Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Web Skimming
COVID-19 Cybersecurity E-Commerce Online Shopping Web Skimming

E-Commerce Attacks Didn't Increase During Coronavirus Quarantine


Due to the COVID-19 pandemic, people across the globe to stay at home. The quarantine has increased online shopping figures. Even though a majority of the people are shopping online for everything, from food to groceries to daily essentials, the web skimming attacks didn't increase and are supposedly expected not to in the near time, due to it, say cybersecurity experts. Web skimming or Magekart attacks or e-skimming is a kind of cyberattack where the attacker inserts malicious codes in the online stores' website. When the users make any payment in the checkout process while entering the data, the hackers steal their credit card credentials.


Web skimming attacks were famous amid the hackers during 2017-18 and had been rising since then. Various cybersecurity experts and agencies, when asked about 'the impact of large scale online shopping on the web skimming incidents,' they all agree that web skimming attacks will not rise just because more people are shopping now, spending most of their time online, while staying at home. It is because, for a very long time, hackers have tried to breach prominent e-commerce websites but have failed to do so, while the web skimming incidents have remained constant through the years.

According to these cybersecurity experts, there's only one condition under which web skimming attacks can increase, and that is only when the number of online stores will increase can the hackers look for new sites to attack. Unless that happens, the rate of web skimming attacks will remain the same. According to the statistical analyses by Sanguine Security, the data shows that web skimming attacks have slightly fallen during the COVID-19 pandemic. However, not every cybersecurity agency agrees with this data.

But according to Jerome Segura, who is a web analyst at Malwarebytes, the web skimming attacks on online stores have not increased, therefore it confirms with Sanguine Security's data. It may be because the number of online stores increased before 2-3 months, but nobody observed these attacks during that time. Another reason might be that buyers prefer shopping from popular e-commerce websites, which are hard to breach through for hackers.
Read more »
Phishing emails
COVID-19 cyber attack malware Phishing Attacks Phishing emails

Coronavirus Themed Phishing Attacks Continue to Rise


New data by researchers has demonstrated that cybercriminals are preying on people's concerns regarding the COVID-19 pandemic and carrying out sophisticated phishing, malware and email attacks. The sudden upsurge in the related attacks imply that attackers were quick to adapt to the new global health crisis environment and exploit it in their favor.

As per Barracuda Networks, an American IT security company, the number of email attacks associated with the new Coronavirus has seen a steady surge since January, the type of attack has recorded a 667% spike by the end of February. As per the data, January recorded a total of 137 attacks only, while in the month of February the number spiked to a whopping 1,188 and between March 1st to 23rd, there were as many as 9,116 email attacks in the regard.

Another notable kind of attack is the one where victims are receiving malicious emails with the promises of offering financial relief during the COVID-19 pandemic, researchers warned. Users are being tricked into believing that they will be receiving payments from global institutions, businesses and governments working with a common objective of providing economic aid to common people during the ongoing pandemic, as soon as the user clicks on the links or proceed to download files, the attacker gets illicit access to his credentials, card data, and other sensitive information.

One such campaign is found to be specifically attacking U.S. healthcare, IT sector and higher-education organizations, the emails sent in relation to this campaign contain a message titled "General Payroll!"

"The Trump administration is considering sending most American adults a check for $1,000 as part of the efforts to stimulate the economy and help workers whose jobs have been disrupted by business closures because of the pandemic,” it says.

“All staff/faculty & employee include students are expected to verify their email account for new payroll directory and adjustment for the month of March benefit payment.” The message further reads.

Users receiving the email are asked to access a malicious link that will direct them to a phishing page in order to verify their email account, they will be required to enter their usernames, email addresses, and passwords linked with their employee benefits. By doing so, the user will provide his personal data to the page controlled by the attackers.

“The ongoing shift to coronavirus-themed messages and campaigns is truly social engineering at scale, and these recent payment-related lures underscore that threat actors are paying attention to new developments,” researchers told.
Read more »
VPN
Coronavirus Ransomware Technology VPN

Microsoft Issues Its First Ever ‘Targeted’ Warning ; Saving VPN Servers of Hospitals


Following a recent disclosure about Iranian hackers targeting on vulnerabilities in VPN servers like the Pulse Secure, Palo Alto Systems, Fortinet, and Citrix, Microsoft gave its first-ever 'targeted' warning to a few dozen hospitals, informing them of the vulnerabilities in their own virtual private network (VPN) appliances.

With the organizations depending all the more heavily on the VPN servers as the lockdowns are in full swing of the unfortunate outbreak of the Corona Virus. They had no other option except to fall back to this means to help telecommuters but that in the end has made that specific part of the system a weakness i.e a soft spot for ransomware attackers to target – specifically at hospitals with already stressed assets.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (DHS CISA) a month ago cautioned all organizations to fix VPN services, however, Microsoft is especially worried about hospitals' vulnerability to human-operated ransomware due to unpatched VPN servers.

One group the Microsoft team has been following is the REvil, otherwise known as Sodinokibi, ransomware gang, which is known for setting monstrous ransom demands for businesses and government agencies.

While the ransomware gang hasn't yet developed new attack techniques but instead has repurposed strategies from state-sponsored attacks for new campaigns that exploit the heightened requirement for information in the current coronavirus crisis.

The Microsoft Threat Protection Intelligence Team uncovered in a new post, "Through Microsoft's vast network of threat intelligence sources, and we identified several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure."

"To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities," it added later.

When mentioning these new ransomware gangs the Microsoft team noted, “We haven't seen technical innovations in these new attacks, only social engineering tactics tailored to prey on people's fears and the urgent need for information."

And so the Multinational Technology's recommendation to hospitals and various other organizations is to follow three key steps to shield their VPN services from attacks:

  • Apply all available security updates for VPN and firewall configurations. 
  • Monitor and pay special attention to your remote access infrastructure. 
  •  Turn on attack surface reduction rules, including rules that block credential theft and ransomware activity. 

Apart from these, there are a few more published by Microsoft to further help mitigate these attacks.

Read more »
Information Security News
Armenia Coronavirus Cyber Security Information Security News

Armenian Minister of Justice explains how new software will find COVID-19 infected people


Armenian President Armen Sarkisian signed the bill on amendments to the law "on the legal regime of emergency" and "on electronic communication" adopted in the Parliament.
Earlier, the Opposition disrupted the bill on control against coronavirus. Opposition deputies called it an unacceptable interference in the personal life of citizens.

The government, however, has again submitted to the National Assembly a new bill that would control the telephone contacts and location of citizens in order to combat the coronavirus.
Justice Minister Rustam Badasyan said at a press conference in the government on Wednesday that the program for monitoring citizens in Armenia will allow identifying potential infected persons using an automatic algorithm. The subjective factor is excluded here.

The approved draft amendments to the law "on electronic communication" allows monitoring the movement of citizens using data from mobile operators.

If it turns out that a user (Person X) has detected a coronavirus, the program will automatically allocate all those whom Person X made at least one call in the last 14 days, and with whom he personally contacted (the state can also collect this data from operators).

At the same time, as the Minister noted, it is necessary that these two factors coincide. In other words, if Person X called Person Y 20 times but never saw him, Person Y will not be at risk.

Only those with whom Person X at least once called up and saw each other are at risk. But this does not mean that all of them will be sent to quarantine. Emergency workers will call them and find out the circumstances of their contacts.

The Minister stressed that the program for the new system was developed in Armenia. Data on the movement of citizens will not be available to foreign companies and governments, and inside the country will be deleted immediately after the end of the state of emergency.
It should be noted that in Armenia from March 16 to April 14 a state of emergency is in place to combat the spread of coronavirus.
Read more »
Winja
Google Microsoft Security Technology VirusTotal Windows Winja

Winja (VirusTotal Uploader)- The Malware Detector!


Cyber-security is an important concern for everyone working from these days, amid the lock-down due to the current Coronavirus pandemic. There are several security measures one can employ to stay on top of all the cyber-hazards that hackers could be brewing.

Winja is one such free application and passive analysis tool that is designed for Microsoft Windows that helps the user find any potential malware on their system. By way of using the scanning engine of the anti-virus products, the application gives forth very specific details as to which file is hazardous in which way.

Whenever we download something from the internet our first step is to ensure that it’s safe for our device. With Winja, all you have to do is to drag the file in question on the mal window and Voila! The results apparently will show on the desktop.

In case you have a sneaking suspicion about your device being infected, you could scan all services and processes for malware and the application will help you.

Reportedly, Winja initially uses the “VirusTotal” public API to insert the fingerprint of a file. If the fingerprint is present, Winja sends the current analysis report and if it is not then Winja sends the “unknown file” to the VirusTotal servers for scanning. You can also analyze files any time you want to enhance the chances of detection.

As has been recognized by researchers over these years, hackers tend to have their places of choice in their victim’s devices to first sneak in and then hide the malware. With Winja it becomes extremely easy to locate any suspicious files in those places. Per sources, Services, Task Scheduler, Active Processes, Applications beginning with Windows and Actions that require network resources and internet are few to be mentioned.

All you need to do to scan any file that you have a suspicion on is to drag it and drop in onto the main window of the Winja application.

Plus, you can make use of an extension for the Windows Explorer that would aid you to request a scan by means of a right-click on any file of your choice from the file browser.

Per sources, all the subsequent versions after the sixth one are available in French making it a huge hit in the French-versed population. VirusTotal, which is an arm of Google, strongly suggests Winja as a substitute for their Windows desktop application.

This application goes hand in hand with the anti-virus software that you love to use for your devices. It is not a substitute for anti-virus software but it fits with them like a puzzle piece and does not intend to endanger their publicity in any way.

Read more »
Zoom
malware Malware Report Zoom

Hackers use fake Zoom domains to spread malware


The coronavirus pandemic is forcing many people around the world to work remotely. This has significantly increased the popularity of video conferencing services such as Zoom. Attackers took advantage of this and began to use fake Zoom domains to spread malware and gain access to other people's video conferencing. This was reported by the security company Check Point.

Researchers note that since the beginning of the virus pandemic, 1,700 domains with the word Zoom have been registered. At the same time, 25% of new domains were registered in the last seven days, and 70 of them are considered suspicious by the company.

Check Point specialists found malicious files like "zoom-us-zoom_##########.exe", where # is a set of digits. After running such a file, the InstallCore batch application is installed on the user's computer, which is used for further downloading malware.

Fraudulent sites that simulate the work of Google Classroom or Google Hangouts have also appeared on the Internet. Disguised sites are created for the purpose of phishing: stealing passwords, credit card data, and other personal information from users. Check Point Cyber Research Manager Omer Dembinsky advised all users to make sure that links to video conferences are secure before using them.

In January of this year, Check Point published a report indicating that Zoom has security flaws. According to the company, hackers could connect to video conferences by generating random numbers that became conference URLs. Zoom then fixed the security breach and made some changes to the service, for example, introducing mandatory password protection for conferences.
Read more »
Zeus Sphinx
Banking Phishing COVID-19 malware Zeus Sphinx

Zeus Sphinx Malware Reappears amid Coronavirus Phishing Scams


In this particular scam, the recipients receive phishing emails asking them to donate money by filling forms for coronavirus or COVID-19 relief fund. The scam works because people are constrained to stay at home as they can't work in the office because of the quarantine. Zeus Sphinx Banking Trojan is determined as it can replicate files and folders to expand while maintaining to generate the registry keys.


Amid the COVID-19 pandemic, the panic it has caused among the general public has proven to be an advantage for the hackers, as they see it as an opportunity to lure innocent victims in the name of relief funds for COVID-19. Cybercriminals are exploiting the COVID-19 theme by launching spams and phishing email campaigns on their targets. Joining this new stream of attacks, another malware has reappeared after a long time named Zeus Sphinx malware.

About Zeus Sphinx 

 According to recent research conducted by a group of cybersecurity experts, the malware Zeus Sphinx, which is also famous as Terdot or Zloader, was used by Hackers to launch cyberattacks using the COVID-19 government relief funds as a bait to lure the victims.

  • Zeus Sphinx was first discovered in August last year, and it became famous as a banking trojan for commercial use, with Zeus v2 being the basis of its core elements. 
  • Zeus Sphinx was infamous for attacking banks over the US, UK, Brazil, and Australia. 
  • Zeus Sphinx has reappeared, but this time, it is using COVID-19 relief funds as a ploy while attacking the users of the corresponding banking institutions in the respected countries. 


How does it work?

 The malware is spreading through COVID-19 relief funds files. Here's how it's being covered:

  • The recipients receive phishing emails asking them to donate money by filling forms for coronavirus or COVID-19 relief fund. 
  • The forms in.DOC or DOCX file formats are used to gain entry. 
  • When downloaded, the file asks the user for access to enable content. 
  • This activates the Zeus Sphinx, which hijacks the window and establishes a C2 (command-and-control) server for malware. 

Note: Zeus Sphinx has an integrated flaw, which is, the trojan can't attack an updated version of the browser, once it has already been attacked before the update.
Read more »
Youtube
Accounts Hacked Bill gates Cyber Attacks Microsoft Ponzi cryptocurrency Youtube

Hackers use Bill Gates themed video to sell off Ponzi Crypto Scheme


Recently, tens of YouTube accounts were hacked to broadcast a Ponzi cryptocurrency scheme by renaming the hacked YouTube accounts as Microsoft accounts bearing the message from the company's former CEO Bill Gates to invest in crypto.


This is not the only attack of it's kind, various other attacks like this have become frequent on YouTube where the hacker hijacks a popular account and broadcast a message from the account- a "crypto giveaway", where the user is offered that if they give some cryptocurrency they'll get it back doubled. And of course, this is a scam and the victim does not get any returns.

These frauds first made their appearance on Twitter but moved on to YouTube as Twitter started weeding these posers out.

These hackers very efficiently gave their scheme an air of legitimacy by live streaming (on 30+ accounts) one of Bill Gates talk given to an audience at Village Global in June 2019 and adding a pop of messages of the Ponzi Scheme. This Ponzi scheme was live streaming on these accounts on YouTube- Microsoft US, Microsoft Europe, Microsoft News, and others.

Though both YouTube and Microsoft denied that any official accounts were hacked some users did report that they found the stream on Microsoft's nonverified accounts.

Most of the scam videos were streaming from hacked accounts with high subscriber numbers, that were renamed as Microsoft US, Microsoft Europe and such to seem more official. The viewed number of the videos was in tens and thousands, also the Bitcoin address in the scheme received thousands of US dollars thus successfully scamming some users.

 Various other organizations have been used by such hackers like Chaos Computer Club, a famous Germany-based hacking community, had their accounts hacked and broadcasted with a similar cryptocurrency scheme.
The most recent and popular case was when the YouTube account of YouTube's founder was hacked back in January. So, these sorts of fraudulent schemes have now become a common affair and it's at the hands of the users not to pay heed to these. Always check the legitimacy of these accounts and it's good to remember to think twice before giving in to an offer that's too good to be real.
Read more »
Hackers News
cyber attack Cyber Attacks Hackers News

Hackers switched from direct theft of money to gaining control over the infrastructure of companies


According to the report by Rostelecom Solar JSOC, hackers changed the focus of attacks, switching from direct theft of money to gaining control over the infrastructure of companies. Experts explain this trend by the fact that the average level of security of banks has increased significantly, which forces hackers to look for more vulnerable targets. Moreover, the demand for industrial espionage has increased on the black market. However, experts said that the activity of such hacker groups began to decrease against the background of the pandemic.

According to the report, by the end of 2019, the number of attacks aimed at gaining control over the infrastructure of companies and organizations has increased by 40%, while attacks for the purpose of stealing money have become 15% less frequent.

A long and unnoticeable presence in the organization's infrastructure allows attackers to investigate its internal processes in detail, gain deeper access to IT systems and control over them, says Vladimir Drukov, Director of Solar JSOC. He notes that hackers monetize this information by selling it on the black market, blackmailing the victim organization, or engaging in competitive intelligence.

In addition, in recent years, attacks are increasingly targeted at industrial and energy facilities, as well as government agencies whose control over infrastructure is critical for the country.

Kaspersky Lab confirmed that the number of attacks on corporate infrastructure is increasing. According to antivirus expert Denis Legezo, about 200 groups engaged in cyber espionage are currently being observed. However, the expert notes that during the coronavirus pandemic, a decline in their activity is noticeable.

Head of Analytics and Special Projects at InfoWatch Group of Companies Andrei Arsentyev noted that hackers are usually engaged in industrial espionage by order, including “hunting for various know-how, business development plans, pricing schedules”.

Attackers can monetize attacks not only through theft of funds but also by selling already configured connections to the victim’s local network to other criminals, says Evgeny Gnedin, head of Positive Technologies information security analytics department. Such a model of “access as a service” is gaining momentum today, which explains the increase in the number of such attacks.

Read more »
Cyber Security
Chinese Hackers COVID-19 Cyber Security

A Rise in New Cyberspying by a Suspected Chinese Group Detected By a U.S Cybersecurity Firm


A surge in new cyberspying by a speculated Chinese group that dates as far back as to late January was recently being observed by a U.S. cybersecurity firm. 

Happening around the time when the worldwide pandemic COVID-19 began to spread outside the borders of the Chinese, a publicly-traded cybersecurity company, FireEye Inc. (FEYE.O) said in a report that it had detected a spike in movement from a hacking group it calls "APT41" that began on Jan. 20 and focused on more than 75 of its customers, from manufacturers and media companies to medicinal and healthcare services associations and non-profits. 

The report stated that it was “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”

In its report, FireEye said that APT41 abused the recently revealed defects and flaws in the software created by Cisco (CSCO.O), Citrix (CTXS.O) and others to attempt to break into scores of companies' networks in the US, Canada, Britain, Mexico, Saudi Arabia, Singapore and in excess of a dozen other nations. 

Despite the fact that it declined to identify the affected customers, the Chinese Foreign Ministry didn't directly address FireEye's charges yet said in a statement that China was “a victim of cybercrime and cyberattack.”

Matt Webster, an analyst with Secureworks – Dell Technologies' (DELL.N) cybersecurity arm – said in an email that his group had likewise observed proof of the said increased movement from Chinese hacking groups over the last few weeks. 

Specifically, he said his group had recently spotted new digital infrastructure related to APT41 – which Secureworks calls “Bronze Atlas." 

Even though relating hacking campaigns to a particular nation or entity is mostly loaded with ‘uncertainty’, however, FireEye said it had evaluated "with moderate confidence" that APT41 was made out of Chinese government contractors. 

John Hultquist, FireEye's head of analysis, said the said surge was astounding in light of the fact that hacking activity ascribed to China has commonly become increasingly focused and further added that “This broad action is a departure from that norm.”
Read more »
Technology
Coronavirus update Coronavirus website COVID-19 Google Health Security Technology

This COVID-19 Website By Google Tells You All You Need To Know About Coronavirus!


The first step anyone took after hearing the first of the Coronavirus was ‘Googling’ it. Google has been a solution, for as long as we can remember, to most of our queries. Yet again it upholds its
reputation.

Amid all the mass confusion and chaos this virus has caused for the human race, every single one of us has wanted a ‘go-to’ for a little clarity between all of this bewilderment related to COVID-19.

Be it asking about the first symptoms, vaccine information or prevention strategies, in the middle of this bewilderment people have continued to look up to search engines for answers.

Google stepped in at the right moment and launched a website that encompasses next to every single bit of information about the Coronavirus.

Per sources, by way of collaborating with the US government, Google was has developed a website fully committed to educating people about COVID-19 including the probable symptoms, ways of prevention, treatment and all the other related information.

Reportedly, in the last week of January, Google had launched an SOS “alert” packed with resources and safety details from the WHO, plus the latest news. The alert, as of now, has spread across many countries in 25 languages. Per sources, people in over 50 countries have access to localized public health guidance from authorities.

The website mostly centers on providing health-related information along with safety and preventive practices, helpful resources, updated data and insights, relief assistance, the most recent of news, the early symptoms of the disease and how it spreads.

The website strongly endorses the “Do the Five” campaign to further wakefulness about basic things people can do to control the spread of COVID-19, per the WHO. According to sources, the website also has a map of the affected areas via the WHO and links to national health authority websites.

The website is loaded with informative videos from the Ministry of Health & Family Welfare, depicting the importance of washing hands regularly, responsible behavior and fighting together.

It is a massively lucrative initiative towards putting all the misunderstandings and confusion of people regarding COVID-19, to rest. The website shall be regularly updated and improved with more details and resources.

The link to the website:
https://www.google.com/covid19/

Read more »
Subscribe to: Comments (Atom)