Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

India among the target nations for cyber attack: CERT

A new cyber threat targeting Internet-connected devices is spreading rapidly and could enable hackers to identify vulnerabilities and access users’ data or use their devices for criminal activities.

The Maharashtra Cyber Department is in the process of issuing a state-wide advisory outlining steps to prevent potential targets from falling prey after the New Delhi-based Computer Emergency Response Team (CERT) said it has received intelligence inputs about a massive cyber attack on several countries, including India. The CERT is the country’s central cybersecurity agency.

Malware Reaper is acquiring internet-connected devices, including WiFi routers, CCTV cameras and digital video recorders, for a coordinated attack, said state cyber police on Thursday. Reaper, the malware that is taking over millions of devices around the world, is a highly evolved and advanced malware.
The threat, which resembles last year’s widespread Dyn attack, one of the largest DDoS (distributed denial-of-service) attacks so far, has reportedly infected nearly two million devices around the world. It is gathering bots and taking over 10,000 devices connected to the internet per day. The number is “actively growing”. “As the threat continues to grow, it could cause devastating effects through DDOS attacks as seen in the Dyn incident.” Last October, a large scale DDoS attack hit United-States-based Domain Name Services (DNS) service provider Dyn, taking out many popular websites including Twitter, Netflix and PayPal.

In July 2016, small and medium Internet Service Providers were under attack from unknown parties, who were pinging their servers incessantly to the point where the servers crashed, denying service to their clients and causing loss of revenue.

Drawing a comparison to the Mirai malware that took over five lakh machines last year, Inspector General of Police Brijesh Singh, Maharashtra Cyber, said, “Mirai was programmed to only hack devices with a certain kind of vulnerability. Reaper is capable of identifying vulnerabilities in devices and coming up with ways to penetrate them based on these, which makes it much more dangerous.”

According to sources, the imminent DDOS attack, which is believed to be on a much larger scale, is being readied using malware known by two names, Reaper and IoTroop.
Read more »

Bad Rabbit Ransomware hits Ukraine and Russia



A number of State Institutions of Ukraine and Russia were attacked on Tuesday, October 24, by a new ransomware Bad Rabbit.

The Russian News Agency, the Ukrainian Ministry of Infrastructure, the Ukrainian State Aviation Service, Computer System of Ukranian Metropoliten, as well as information system of the International irport "Odessa" became victims of the virus. Most likely, the list of victims will be increased.
 
The attackers ask their victims to follow the link leading to the onion website. After that it automatically starts the time counter.

Hackers further demands to transfer them 0.05 BTC otherwise they will destroy all the encrypted information.

According to experts of the company Group-IB noted that attack was most likely prepared for several days. Specialists found 2 javascripts on the website of attackers, one of them was updated several days ago, on October 19.

In addition, security experts of companies ESET and Kaspersky Lab found that Malware is spreading through the fake file for Adobe Flash updates and users manually install themselves.

Specialist of Cyberintelligence Andrew Masalovich take this attack as politically unmotivated and pure extortion.

- Christina

 
Read more »

Guarding against North Korean Hacking attacks seems strenuous task

Cyber attacks against western countries from North Korea are seemingly impossible to stop. The cyber danger is far more severe than previously thought. Through its hacking attempts on western countries important Infrastructures, it surely has created panic and chaos in the country. Along with all important security systems and financial systems, hacking attacks have increased many folds on regular networks creating huge disorder and confusion among the people.
One of the important factors for North Korean hackers is the least risk of retaliation, the country is already facing growing list of Sanctions imposed on the state making it one of the most isolated country in the world. Thus, making North Korea least vulnerable for punishment or outcast from the other states.
Tracking the hackers and strengthening cyber defence mechanism is not easy to implement as most of the attacks do not originate from the North Korean soil. Lots of attacks originate from Malaysia, Nepal, Kenya, New  Zealand, China and other countries.
Severity Of the attacks can be assumed from the fact that last year North Korea was able to steal millions of dollars through ransomware.Last year a very popular attack "Wanna cry" affected almost 150  countries around the world and almost 200000 systems were infected including hospitals,  financial institutions, companies, security systems, blood banks, and other infrastructures around the world.  
The health sector in England and Scotland were badly affected.70,000 devices including computers, MRI  scanners, blood storage refrigerators and theatre equipment were hacked in National health services hospitals. Many of the ambulances were redirected and many non-emergency patients had to turn away.
There is one more famous attack on Sony Pictures Entertainment which disrupted the release of the movie  "The Interview" causing the company huge financial loss.
There have been increasing cyber attacks around the world and the large extent of accusation is directed to North Korea.

Not Only government infrastructures but also regular system users and companies are under threat of hacking. North Korean hackers have cracked several games and software and digital banks. In One of the cyber attacks on Tien Phong bank in Vietnam, hackers tried to steal $1.13 million.There was an attack on  South Korean Bitcoin Exchange and hackers were successful in stealing data of 30,000 customers, and bitcoin of worth $870,000.
Read more »

Reaper botnet leverages millions of IoT devices

Just in time for Halloween, a growing hacked device botnet named “Reaper” could put the internet in the dark.

“Botnets” consist of vast networks of thousands and even millions of computers that have been infected with malware, enslaving them to do someone else's bidding. They can be commanded — usually without their owners' knowledge — to provide the raw computing power to take down websites and launch further cyberattacks.

Reaper is on track to become one of the largest botnets recorded in recent years — and yet nobody seems to know what it will do or when. But researchers say the damage could be bigger than last year's cyberattack. The botnet has the potential to launch a devastating DDoS attack.

The botnet, dubbed “Reaper” by researchers at Netlab 360, is said to have ensnared almost two million internet-connected webcams, security cameras, routers and digital video recorders (DVRs) in the past month, researchers with the Israeli-based firm Check Point says — and the number is growing at a far faster pace than Mirai.

A little over a month ago, researchers at Check Point and Qihoo 360 came across a fast-growing Internet of Things (IoT) botnet, which the Qihoo researchers are calling the botnet IoT_reaper. Now, just weeks later, it's on track to become one of the largest botnets recorded in recent years.

“Our research suggests we are now experiencing the calm before an even more powerful storm,” they warned last week. “The next cyber hurricane is about to come.”

Reaper borrows some code from the Mirai botnet, with one key difference: it doesn't try to crack weak passwords -- it simply exploits IoT device vulnerabilities.

The Qihoo researchers say they're tracking multiple command and control (C2) servers for the botnet, just one of which is leveraging more than 10,000 active bot IP addresses per day.

At the same time, they note, “there are millions of potential vulnerable device IPs being queued into the C2 system waiting to be processed by an automatic loader than injects malicious code to the devices to expand the size of the botnet.”
Read more »

US critical infrastructure on risk

The US Department of Homeland Security (DHS) issued a warning last week about ongoing cyber attacks targeting critical national infrastructure, saying some networks and at least one power generator have been compromised.
Attacks have been targeting domain controllers and file and email servers of critical infrastructure systems, including organisations in the energy, nuclear, water, aviation, critical manufacturing sectors and government networks over the past five months or more, according to an alert on advanced persistent threat (APT) activity.
The report, issued by DHS and the Federal Bureau of Investigation (FBI) contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by APT actors on compromised victims’ networks.
The FBI and the DHS, which conducted the analysis, determined the attacks are part of an ongoing "multi-stage intrusion campaign." Attackers used spearphishing emails from compromised attacks to penetrate "low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector," U.S. CERT said in its October 20 alert.
Attackers typically gain access through peripheral third-party organizations such as suppliers that tend to have less secure networks.
Those networks then become "pivot points and malware repositories" for threat actors when attacking the intended victims. Once the intended victim's networks have been accessed, attackers implant remote control software on the systems with a focus on "identifying and browsing file servers," CERT wrote in its alert.
Which, in general, sounds like very old news. There have been warnings about such threats – espionage plus potential and actual cyberattacks – on US critical infrastructure, especially in the energy sector, for going on two decades.
Read more »
Information Security News
Information Security News

Sberbank created a phishing website for flowers delivery

The biggest Russian bank "Sberbank" created a phishing web site for ordering flower delivery to demonstrate how mobile device infection working when visiting a fake website created by cyber criminals.

Stanislav Kuznetsov, deputy Chairman of the Board of Sberbank, showed how such web sites are working on the conference in Sochi.

According to Stanislav, phishing is one of the most difficult types of fraud.  The fake website exactly copies the website you are used to seeing.  The fake site will claim it will provide free prize and tricks victims into providing the financial information including card number, PIN number.

Sometimes, the website also infects the victims devices with malicious software.  The Bank representative explained that in this way fraudsters have successfully accessed  to data on mobile devices, including personal messages.

Moreover, Stanislav Kuznetsov gave a lecture at the XIX World festival of youth and students, entitled "Cyber security — how to protect yourself in the world of cyber threats". According to him, the loss of the Russian companies and citizens from cyber attacks in two years will grow 4 times and will surpass the 1.5 trillion rubles (26 million $ or 1,7 trillion Rupee). Therefore, Sberbank developed for protecting against cyber threats a unique system of fraud monitoring, based on an artificial intelligence. With this technology, Sberbank detects 96-97% of fraudulent transactions.

- Christina

Read more »

The rising menace of botnet malware

Malware or malicious computer code has been around in some form or other for over 40 years, but the use of malware to take control of a group of computers that are then organized into something called a botnet is more a twenty-first century phenomenon.

The word botnet is made up of two words: bot and net. Bot is short for robot, a name we sometimes give to a computer that is infected by malicious software. Net comes from network, a group of systems that are linked together. People who write and operate malware cannot manually log onto every computer they have infected, instead they use botnets to manage a large number of infected systems, and do it automatically. A botnet is a network of infected computers, where the network is used by the malware to spread.

Botnets have been responsible for some of the most costly security incidents experienced during the last 10 years, so a lot of effort goes into defeating botnet malware and, when possible, shutting botnets down.

In a very short time, new rapidly expanding Internet of Things  (IoT) botnet malware, more complex and dangerous than the 2016 malicious Mirai bot that caused widespread outages in the US and beyond, has already compromised over a million devices.

In 2016, IoT worm named Mirai infected some 2.5 million gadgets worldwide, building botnets that sent unstoppable floods of junk traffic and took down major internet services including Spotify, Paypal and Reddit.

Mirai impacted IP cameras and internet routers by simply trying default login and password combinations on them. But the new and recently-discovered botnet, known as IoT Troop or, more commonly, Reaper, has evolved beyond that simple tactic — not just exploiting weak or default passwords on devices it infects — but using more sophisticated software-hacking techniques to break into insecure gadgets even after passwords have been changed.

According to Check Point, millions of IoT devices have already beeen enslaved, including routers and IP cameras manufactured by GoAhead, D-Link, TP-Link, Avtech, and others, and the bot continues to rapidly spread.

The device owners should check IoT manufacturer lists of affected gadgets and perform a factory reset on its firmware, if required.


Read more »

Cyber-attack hits Czech Parliament Election

A number of websites of Czech statistical office (CZSO) have reportedly subjected to DDoS (Distributed Denial of Service) attacks during the counting process of recent parliamentary elections.

The CZSO spokeswoman, Petra Bacova, told Sputnik Sunday, "The websites related to the parliamentary elections — volby.cz and volbyhned.cz — have temporarily failed to function due to DDoS attacks [Distributed Denial of Service] during the vote count on Saturday. These attacks have not affected the overall progress of the election."

The Czech National Cyber cell along with the police and Information Security Agency has already launched an investigation to look into the attacks.

"Thanks for the rapid response, the attacks on both aforementioned servers have been neutralized, while the work of the websites has been resumed," Bacova said.

The country held an election for their lower house of the parliament on Friday-Saturday. The election was won by centrist ANO political party with 29.64 percent of votes.

Read more »

Most of the organised cyber crime originates in Russia

The infrastructure of Northern Ireland has been suffered a "significant" number of online attacks for quite some time by hostile nations, UK's top cyber security agency has revealed.

CEO of National Cyber Security Centre (NCSC), Ciaran Martin, revealed on his two-day visit to Belfast, during his speech at Queen's University he briefed the permanent secretaries of Stormont departments.

During his interview with the Belfast Telegraph, he agreed that most of the cyberattacks cannot be stopped or are inevitable, but we can control the damage.

However, an Oxford University graduate explained: "We believe the aim is that they'll want to pre-position for times of tension, or they'll want to find out how systems work so that potentially they can compromise them in future. Attacks on critical infrastructure are going to happen - what's important is that they can't do as much harm as they might otherwise do."


Martin said: "The risk is there, I don't want to over-hype the risk, but in a digital economy like NI there are critical systems - the NHS, there will be power grids and so forth - so part of our job is to help the owners of those networks and make sure that if there is a large-scale very serious attack that it can only do a certain amount of damage and it can't paralyse the system. Part of the NCSC's job is, over time, to build in that resilience into the system so that large-scale damage is less likely.

"So a very serious attack is possible. I wouldn't say it's statistically more probable or less probable that it would happen in Northern Ireland than England or the Republic or somewhere else. What I would say with high confidence is that there is an everyday risk to the economy here from that sort of low sophistication, but highly prolific, set of attacks. There is always the potential for a very serious attack, and certainly, at a UK-wide level I think we expect a 'significant scale attack' in the next few years."

According to the agency, most of the organised cybercrime originates in eastern Europe, particularly Russia.

He continued: "Mostly you're just talking about low-level prolific tech where someone wants to steal a few hundred pounds, someone wants to hold a business to ransom, someone wants to steal a data set. It's just that corrosive, low-level damage where each individual attack is of no particular strategic significance, you add them all up and you've got a big problem and that's what we're trying to fix.

"The main source of cyber attacks are hostile foreign states and international criminal groups, they're not terrorist groups or paramilitary groups whether here in Northern Ireland or elsewhere. Paramilitary and terrorist groups across the world tend not to have very sophisticated cyber attack capabilities. It's mostly an organised criminal network, it may be under the sponsorship of the state, but it's a bunch of people sitting in cubicles looking at screens trying to do a large-scale attack."

Read more »

Vulnerabilities in Wifi security protocol

Security experts at Belgian University KU Leuven have discovered a weakness in WPA2, a wireless security protocol that is being used worldwide for internet connection over Wifi network.

The researchers have broken WPA2 protocol and have highlighted the potential for internet traffic to be exposed which can be manipulated by the hackers.

Mathy Vanhoef, a security expert at Belgian University published the details of security threats regarding WPA2 on Monday morning. “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.

Vanhoef emphasized that “the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”


According to the report, various devices and operating systems will be affected by the vulnerability including  Android, Apple, Linux, Windows, OpenBSD, MediaTek, Linksys.

“If your device supports wifi, it is most likely affected,” Vanhoef further added. “In general, any data or information that the victim transmits can be decrypted … Additionally, depending on the device
being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”


 Britain's National Cyber Security Centre  issued a statement saying they are examining the vulnerability .“Research has been published today into potential global weaknesses to wifi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.

“We are examining the research and will be providing guidance if required. Internet security is a key
NCSC priority and we continuously update our advice on issues such as wifi safety, device management and browser security.”

The United States Computer Emergency Readiness Team(CERT) have issued warning after the release of information regarding vulnerabilities in WPA2.

“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection
hijacking, HTTP content injection and others,” the alert further added “most or all correct implementations of the standard will be affected”.

Most of the connections use WPA2 security protocol as it is the safest, the older security protocols have been broken in the past and this was the most widespread means for encrypting wifi data. However Secure websites, Virtual Private networks and other secured connections will remain unaffected by these vulnerabilities as a added layer of security is provided in this communication.
The chief technical officer of subscription service Iron, Alex Hudson said that it is important to"keep calm" “There is a limited amount of physical security already on offer by wifi: an attack needs to be in proximity,”, “So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your threat level.

“Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an HTTPS site … your browser is negotiating a separate layer of encryption. Accessing secure websites over wifi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires the encryption WPA2 provides.”

The international Cert group has informed various Technology companies regarding vulnerabilities.



Read more »

Russia is ready to release cryptoruble

To recall that last Thursday the establishment of national cryptocurrency was commissioned by the Russian President Vladimir Putin. This week the Minister of Communications and Mass Media Nikolay Nikiforov stated at a closed meeting that Russia need immediately create national cryptocurrency.

He also noted that the national cryptocurrency will be traded internationally in the near future to get ahead of neighbors of the Eurasian Economic Union. Moreover, according to the Minister, after cryptoruble will be officially launched managed by Government all other cryptocurrency will be banned in the Russian Federation.

Firstly, it will not be possible to mine cryptoruble. Secondly, purchases and sales of cryptoruble will be taxed, this is 13% of personal income. Finally, it will not cause to automatic legalization of another cryptocurrency, for example, Bitcoin.

According to the Director of the Institute of Finance and Law Maksim Maramugin, Russian bureaucracy is fulfilling formally the mandate of Vladimir Putin. The President said them to do it and they did it. Creating national cruptocurrency that reflects only all the disadvantages of cryptocurrency will not make any positive changes in the economy.

- Christina

 
Read more »
Subscribe to: Comments (Atom)