such as FraudGPT and WormGPT. Such technologies can greatly reduce social engineers' research time while also providing actionable information to help them carry out social engineering projects. 

What Can Businesses Do to Prevent Social Engineering Attacks?

All social engineering assaults are rooted in information and its negligent treatment. Businesses and employees who can limit their information exposure will significantly lessen their vulnerability to social engineering attacks. Here's how.

Monthly training: Use phishing simulators and classroom training to teach employees not to disclose sensitive or personal information about themselves, their families, coworkers, or the organization.

Draft AI-use policies: Make it plain to employees what constitutes acceptable and unacceptable online activity. For example, it is unacceptable to prompt ChatGPT with a line of code or private data, as well as to respond to strange or questionable queries without sufficient verification.

Utilize the same tools that hackers use: Use the same intelligence sources mentioned above to proactively determine how much information about your firm, its people, and its infrastructure is available online. Create a continuous procedure to decrease this exposure.

Good cybersecurity hygiene begins with addressing the fundamental issues. Social engineering and poor decision-making are to blame for 80% to 90% of all cyberattacks. Organizations must prioritize two objectives: limiting information exposure and managing human behavior through training exercises and education. Organizations can dramatically lower their threat exposure and its possible downstream impact by focusing on these two areas.

Read more »
Web browser
Android Phone Cyber Security fast removal junk files Safety SEO-friendly Web browser

Here's How to Remove Unnecessary Files from Your Android Phone's Web Browser

 

The web browser on your Android phone collects a significant amount of data from the websites you visit, much of which is unnecessary to keep on your device. Regardless of whether you use Google Chrome, Mozilla Firefox, or Samsung Internet, this data, stored in cookies and cache, serves various purposes, such as enabling faster website loading and maintaining login sessions. However, a considerable portion of this data is superfluous and poses privacy risks.

Frequent clearing of your browser's cookies and cache is advisable due to the accumulation of unnecessary data, including transient junk and active tracking mechanisms from websites. These trackers often contribute to targeted advertising, where your browsing history influences the ads you encounter. For instance, after browsing online stores, you might notice advertisements tailored to your recent activities, like offers for eyeglasses or reminders of items in your shopping cart on Amazon.

Regularly clearing your cache helps eliminate unwanted data from your phone, especially if there are unidentified data trackers among your browser's cookies. Though clearing your cache may require you to log back into some websites, it's a minor inconvenience compared to the benefits of maintaining your phone's cleanliness and privacy.

The process for clearing cookies and cache varies depending on your phone's model and the web browser app you use. For Google Chrome, Samsung Internet, and Mozilla Firefox on Android devices, specific steps can be followed to clear this data effectively.

In Google Chrome, access the option to clear browsing data through the More menu or the Settings menu. For Samsung Internet, you can clear browsing data within the app or through your phone's Settings app, with options to delete various types of data, including cache and cookies. Mozilla Firefox offers extensive options for clearing browsing data, allowing users to delete specific types of data such as open tabs, browsing history, site permissions, and downloads, in addition to cookies and cached images and files. Additionally, Firefox provides an option to automatically delete browsing data upon quitting the app, enhancing privacy.

Both Chrome and Firefox offer basic and advanced settings for clearing browsing data, including options to specify the time range for deletion and to delete saved passwords and autofill form data. Chrome may prompt users regarding the importance of certain websites before clearing data, providing an opportunity to confirm the action.

Regularly clearing cookies and cache in your Android web browser is essential for maintaining privacy and optimizing device performance.
Read more »
NHS
Cyberattacks CyberCrime Cyberhackers CyberThreat Dark Web Data Breach Data Records Galloway Medical Files NHS

Dark Web Nightmare: Scots NHS Patient Data Breach Exposes Medical Files

 


Following a major data breach at NHS Dumfries and Galloway, patients can access their private medical records online with just a few clicks. It has been reported that an extremely large amount of data has been stolen from the NHS by a group known as INC Ransom. 

To keep this vast amount of personal information confidential, the group demanded a ransom and then uploaded a massive amount of information to the dark web. As a result of the cyber attack on NHS Dumfries and Galloway in March, the data of its victims has now been released onto the dark web. NHS Scotland advised potential victims to remain vigilant about cyber attacks. 

Nevertheless, the media reports claim that a search on the dark web resulted in personal information about six patients, including a disabled child aged 10 and an 81-year-old man who was disabled. In addition to providing patients' names and dates of birth, the documents also include their home addresses and even their personal email addresses, details of the patient's life and medical history, test results, and private disclosures about their condition that were made to physicians. 

In response to the Sunday Mail report, NHS Dumfries and Galloway confirmed to the newspaper that patients have been informed, but they don't know what files the hackers have or how many more individuals have been compromised. Using the dark web, cybercriminals released documents that proved they had hacked the NHS system that were easily accessed by the Sunday Mail. 

There are some of the most personal details about six patients, including an 81-year-old man who was disabled at the age of 10 and a disabled 10-year-old girl. Furthermore, the documents reveal the patient's name and date of birth, in addition to their unique numerical identifiers called CHI numbers. It also gives their home addresses, as well as one person's e-mail address.

Furthermore, they contain intimate details regarding people's lives and medical histories, as well as test results, which are disclosed to doctors privately. According to the Sunday Mail, NHS Dumfries and Galloway has informed six patients that their data has been stolen, but they have no idea how many more have been affected or what files they have on hand.

As deputy leader of Labour, Jackie Baillie asked Health Secretary Neil Gray to explain how the breach occurred and what measures are being taken to prevent it in other health boards As a result of the breach, experts warn that the people whose personal information was compromised may be vulnerable to identity theft and other kinds of fraud. Managing director of the Cybersecurity Research Centre at Abertay University, Professor Lynne Coventry, said, "Health records can contain sensitive health information as well as financial information, making them more valuable than financial records." 

As a result of the data breach, thousands of people may potentially be affected, but authorities are not yet sure how significant it will be. There have been several calls for transparency from the NHS regarding the breach, and Patrick McGuire, partner at Thompsons Solicitors, says the NHS needs to provide support to those who were affected by the breach. 

McGuire also claimed that the NHS could be faced with significant legal claims from individuals whose personal information was exposed. This has got to be one of Scotland's biggest data breaches, possibly even the whole of Scotland. McGuire stated that the amount of information is enormous. The Scottish Conservative party's health spokesman, Dr Sandesh Gulhane, has stated that those whose information has been stolen are likely to seek financial compensation and that defending these claims could prove to be a significant challenge. 

During his interview with the press, Mr Gray revealed that he must take responsibility for the mitigation of the damage and prevent future attacks by explaining to the public what actions are being taken to mitigate these damages. As a result of the scale of the attack, it is difficult for NHS Dumfries and Galloway to determine exactly what data the hackers could access or how many individuals might be impacted. Police Scotland has confirmed that an investigation is ongoing. 

According to the health board, the six patients whose information had already been published online have already been contacted. Moreover, the NHS Scotland regional board has reported that no disruptions were reported to patient-facing services due to the cyber incident and that normal operations continued. 

According to the Scottish government, the cyber attack targeted NHS Dumfries and Galloway and no further incidents have been reported across NHS Scotland as a result of the cyber attack. The company has been around since July 2023, when it appeared on the scene. Numerous organizations, including healthcare institutions, have been indiscriminately targeted by ransomware. 

The group obtains access to the enterprise via phishing emails and exploiting vulnerabilities in software resulting in exploitation of Citrix NetScaler vulnerability CVE-20233519. Using TOR, it communicates with its victims over a TOR-based portal and tracks payments using a unique ID code that is at the heart of every payment.
Read more »
Transactions
Bengaluru Cyber Crime Scam Stock market Transactions

Stock Market Scam in Bengaluru: Businessman Loses Rs 5.2 Crore



In a recent cybercrime incident, a 52-year-old businessman from Bengaluru fell victim to a stock market scam, losing a staggering Rs 5.2 crore. The victim, referred to as Sharath for anonymity, reported the incident to the cybercrime police on April 8. According to his account, the ordeal began when he received a WhatsApp message on March 11 promoting stock market investments with promises of high returns. Despite refraining from clicking the accompanying link, Sharath found himself involuntarily added to a WhatsApp group named "Y-5 Ever Core Financial Leader," boasting around 160 members.

Subsequently, Sharath received numerous calls from unidentified numbers, urging him to download an application linked to the investment scheme. Initially resistant, Sharath eventually succumbed to the persuasion tactics employed by the fraudsters and downloaded the app. Under the guidance of the perpetrators, Sharath began purchasing stocks facilitated by multiple accounts provided by the fraudsters. Assured that his funds were being invested in the stock market, Sharath transferred a staggering Rs 5.2 crore to five designated accounts by April 2.

Despite his growing suspicions, Sharath's attempts to withdraw profits or reclaim some of his invested capital for further investments were thwarted by the fraudsters. It was only then that he realised he had fallen victim to a scam. In response to the complaint, authorities have initiated legal proceedings under the IT Act, with ongoing investigations. Efforts have been made to freeze the funds in the fraudsters' accounts in collaboration with bank officials, raising hopes for potential recovery of some of the lost money, as confirmed by a senior police official.

Senior Citizen Scammed: Woman Loses Rs 6 Lakh

In another distressing incident, a 61-year-old woman fell prey to cybercriminals impersonating Delhi police and Customs officials. Exploiting her fear, the fraudsters falsely accused her of drug smuggling and money laundering, coaxing her to transfer Rs 6.56 lakh. Manipulating her trust, they provided fake validation procedures, leading to her significant loss.

These incidents serve as stark reminders of the growing tactics of cybercrime and the importance of caution while engaging in online transactions. Authorities urge the public to exercise caution and scepticism when encountering unsolicited investment opportunities or suspicious requests for financial transactions. As investigations continue into these cases, efforts to combat cybercrime through deliberate security measures and real-time data sharing remain imperative to safeguard individuals and businesses from falling prey to such fraudulent schemes.


Read more »
VPM
Child pornography Extortion Honeytrap malware VPM

Malware Author Lures Child Abusers Into Honeytrap to Extort Them

 

You rarely root for online criminals, but a new malware campaign targeting child exploiters does not make you feel awful about the victims. 

Since 2012, threat actors have developed a range of malware and ransomware that impersonate government agencies and earn affected Windows users that they are seeing CSAM. The software informs users that they must pay a "penalty" to keep their information from being transferred to law enforcement. 

One of the first "modern" ransomware operations, known as Anti-Child Porn Spam Protection or ACCDFISA, used this extortion strategy in conjunction with initially locking Windows systems and eventually encrypting files. 

Similar extortion techniques were used by cybersecurity researcher MalwareHunterTeam to share an executable malware sample named "CryptVPN" [VirusTotal] with BleepingComputer last week. This time, though, the malware creator is going after people who actively seek child pornography rather than innocent people. 

Security specialists investigated the malware and discovered that threat actors posed as UsenetClub, a subscription service that allows users to download films and images from Usenet with "uncensored" access.

Usenet is an online discussion platform that allows users to discuss different topics in "newsgroups" to which they have subscribed. While Usenet is used for valid discussion of a variety of topics, it is also a notorious source of child pornography.

Threat actors designed a fraudulent site pretending to be UsenetClub and offered three subscription tiers for the site's content. The first two were paid subscriptions, ranging from $69.99 per month to $279.99 annually. However, a third option claimed to allow free access if you install and employ the free "CryptVPN" software to access the site. 

Clicking the "Download & Install" button will download a CryptVPN.zip file from the website, which when unpacked will contain a Windows shortcut called "CLICK-HERE-TO-INSTALL". 

This file is a shortcut to the PowerShell.exe executable that downloads and saves the CryptVPN.exe executable to C:\Windows\Tasks.exe before executing it. The malware executable is packaged with UPX, however when unpacked, it contains a PDB string indicating that the creator titled the malware "PedoRansom". 

The malware does nothing uncharacteristic except change the target's wallpaper to an extortion demand and drop a ransom note named README.TXT on the desktop, which includes similar extortion demands. 

"You were searching for child exploitation and/or child sexual abuse material. You were stupid enough to get hacked," reads the extortion demand. "We have collected all your information, now you must pay us a ransom or your life is over.”

The extortion goes on to say that the victim must pay $500 to the bc1q4zfspf0s2gfmuu8h5k0679sxgxjkd7aj5e6qyl Bitcoin address within ten days or their identity will be leaked. Currently, this bitcoin address has only received roughly $86 in payments. 

Threat actors have long used "sextortion" strategies, such as sending bulk emails to a large number of people in an attempt to scare them into paying an extortion demand. 

These approaches worked very well at first, with spammers extorting more than $50,000 per week during the early operations. However, as time passes and the victims of these frauds become more aware, sextortion operations no longer yield the same money. 

While this strategy is more innovative and will scare many individuals looking for this type of stuff, we doubt many people will pay the extortion demand.
Read more »
Identity Theft
Customer Information cyber attack Data Breach Data Leak data security Experian Identity Theft

Wells Fargo Data Breach: Safeguarding Customer Information in a Digital Age

 

In a digital age where data breaches have become all too common, the recent disclosure of a data breach at Wells Fargo, a prominent multinational financial services corporation, has once again brought cybersecurity concerns to the forefront. The breach, impacting the personal information of two clients, underscores the challenges faced by financial institutions in safeguarding sensitive data and maintaining customer trust. 

The breach exposed clients' names and mortgage account numbers, raising significant concerns about the security of personal information within the financial services sector. According to Wells Fargo, the breach was not the result of a cyberattack but rather an employee breaching company policy by transferring information to a personal account. While the exact timeline and duration of unauthorized access remain unclear, Wells Fargo has taken swift action to address the situation and mitigate risks to affected individuals. 

In response to the breach, Wells Fargo has prioritized the welfare of its customers and has taken proactive steps to assist those impacted. The company has offered complimentary two-year subscriptions to Experian IdentityWorks5M, a comprehensive identity theft detection service. This includes daily monitoring of credit reports, internet surveillance to monitor identity-related activity, and full-service identity restoration in the event of theft. Affected individuals are encouraged to activate their subscriptions within 60 days from the date printed on the notification letter, either online or by phone. The team is available via phone during specified hours and offers language assistance services for non-English speakers, as well as support for individuals with hearing or speech difficulties. 

While the specifics of the data breach are still under investigation, Wells Fargo remains committed to enhancing security measures and preventing similar incidents in the future. The breach serves as a stark reminder of the evolving nature of cyber threats and the importance of remaining vigilant in protecting sensitive information. This incident also highlights a recurring issue within the banking industry, as Wells Fargo is not the only financial institution to experience a data breach in recent months. 

In February 2024, Bank of America, another one of the Big Four Banks in North America, announced a data breach affecting its customers. The Bank of America data breach was attributed to a cyberattack targeting one of its service providers, Infosys McCamish Systems. 

As investigations into the breach continue, Wells Fargo reassures its customers of its unwavering commitment to security and vows to implement additional measures to safeguard customer information. Despite the challenges posed by cyber threats, Wells Fargo remains dedicated to maintaining customer trust and protecting sensitive data in an increasingly interconnected world.
Read more »
Retail Industry
Carpetright cyber attack Cyber Attacks Essex Hacking Retail Industry

Cyber Attack Hits UK's Carpetright, Affecting Customer Orders

 



Carpetright, an eminent flooring retailer in the UK, has fallen victim to a cyber attack, causing disruption to its operations and affecting hundreds of customer orders. Last week, hackers targeted the flooring specialist’s head office in Purfleet, Essex, by sending malware to gain unauthorised access. As a result, customers have been unable to place orders on the company's website or in any of its 400 shops since last Thursday, when systems were taken offline. A spokesperson for the retailer expressed regret for any inconvenience caused, stating, “We are not aware of any customer or colleague data being impacted by this incident and are currently conducting tests and resetting systems, with investigations ongoing.”

The malware infiltration prompted a response from Carpetright's IT security team, who took the drastic measure of taking the entire network offline to contain the threat and prevent further spread. As a result, essential systems crucial for day-to-day operations, including payroll information and employee booking portals, became inaccessible.

The consequences of the attack extended beyond the company's internal operations, as phone lines remained down, leaving customers unable to reach support. Despite the disruption, company officials assured stakeholders that no customer or colleague data had been compromised.


Rising Threat of Cyber Attacks

The cyber attack on Carpetright comes amidst a concerning trend, with recent surveys indicating a sharp increase in cyber attacks targeting British businesses. According to the findings, half of British businesses reported experiencing a cyber attack within the past year, marking a terrific uptick from previous years.


NHS Dumfries and Galloway and British Library Targeted

The incident at Carpetright follows similar cyber attacks on critical institutions, including NHS Dumfries and Galloway and the British Library. Last month, NHS Dumfries and Galloway fell victim to a ransomware attack orchestrated by the INC Ransom group, resulting in the unauthorised access of patient data. The breach raised concerns about patient confidentiality and highlighted the vulnerability of healthcare infrastructure to cyber threats.


In a separate incident, the British Library suffered a major technology outage following a cyber attack by the Rhysida ransomware group. The attack disrupted operations at the renowned research library and underlined the institution of cyber criminals targeting high-profile institutions.


Challenges Faced by Carpetright

The cyber attack compounds the challenges faced by Carpetright in contemporary times, as the company navigates a downturn in demand and heightened competition. Founded in 1988 by Philip Harris, Carpetright has weathered various storms over the years, including its delisting from the London Stock Exchange in 2019 following its acquisition by Meditor, a British hedge fund.


As Carpetright seeks to recover from the cyber attack and adapt to the unfolding market dynamics, its resilience and ability to innovate will be critical in ensuring its long-term viability amidst ongoing uncertainties, including the cost of living crisis impacting consumer behaviour.


Read more »
Zero-Day Vulnerabilities
Cyber Crime Ivanti VPN Exploitation State-Sponsored Threats Transparancy Zero-Day Vulnerabilities

MITRE Breach: State Hackers Exploit Ivanti Zero-Days


A state-backed hacking group successfully breached MITRE Corporation’s systems in January 2024 by exploiting two Ivanti VPN zero-day vulnerabilities. 

The incident was detected after suspicious activity was observed on MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network used for research and development. Fortunately, the breach did not impact MITRE’s core enterprise network or its partners’ systems.

The MITRE Corporation

The MITRE Corporation claims that in January 2024, a state-sponsored hacking organization infiltrated its systems by chaining two Ivanti VPN zero-days.

The issue was discovered when suspicious activity was noticed on MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaboration network for research and development.

So far, evidence gathered throughout the inquiry indicates that the breach had no impact on the organization's core enterprise network or the systems of its partners.

The Breach

MITRE has since alerted affected parties of the incident, contacted appropriate authorities, and is currently attempting to restore "operational alternatives."

"No organization is immune to this type of cyber attack, not even one that strives for the highest level of cybersecurity," MITRE CEO Jason Providakes stated on Friday.

MITRE CTO Charles Clancy and Cybersecurity Engineer Lex Crumpton noted in a separate advisory that the threat actors broke into one of MITRE's Virtual Private Networks (VPNs) by chaining two Ivanti Connect Secure zero-days.

They were also able to circumvent multi-factor authentication (MFA) barriers by exploiting session hijacking, which allowed them to travel laterally around the penetrated network's VMware architecture using a compromised administrator account.

Throughout the event, the hackers exploited a combination of sophisticated webshells and backdoors to gain access to compromised systems and harvest credentials.

Since early December, two security vulnerabilities, an authentication bypass (CVE-2023-46805) and a command injection (CVE-2024-21887), have been used to distribute several malware families for espionage objectives.

Global Impact

Mandiant tied these assaults to an advanced persistent threat (APT) known as UNC5221, while Volexity discovered evidence that Chinese state-sponsored hackers were using the two zero-days.

Volexity stated that Chinese hackers backdoored over 2,100 Ivanti appliances, gathering and stealing account and session data from compromised networks. The victims ranged in size from small firms to some of the world's largest organizations, including Fortune 500 companies in a variety of industries.

Because of their widespread exploitation and large attack surface, CISA issued this year's first emergency directive on January 19, instructing government agencies to mitigate the Ivanti zero-days immediately.

Read more »
Threat Landscape
Cyber Crime Financial Fraud India Indian Banks MHA Threat Landscape

Indian Banks Mull New Move for Faster Freezing of Scammers’ Accounts

 

Indian banks have proposed integrating their systems with the National Cybercrime Reporting Portal (NCRP), a division of the ministry of home affairs, which could enable a quicker freeze on fraudulent accounts in the wake of a cyberattack. 

This is intended to prevent those who commit cybercrimes and phishing attacks from swiftly transferring funds from a target's bank account to accounts with various banks before it is withdrawn or spent. This is a tactic employed by voice phishers and cyber shysters to make it more difficult for banks and law enforcement to recover the funds. 

“Banks, in consultation with cybercrime experts, have recommended API integration with the NCRP to reduce the average response time and quick updation of cases. So, the idea is to mark a lien and freeze a bank account automatically without manual intervention,” noted a banker. “An industry sub-group has suggested this to I4C,” said the person. 

I4C, or the Indian Cybercrime Coordination Centre, is an MHA programme that focuses on combating cybercrime and enhancing coordination between law enforcement agencies (LEAs) and institutions such as banks. NCRP is a vertical under I4C.

API, or 'application programming interface', enables two applications or systems to interact with one another without the need for human intervention. If there is an API between a system with specific data and another system that requires reporting, the two can communicate without the need for manual data entry. In the event of a cybercrime, such as a hacked internet banking account, API integration would allow for the quick transmission of fraud information to a central system or other banks. 

“Typically, money from the account where the fraud happens is moved to accounts with several banks. There is a far better chance of retrieving the amount if the information is available with the entire industry instantaneously. The time spent by Bank A awaiting an instruction from a LEA, then sending emails to bank B, C and D, or calling them up, to request a lien on the accounts where funds have gone, can be saved,” noted another banker.

The group has also advised that data on accounts identified as lien and freeze be made available to banks on a regular basis so that they can reconcile their records. 

In this respect, it has been observed that I4C may share a broad standard operating procedure directing banks to place bank accounts on hold, freeze or de-freeze them, and release funds to victims' bank accounts in cases reported to NCRP. Furthermore, it is believed that the nodal organisation should establish guidelines for communicating 'negative account or KYC details' so that accounts are not opened with the same demographics or KYC details as other banks.
Read more »
Technology
AI overrated ChatGPT ban life sciences industry Pharmas survey findings Technology

Survey Finds Two-Thirds of Leading Pharmas Restrict ChatGPT Usage, While Many in Life Sciences Industry Deem AI 'Overrated'

 

In the ongoing debate over the integration of artificial intelligence (AI) into various industries, the biopharmaceutical sector is taking a cautious approach. According to a recent survey conducted by ZoomRx among over 200 professionals in life sciences, more than half reported that their companies have prohibited the use of OpenAI's ChatGPT tool. 

This ban was particularly prevalent among the top 20 pharmaceutical companies, with 65% implementing it. Concerns about potential leaks of sensitive internal data to competitors drove these policies.

Andrew Yukawa, a product manager at ZoomRx, emphasized the delicate balance between the speculative benefits and recognized security risks associated with AI implementation in life sciences. He highlighted a past incident where a bug in ChatGPT led to a temporary shutdown, allowing some users to access others' chat history. This raised concerns that proprietary information could inadvertently become part of OpenAI's training dataset.

Despite the prevalence of bans, the survey revealed a lack of proactive measures beyond restrictions. Less than 60% of companies provided training or guidelines on the safe use of ChatGPT, though some indicated plans to do so in the future.

Nevertheless, despite the reservations and bans, many professionals in the life sciences sector are actively using ChatGPT. Over half of the respondents reported using it at least a few times per month, with a significant portion using it weekly or even daily.

While the survey participants expressed skepticism about AI's overhyped reputation, many companies are already leveraging AI technologies. Drug discovery emerged as the most common application, followed by personalized medicine, copywriting, and trial optimization. Cost savings were cited as the primary motivation for AI implementation, outweighing its perceived impact on revenue.

Despite the widespread adoption, concerns about data security and privacy persist. The majority of respondents expressed belief in AI's potential to enhance efficiency and effectiveness but also acknowledged significant concerns about its impact on data security and privacy.
Read more »
Ransomware Threat
2024 cyber crimes Chainalysis Coveware CVE CVE vulnerability Cyber Security Ransomware attack Ransomware Threat

Drop in ransomware payment, 2024 Q1 sees a record low of 28%

 

Ransomware actors have encountered a rocky start in 2024, as indicated by statistics from cybersecurity firm Coveware. Companies are increasingly refusing to acquiesce to extortion demands, resulting in a record low of only 28% of companies paying ransom in the first quarter of the year. This figure marks a notable decrease from the 29% reported in the previous quarter of 2023. Coveware's data underscores a consistent trend since early 2019, showing a diminishing rate of ransom payments. 

The decline in ransom payments can be attributed to several factors. Organizations are implementing more sophisticated protective measures to fortify their defenses against ransomware attacks. Additionally, mounting legal pressure discourages companies from capitulating to cybercriminals' financial demands. Moreover, ransomware operators frequently breach promises not to disclose or sell stolen data even after receiving payment, further eroding trust in the extortion process. 

Despite the decrease in the payment rate, the overall amount paid to ransomware actors has surged to unprecedented levels. According to a report by Chainalysis, ransomware payments reached a staggering $1.1 billion in the previous year. This surge in payments is fueled by ransomware gangs targeting a larger number of organizations and demanding higher ransom amounts to prevent the exposure of stolen data and provide victims with decryption keys. 

In the first quarter of 2024, Coveware reports a significant 32% quarter-over-quarter drop in the average ransom payment, which now stands at $381,980. Conversely, the median ransom payment has seen a 25% quarter-over-quarter increase, reaching $250,000. This simultaneous decrease in the average and rise in the median ransom payments suggest a shift towards more moderate ransom demands, with fewer high-value targets succumbing to extortion. Examining the initial infiltration methods used by ransomware operators reveals a rising number of cases where the method is unknown, accounting for nearly half of all reported cases in the first quarter of 2024. 

Among the identified methods, remote access and vulnerability exploitation play a significant role, with certain CVE flaws being widely exploited by ransomware operators. The recent disruption of the LockBit operation by the FBI has had a profound impact on the ransomware landscape, reflected in Coveware's attack statistics. This law enforcement action has not only disrupted major ransomware gangs but has also led to payment disputes and exit scams, such as those witnessed with BlackCat/ALPHV. 

 Furthermore, these law enforcement operations have eroded the confidence of ransomware affiliates in ransomware-as-a-service (RaaS) operators, prompting many affiliates to operate independently. Some affiliates have even opted to exit cybercrime altogether, fearing the increased risk of legal consequences and the potential loss of income. Amidst these developments, one ransomware strain stands out as particularly active: Akira. 

This strain has remained the most active ransomware in terms of attacks launched in the first quarter of the year, maintaining its position for nine consecutive months. According to the FBI, Akira is responsible for breaches in at least 250 organizations and has amassed $42 million in ransom payments. Implementing robust protective measures, staying informed about emerging threats, and fostering collaboration with law enforcement agencies are essential strategies for mitigating the risks posed by ransomware attacks and safeguarding sensitive data from malicious actors.
Read more »
Telegram
API Cyberattacks CyberCrime Cyberhackers Cybersecurity CyberThreat Data Breach Information Compromised Real American Voice SiegedSec Telegram

Data Breach at Real America’s Voice: User Information Compromised

 


In the past few weeks, a group of homosexual, furry hackers called SiegedSec has hacked the far-right media outlet Real America’s Voice, and they have taken it down. As well as hosting far-right commentators such as Steve Bannon and Charlie Kirk, the right-wing media outlet owned by Robert Sigg also plays host to conspiracy theories, such as COVID-19 misinformation, 2020 election conspiracy theories, QAnon, and transphobic content, as well as far-right commentators such as Steve Bannon and Charlie Kirk. 

This group announced on Monday that it had hacked the app of Real America's Voice, a right-wing media outlet, founded in 2020 and regularly featuring far-right activists such as Steve Bannon and Charlie Kirk, in an announcement posted to its Telegram channel. As well as spreading conspiracy theories and transphobic rhetoric, Real America's Voice is often attacked by SiegedSec, a hacker furry collective that has wreaked havoc on the outlet. 

As part of their release, they provided data on over 1,000 users of their app, along with information on hosts Charlie Kirk, Steve Bannon, and Ted Nugent, the latter who wrote a song about wanting to fuck a 13-year-old girl. This hacker was known for destroying Minnesota River Valley Church, which used $6,000 of money to buy inflatable sea lions. 

They were also known for destroying nuclear research facilities and demanding that they focus on cat girls to accomplish their goal. It has been reported that SiegedSec has released personal information about more than 1,200 users using the app, including their full names, telephone numbers, and email addresses, as part of its ongoing hacktivism campaign OpTransRights. Additionally, the group said that they removed the user's data from the app's API as well as its cloud storage system, as well as going poof on the files. 

SiegedSec wrote in their Telegram message about the optics of their actions in regards to the Real America's Voice leak as the company shared it with their followers. We have received concerns throughout the attacks that actions had been conducted against transphobic entities and that our attacks would be construed to label the LGBTQ+ community as ‘terrorists’ and ‘criminals,’ as the group stated. 

It’s important to realize that these types of people are always going to blame the LGBTQ+ community, no matter what we do. They’re going to look for ways to hate, they will not listen to reason, and they’re going to spread lies to discredit people who are different. Data reportedly deleted from the Amazon server included information about the network’s top shows, including those hosted by prominent right-wing figures like Charlie Kirk, Steve Bannon, and Ted Nugent, as well as the top shows on the network. 

There is no information available as to whether SiegedSec's actions resulted in any permanent damage to the organization. Initially launched last year after SiegedSec attacked government websites in five states over the policies regarding transgender healthcare, the #OpTransRights campaign has just been relaunched as a part of the group's recently relaunched #OpTransRights campaign. 

As a result of anti-transgender remarks made by the pastor of River Valley Church in Burnsville, Minnesota, SiegedSec hacked the church on April 1 and launched it again on April 1. SiegedSec also used the church's Amazon account to buy inflatable sea lions worth several thousand dollars worth of money using the church's Amazon account after the hack. 

This hack exposed private prayer requests from 15,000 users of the church's website. After doing that, SiegedSec went on to dox River Valley Church's pastor Rob Ketterling less than a week later. They also noted that in their statement on Monday, they expressed concern that such attacks would negatively impact the LGBTQ+ community.
Read more »
malware
Credential Darknet Data Theft Kaspersky malware

Rise In Cybercrime: Dark Web Fueling Credential Attacks

 


In an unsettling situation, cybercriminals are increasingly turning to credential theft as a lucrative business, aided by the rise of infostealer malware attacks. Over the past three years, these threat actors have capitalised on the opportunity, compromising millions of personal and corporate devices globally.

The Rise of Infostealer Malware

According to cybersecurity experts at Kaspersky, infostealer malware attacks have surged sevenfold in recent years, with over 10 million devices compromised in 2022 alone. These sophisticated attacks enable hackers to silently collect login credentials and sensitive data from devices, posing a significant cybersecurity threat.

The Lucrative Market for Stolen Credentials

The value of corporate credentials in the cybercrime market has soared, leading to a 643% increase in data theft attacks. Cybercriminals act as initial access brokers, stealing corporate credentials and selling them on dark web forums for substantial profits. Kaspersky researchers highlight various sales models, with prices starting at $10 per log file.

Emerging Dark Web Hubs

Darknet markets have become key enablers of cybercrime, facilitating the sale of stolen credentials and victim profiles to cybercriminal groups. Following the takedown of Genesis Market, new hubs like Kraken Market and DNM Aggregator have emerged, offering seamless payment options via crypto processors.

Regional Impact

Regions like the Asia-Pacific and Latin America have been particularly affected by credential stealing attacks, with millions of credentials stolen from countries like Brazil, India, Colombia, and Vietnam. In Australia, compromised credentials accounted for the majority of cybersecurity incidents, with compromised or stolen credentials implicated in 56% of all incidents.

The Role of Initial Access Brokers

The number of initial access brokers (IABs) operating worldwide has risen significantly, with the APAC region experiencing a particularly sharp increase. These brokers play a critical role in fueling cybercrime operations, selling access to corporate networks and facilitating activities like ransomware attacks.

Despite the perception of cyberattacks as complex operations, the reality is that many exploit the simplicity of credential vulnerabilities. According to the Cybersecurity and Infrastructure Security Agency (CISA), over half of government and critical infrastructure attacks leverage valid credentials, with stolen credentials implicated in 86% of breaches involving web-based platforms. Credential stuffing, a technique where attackers use stolen usernames and passwords on various websites, has become increasingly popular due to individuals' tendency to reuse login information for convenience. 

With cybercriminals exploiting vulnerabilities in corporate and personal networks, organisations and individuals must remain a step ahead to protect against this pervasive threat.




Read more »
Palestinian Hackers
Anonymous Hackers Cyber Attacks Data Leak IDF Palestinian Hackers

Anonymous Hackers Threaten To Publish IDF’s ‘Top Secret Projects’

 

The Anonymous hacker group has published a video claiming to have infiltrated Israel's military and stolen some of its "top secret" documents.

Two weeks after Israel's Justice Ministry admitted a cybersecurity breach that may have taken hundreds of gigabytes of data, the Anonymous hacker group claims to have hacked the Israel Defence Forces (IDF), a much more significant target. On April 18, Anonymous posted a video on X stating, "Today we want to introduce their terrorist army to the world, after hacking their justice ministry.” 

Given the nature of the fighting on the ground, the cyber aspect of the Gaza conflict has not garnered much attention. However, with the most recent escalation, Iran has come out from behind its proxies, and as a result, two of the most cyber-active nations in the world are now participating much more publicly. This includes unsubstantiated allegations made by an Iranian hacker group that they were able to break into Israeli radar systems. 

In contrast, Israel possesses offensive cyber capabilities much beyond anything Iran can produce, despite Tehran's continuous efforts to improve its capabilities. As a result, there will likely be a digital uptick as the ballistic engagement winds down. 

None of this is related to the more theatrical hacking charges levelled at Israel's military. Anonymous is best understood as an umbrella agenda, with self-proclaimed members starting and coordinating activities that are subsequently promoted. It would be incorrect to view this as a globally organised group with any sort of structure. The most recent claims appear to come from a pro-Palestinian group called Anonymous for Justice. 

The Jerusalem Post adds that "according to IDF security assessments, the likelihood of an actual breach is minimal..." The IDF's computer system is highly secure and classified at multiple levels." According to the Post, if there was a breach, the material was most likely "obtained from civilian computers." 

With a total of 20GB of data distributed across more than 230,000 files, the Anonymous video alleges that compromised material contains "the identity of the generals, military bases, military contracts and top secret projects." The hacking operation was "conducted with the assistance of certain freedom seekers from your army," the video further warns IDF.
Read more »
Subscribe to: Posts (Atom)