Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Windows
Brute-force attack Cyber Security Microsoft Remote Desktop Protocol Windows

Cyber Attack Alert! Microsoft Gives Inside Revelations About RDP Brute Force Attacks


Microsoft conducted a long-term study, which majorly focused on RDP brute-force attacks, their success and the duration they last for.

Per sources, according to the reports of the study, over 0.8% of the RDP brute force attacks on an average last for about “2-3 days”. The study also revolved around the effect of such attacks on various business organizations.

Data from over 45,000 devices and workstations that ran “Microsoft Defender Advanced Threat Protection” (commercial version of the free Defender anti-virus app) was acquired in terms of RDP login related acts.

According to reports, both failed and successful attempts at RDP login was part of the data collected for the detailed study that spread across numerous months of dedication.

Reportedly, the aforementioned successful and failed events include Windows events with ID 4264 and 4265, correspondingly. The usernames that the attackers or users may have used were also collected.


Per sources, RDP, Remote Desktop Protocol happens to be a feature of the Windows operating system that enables the users to log into a “remote computer” or device by way of an interface that looks much like a desktop, by means of the computer’s public IP address and port 3389.

Businesses and organizations usually make use of RDP and its provisions to manage servers, workstations and other connected devices in remote areas. It’s easier for the administrators and employees alike to work that way.

Brute force attacks have been pretty common on Windows devices especially via open RDP ports. Automated tools that the hackers use help them to create various combinations of passwords and usernames to figure out the target computer’s RDP login details.

Simple and basic combinations stand at the top of the hit list. The password and usernames combinations that have previously been leaked on the dark web are also used the most.

Where on an average these brute force attacks last for 2 to 3 days, in 90% of the cases, as the reports have found out, the attacks last for around a week.

According to the study reports the attacks spread across days because the hackers were trying out selected combos per hour rather than blindly shooting combos.

This clearly helped the attackers dodge the chances of their attack Internet Protocols getting banned by the firewalls.

Microsoft, according to sources, also mentioned that “0.8% of the devices that were attacked by the brute-force attacks were compromised. Also, that on an average a machine was expected to have a high probability of being compromised leading to an RDP brute force attack every 3-4 days”.

Per sources it’s imperative to look for the following things in a sign-in attempt:
 Event ID 4625 login type
 number of other devices with RDP inbound connections from one or more of the same IP
 number of failed sign-ins
 Event ID 4625 failure reason
 The number count of a username and the times it failed to log in
 number of RDP inbound external IP
 an hour and the day of the failed sign-in
 RDP connections
 Timing of successful sign-in attempts

To secure your device from such attacks, it’s supremely essential to monitor unknown connections and failed sign-in attempts.


Read more »
Ukraine
Cyber Crime Cyber Crime Report Scam Ukraine

Ukrainian cyber police exposed a fraudulent scheme of financial auctions


Earlier EhackingNews reported that cyber police in the Kharkiv region exposed members of a criminal hacker group who purposefully carried out attacks on private organizations and individuals to illegally gain access to their remote servers. It is established that in this way they managed to hack more than 20 thousand servers around the world.

It turned out that in fact, the cyber police exposed a fraudulent scheme of financial auctions with a monthly turnover of $100 thousand.

According to cyber police, the attackers opened in Kiev several call centers to conduct trading on the world financial markets. They offered their victims to invest money, which in the future, according to them, can bring high profits. Otherwise, they promised to return the invested money.

Scammers created an imitation of trading, appropriating money for themselves. When the client tried to withdraw money, the attackers carried out a number of operations that led to the complete loss of money by the client.

All invested money was credited to the offshore accounts of the attackers. In the end, the income amounted to more than 100 thousand US dollars monthly. The attackers worked on the territory of Ukraine and the European Union. Cyber police identify all victims.

Law enforcement officers raided the offices of fraudsters and seized system units, servers, and mobile phones. During an inspection of this technique, it was found that the attackers also sold illegal drugs. Their sale was carried out in Ukraine and abroad via the Internet. Attackers face up to 12 years in prison and confiscation of property.

It is worth noting that fraud with Bank cards is gaining popularity in Ukraine. A fraudster who stole more than $42 thousand from his victims was detained last month. The man duplicated Bank cards of citizens. Imitating an ATM operation error, he used special manipulations to duplicate the card of the next user of the Bank.
Read more »
Windows
malware Ransomware Security News Windows

Clop Ransomware Upgraded, Now can Terminate 663 Windows Processes


In February 2019, Michael Gillespie from MalwareHunter Team founded Clop ransomware that has been evolving to reach its full potential and now a variant of the same can terminate a total of 663 Windows processes.

While it was first discovered, it did not demonstrate any unique quality which made it stand out amid other ransomware variants, it was merely another likewise addition in the ransomware ecosystem like others that existed since 2017. However, it has continued to take various forms since its discovery and is emerging with all new and integrated process killer that affects several processes of Windows 10 apps, office applications, programming IDEs, languages and text editors.

As per the sources, it was noted in March 2019, that the attackers behind Clop Ransomware started to target entire networks instead of individual systems, they changed the ransom note to imply the same. The same year also witnessed a sudden disruption in the services of Clop Ransomware wherein they abruptly changed and disabled services for Microsoft SQL Server, MySQL, Microsoft Exchange, BackupExec and other enterprise software.

In 2019, while warning the organizations and businesses regarding app-killing malware, the Federal Bureau of Investigation (FBI) reported that the ransomware threat now is even amplified as the attackers are continually upgrading themselves, they have devised ways to bypass detection and be more effective in their operations. Organizations are being warned by investigative agencies to keep abreast of such potential threats and build a security net to guard their systems.

While commenting on the matter, Abrams, editor-in-chief for Bleeping Computer said, "It is not known why some of these processes are terminated," Bleeping Computer editor-in-chief, Abrams, said, "especially ones like Calculator, Snagit, and SecureCRT, but it’s possible they want to encrypt configuration files used by some of these tools."

Meanwhile, in a conversation with SC Media UK, Javvad Malik, security awareness advocate at KnowBe4, told "Clop is a variant of the CryptoMix ransomware family, but has been evolving rapidly in the last year to disable an increasingly large number of windows processes,"

"The main goal of Clop is to encrypt all files in an enterprise and request a payment to receive a decryptor to decrypt all the affected files," read the McAfee report in August.

"To achieve this, we observed some new techniques being used by the author that we have not seen before. Clearly, over the last few months, we have seen more innovative techniques appearing in ransomware."

Read more »
Iranian hackers
Cyber Crime FBI Iranian hackers

Department Of Homeland Security Monitoring the Apparent Hack of a Government Website


The Federal Depository Library Program website, run by the Government Publishing Office recently fell victim to a hacking operation being referred to as "defacement" by a senior administration official.

The website makes federal government records and data accessible to the public, including an image that is speculated to have been the reason behind the hack. The website is offline and the Department of Homeland Security is now monitoring the whole situation.

Gary Somerset, the chief public relations officer for the US Government Publishing Office says, "An intrusion was detected on GPO's FDLP website, which has been taken down. GPO's other sites are fully operational. We are coordinating with the appropriate authorities to investigate further,"

Despite the fact that the authorities didn't comment on who could be behind the hack, the site on the fourth of January displayed a picture of President Donald Trump bleeding from his mouth with an Islamic Revolutionary Guard fist in his face.


The picture showed up alongside the claim that is a message from the Islamic Republic of Iran, and that the webpage was "Hacked by Iran Cyber Security Group Hackers." The text is in Arabic, Farsi, and English and passes on a message of support for "oppressed" people in the Middle East.

While Sara Sendek, a spokesperson for DHS's Cybersecurity and Infrastructure Security Agency further added, "We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners."

According to sources, the FBI is yet to comment on the matter.

Read more »
ransomware.
DeathRansom malware ransomware.

DeathRansom, started as a mere joke is now encrypting files!


A ransomware strain named DeathRansom, which was considered a joke earlier, evolved and is now capable of encrypting files, cyber-security firm Fortinet reports. This DeathRansom after becoming an actual malware, was backed by a solid distribution campaign and has been taking victims daily in the last two months.

 Initially considered a joke - didn't encrypt anything 

 When it was first reported in Nov 2019, the DeathRansom version didn't encrypt anything and was deemed a mere joke. The infection left a simple ransom note and even though some people fell for the scam and paid the ransom demand, it didn't do much anything else. All the user had to do was to remove the second extension from the file to regain access.

 Now, a new version is released that actually works and will encrypt your files! 

 The developers seems to have evolved the malware further with a solid encryption scheme that works as an actual ransomware. According to Fortinet, "the new DeathRansom strains use a complex combination of Curve25519 algorithm for the Elliptic Curve Diffie-Hellman (ECDH) key exchange scheme, Salsa20, RSA-2048, AES-256 ECB, and a simple block XOR algorithm to encrypt files."

 Researchers and security experts are searching leek ways and implementation faults in the ransomware.

 The DeathRansom Author

 Fortinet examined the DeathRansom source code and the websites distributing the malware payloads and were able to track down the ransomware author and developer. The developer is a malware operator linked to various cyber crimes campaigns over the past few years. Prior to DeathRansom, the malware operator used to infect users with multiple password stealers (Vidar, Azorult, Evrial, 1ms0rryStealer) and cryptocurrency miners (SupremeMiner).

 Fortinet linked these crimes to young Russian named Egor Nedugov, living in Aksay, a small Russian town near Rostov-on-Don. Fortinet said,"They are very confident they found the right man behind DeathRansom, and that they found even more online profiles from the same actor which they didn't include in their report."

 As of now, DeathRansom is being distributed through phishing emails. Fortinet says it's working on finding any faults in the encryption scheme of the ransomware and creating a free decrypter to help victims.
Read more »
Xiaomi
Camera Security Breach. Privacy Security Xiaomi

Privacy Alert! Xiaomi's Security Cameras Not All That Secure?


If you think that if you have a security camera at your home then you are safe, you are absolutely wrong to sleep on your chair so freely!

Xiaomi instantly hit headlines when one of its security cameras displayed stills of a man sleeping on a chair.

Xiaomi, the global giant known for its great products at a low price per reports, had launched a “Home Security Camera” earlier. With increase in the use of security cameras the aspect of privacy and security are still a major concern.

The Home Security Camera by Xiaomi which offers a 1080p recording, infrared night vision, AI motion detectors ad lots more apparently was too high-tech when it displayed pictures from other cameras from “Google Nest Hub”.


Reportedly, the issue surfaced when a user reported that his Xiaomi Security Camera displayed still images from someone else’s camera on the Google Nest Hub of “a man sleeping in his chair”.

Allegedly, the user mentioned that the firmware the “Nest hub” and the “Xiaomi Security Camera” were freshly bought and working on the version 3.5.1_00.66.

Google, as a result of this case disabled Xiaomi integrations on its devices. Users could link the Xiaomi Home Security Camera to their Google accounts and access the Nest devices via the Mi Home application.

Xiaomi immediately, stunned with Google’s response apparently, issued a statement mentioning that they had fixed the issue and that in fact the issue happened owing it to a “cache update”.

The update which was supposed to make the security cameras better in terms of improved streaming quality ended up displaying images “under poor network conditions”.

Per sources, the company cited that over 1000 users had the above mentioned “integrations” and only a “few” with tremendously poor network were majorly affected.

Eventually, the service got suspended by Xiaomi as it mentioned to Google, allegedly.

It goes without saying that the conditions in which this incident took place are extremely rare and the entire satiation is under investigation by the security team of Xiaomi and that the issue wouldn't occur at all if the cameras are linked to the Mi Home app.

Xiaomi also profoundly cited that for them, users’ privacy and security has always been paramount. The issue about the reception of still images while connecting to Mi Home Security Camera on Google Home hub is deeply regretted for. They also apologized for it profusely.



Read more »
Technology
Russia Sweden Technology

The Russian Embassy in Sweden responded to the Swedish Minister's statement about "Russian trolls"


The Russian Embassy in Sweden reacted to an interview with Swedish Minister of Energy and Information Technology Anders Igeman to the TT Agency, in which he said that "Russian trolls" who are opponents of 5G technology attacked his Facebook.

Russia is open for cooperation with Sweden, especially with those of its representatives who are not looking for "Russian trolls". The embassy of the Russian Federation in Sweden wrote about this on Tuesday on its Facebook page.

"We would like to assure the Minister of the fallacy of his opinion that the development of 5G technology in our country is associated with a negative impact on public health. On the contrary, we are open to cooperation with Swedish partners in this area, especially with those who do not suffer, as Anders Igeman, from paranoia in search of "Russian trolls"," said the Embassy.

Anders Igeman said on Monday that an information attack was committed on one of his posts on Facebook organized by opponents of the development of the country's fifth generation of mobile communication 5G. Almost 2 thousand comments were left to this message instead of several hundred. As the Minister himself noted, the content of most of the comments suggests that someone is interested in creating a negative information background around the topic of the development of a new generation of communication. Igeman believes that the "Russian trolls" did this.

"We are especially pleased that Anders Igeman connects the increased interest in his publication about 5G with our country. Judging by the scope of the reaction, almost all Russians who speak Swedish responded to the recent post of Minister!", wrote the representatives of the diplomatic mission.

The Embassy promised to subscribe to the updates of the Swedish Minister and to closely monitor his activity in social networks.

At the same time, representatives of the Embassy expressed hope that Sweden will consider Russia not a threat, but a potential partner.
Read more »
veterans.
Cyber Crime military personnel Scam veterans.

Military Personnel and Veterans - faced the worst hit by scammers loosing 405 Million dollars since 2012



It's easy to trick anyone in a financial scam but hackers and scammers found their favorite victims in militants and veterans. According to a new report analyzed by the Federal Trade Commission (FTC) and Better Business Bureau, nearly one million militants and veterans in the US have been conned of 405 million dollars in different scams since 2012.



The Losses
The loss by Army personnel accounts for up to 142 million dollars, this loss by Army personnel records up to 64% of the total loss in scams since 2012. This was followed by a loss by the Navy, losing 62 million dollars. Meanwhile, loss by Airforce and Marine stands at $44,257,654 and $24,976,528 respectively. Veterans also suffered great losses, 60% of the total loss.

The worst-hit states

The state Virginia was the most impacted, with the highest number of reports recorded standing at a number of 70,047. Most of these were duped by a retailer who tricked army personnel and veterans into paying $5 for legal protection.

Some of the prominent scams

Bank and lender scams were the highest, with a loss of 111,709,530 dollars. The next one and among the most common scam that conned veterans were the fraudulent employment variety. Such scams were reported for over 270,000 since 2012. In these cases, scammers send emails to new veterans offering them jobs as civilians.

They claimed of having the job offer on popular boards like LinkedIn. After hiring, they asked the newly appointed individual to buy equipment from a website (operated by fraudsters). The veterans were assured that they will receive the amount for the equipment back but to no avail.
Other scams reported during the last seven years included identity theft, imposter scams, and advanced payment for credit services.
Read more »
Technology
Internet isolation law Russia Technology

The Internet isolation law will save the Russian Federation from isolation from the World Wide Web


In 2019, Russia took a number of measures to ensure the security of the information sphere, which in recent years has become the main means of foreign intelligence services to spread lies. First Deputy Chairman of the Federation Council Committee on Foreign Affairs Vladimir Dzhabarov noted that Russia should ensure security in the cyber environment to exclude any possibility of using the global Network against the interests of the state.

"Now it is important not just to control, but to understand and prevent any attacks against the government. The upcoming year will be aimed at ensuring security in the field of IT technologies not only in Russia but also around the world," said the Senator.

He explained his point of view on the example of the law on the isolation of the Runet which came into force on November 1, 2019.

Dzhabarov stressed that the document was adopted not to isolate Russia from the World Wide Web, but to protect the Runet from external threats and various technological disasters that could endanger the reliable functioning of Russian life support systems. In other words, to ensure the independence of the Internet in the country.

“If we feel that we are being blocked, we will take retaliatory measures. We have many rivals. First, of course, the NATO countries, because everything depends on security,” the politician concluded.
In addition, there was a bill introduced by members of the Federation Council to the State Duma. The document proposes to block users of e-mail services and messengers that distribute information prohibited by Russian law. Such activities pose a direct threat to society and the state. Vivid examples are social networks such as Facebook and Twitter, which are the main sources of misinformation. The draft law is currently under consideration.

Earlier, the head of the National Values Protection Fund Alexander Malkevich said that Russia needs a cybersecurity strategy, and announced a forecast for the development of this sphere for 2020. He noted that the state has made a big step forward in countering cyber attacks, but there is still much to do. In his opinion, all the relevant structures should unite to repel any attacks on the cyber borders of the Russian Federation.
Read more »
Shitcoin Wallet
Chrome Extension Crypto Wallets Cyber Fraud Google Chrome Shitcoin Wallet

Google Chrome Extension, Shitcoin Wallet found stealing passwords and crypto-wallet keys


MyCrypto platform reported that Shitcoin Wallet, a Google Chrome extension was injecting JavaScript code on web pages, in order to steal passwords and keys from cryptocurrency wallets.


The extension, Shitcoin Wallet, Chrome extension ID: ckkgmccefffnbbalkmbbgebbojjogffn, was launched last month on December 9. With Shitcoin Wallet, users managed their Ether (ETH) coins, and Ethereum ERC20-based tokens -- tokens usually issued for ICOs (initial coin offerings) either from the browser or by installing a desktop app.

Malicious Behavior with the extension

Harry Denley, Director of Security at the MyCrypto platform, discovered that the chrome extension isn't what it promises to be. He found malicious code within the extension. In a blog, ZDNet reported that "According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk.
Second, the extension also actively injects malicious JavaScript code when users navigate to five well-known and popular cryptocurrency management platforms. "

 Danley, said that the extension traffics all the keys on its system to a third party website at erc20wallet[.]tk.

 The malicious code works by the following process

1. The user installs the chrome extension Shitcoin Wallet.
2. The extension request permission to inject the malicious JavaScript code to 77 websites.
3. If the user navigates to any of these 77 websites, it injects an additional code.
4. The code activates on five websites: MyEtherWallet.com, Index. Market, Binance.org, NeoTracker.io, and Switcheo.exchange
5. After activation, the code saves the user's login credentials, keys, and other data then siphon it to a third party.

It is not constructively clear yet if the Shitcoin Wallet team is responsible for the malicious behavior or a third party infiltrated the extension. The Shitcoin Wallet team is silent on the allegations and has yet to give any comments on the matter.

Desktop App

Both 32-bit and 64-bit installers are available for the user to download on the extension's official website. VirusTotal, a website that aggregates the virus scanning engines of several antivirus software makers, showed that both versions were clean. But on a warning note, the desktop app may contain the code or something even worse.
Read more »
National cyber security strategy
Cyber-security Economic crisis Ireland National cyber security strategy

Warning! Ireland's National Cyber Security Strategy; Fight Against Cyber-Crime


Ireland is all set to fight cyber-crime with its recently updated “National Cyber Security Strategy” which is way ahead of the last one the nation had.

This security strategy is just a way to meticulously ensure that the Irish netizens fully enjoy their digital rights and contribute to the internet society.

Per sources, the report cites that any minor or major cyber-attack on the multinational titans of the technological world could directly harm the security of data centers of the county.

The nation’s economic as well as political future depends on its cyber-security. The forthcoming Irish elections could be hindered easily if it were left to un-secure cyber-points.

Per reports, Ireland happens to hold more than 28% of the European Union’s data which in turn, in turn, is the headquarters of numerous big-time technology companies across the globe.

Hence, it is of the utmost importance to keep the country’s networks and devices essentially secured and tight against cyber-attack which is the aim of the Irish “National Cyber Security Strategy”.

If any of the prestigious institutions were to be even slightly compromised it would pose a direct threat to the business encompassed within the EU which in turn could lead to an economic disaster.

Ireland has never been too strong in terms of its cyber defense tactics and strategies as proven by the various attacks it has faced over the years.

Allegedly, the Cyber Security Strategy clearly mentions the challenges the Irish government faces especially regarding sensitive information.

Earlier the concepts of cyber-security were restricted to devices and networks that functioned on the internet wherein the targets could have been technology giants or other individuals.

But ever since the diaspora of the cyber-world and the evolution that it’s enjoyed ever since there are more serious matters that need attention like the electoral processes and other legislative tasks that need excessive secure conditions.

Irish military infrastructure, public sector security, the Irish political processes and almost every other thing that requires interconnected networks and devices, are all strong at the mercy of a safe and secure cyber environment.

Therefore it’s imperative for the nation to completely and effusively realize every single part of the strategy to their utmost capacity.
Read more »
Subscribe to: Comments (Atom)