Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Internet Protocol Hijack
China Cybersecurity DDoS Internet Protocol Hijack

Gothic Panda and Stone Panda: Chinese Hackers that Launched Mass Cyber Attacks on Indian Companies


Two Hacking groups from China named Gothic Panda and Stone Panda have been identified for organizing the majority of the cyber attacks on Indian companies in June 2020. Mumbai Mirror reported was the first to know about the incident. On 20th June, it published a report on its website regarding the issue. As per the cybersecurity experts, the word is that both the hacking groups are likely to work independently and not state-sponsored; however, they work in the interests of the Chinese government. According to experts, an anonymous source said that the attacks were launched under the disguise of VPN and Proxy Servers. After investigation, the attacks led us to Gothic Panda and State Panda, say the officials.

Chinese hackers launched more than 40,000 attacks. The hackers had used some unique malware to gain confidential data of the companies and later used the information for extortion. According to the reports, the hackers broke into at least six private/public companies' safety procedures. These include a government-regulated organization in Jammu and Kashmir and companies operating in New Delhi and Mumbai. The attacks were traced back to Souther Western Chinese province named Sichuan. These players also attempted to take down websites linked to companies that were involved in banking and finance.

The hackers used DDoS attacks (Distributed Denial of Service) and Internet Protocol Hijack. Experts say that these attacks, also called 'Probes,' look for vulnerabilities in a website's security features. In an incident where the hackers were able to crash the website, the home page was modified, and the content was changed with a foreign language. Experts say that there were no other successful probes except this incident.

In a DDoS attack, the hacker tries to rupture a cyber network, such as a website. For example, if a website page's utility provider's limit is 5000 requests/second, the hackers will pile it up with 5,00,000 requests/second and crash the website. Whereas in an Internet Protocol Hijack, the hacker tries to divert the course of traffic. In this case, the internet traffic was diverted through China for surveillance purposes.
Read more »
Russian Cyber Security
Data Breach Database Leaked Russia Russian Cyber Security

Databases of users of Russian ad services Avito and Yula have appeared on the network


Six files with tables in CSV format are in the public domain, which means that anyone can download them. Each file contains the data of about 100 thousand users (three databases with information from Avito users, and three more from Yula users). Each record contains information about the user's region of residence, phone number, address, product category, and time zone. The first database was uploaded to the hacker Forum on June 26, and the last one appeared there on July 22.

Russian media writes that they confirmed the relevance of at least part of the published data by calling users at the specified phone numbers.

A representative of Yula said that the uploaded files do not contain personal data of users of the service.

"They only contain information that anyone could get directly from the site, or by parsing (copying using scripts) ads.

Yula is extremely attentive to the security of our users and the safety of their data. We do not disclose information about addresses from ads even when parsing (and this is visible in the files) and allow our users to completely hide their phone numbers, accepting calls only through the service's app," said the service.

The press service of Avito also reported that the user data contained in the databases was publicly available and this is not a leak of information.

The head of the Zecurion analytical center, Vladimir Ulyanov, noted that it may even be a manual data collection since user numbers on Avito and Yula websites are usually covered with stars. The published information, in his opinion, can be used by fraudsters in social engineering.
Read more »
Ransomware
Aberystwyth University Blackbaud malware Ransomware

Aberystwyth University and others affected by Blackbaud Global Ransomattack


Aberystwyth University, a 148-year-old mid-Wales institution was attacked via a hack on Blackbaud, a US company that deals with education financial management and administration software.

 It was among the 20 institutions that were affected by the ransomware attack including the University of York, Loughborough University, University of London, and University College, Oxford. The welsh university with an influx of 10,000 students every year said, "no bank account or credit card details were taken".

 The ransomware attack occurred around May of this year and targeted Blackbaud which is associated with many education institutes thereby the attack sent shockwaves to at least twenty institutes from the US, UK, and Canada. The company did end up paying the ransom and said that, "confirmation that the copy [of data] they removed had been destroyed" but they were criticized for not informing about the hack and data risk to the victims until July that is after a month of the attack.

According to the law, under General Data Protection Regulation (GDPR) the company is supposed to report a significant data breach to data authorities within 72 hours. Both the UK and Canada data authorities were made aware of a data breach only last week.

 ICO (UK's Information Commissioner's Office) spokeswoman said: "Blackbaud has reported an incident affecting multiple data controllers to the ICO. We will be making inquiries to both Blackbaud and the respective controllers, and encourage all affected controllers to evaluate whether they need to report the incident to the ICO individually."

 Impact on Aberystwyth University

 The 148-year-old institute in Wales reassured that no student data was affected and the "stolen data has now been destroyed and has no reason to believe it was misused".

 Blackbaud confirmed to the university that no financial details of bank or credit were taken. A spokesperson from the university said, "We take data security extremely seriously. We are urgently investigating this incident and are awaiting further details from Blackbaud.

 "We are in the process of contacting those online portal users and recipients of our alumni and supporter e-newsletters whom we believe may have been affected."  
Read more »
SIM Swapping
Airtel Bank fraud Cyber Fraud SIM Swapping

eSIM Swapping Fraud: Cyber Criminals Targeting Airtel Customers in Hyderabad


Hyderabad witnessed three back to back cases of cyberfraud wherein criminals targeted Airtel customers promising them eSIM connection that led to a fraud of more than 16 lakh Rs. In the wake of the frauds, the Hyderabad cyber crime police station issued an advisory alerting Airtel customers regarding the fraudsters befooling people in the name of the eSIM connection.

S. Appalanaidu, a resident of Miyapur, Hyderabad received a message on 11th July informing him that if he fails to update his KYC details, his SIM card would get blocked. “Dear Customer Your SIM Card Will Be Blocked in 24 hours Please Update Your eKYC verification Thanks”. The message read.

Later, he received a phone call from a person acting to be a customer care executive for Airtel who asked Mr. Appalanaidu to forward the e-mail address sent by him to #121 i.e., Airtel customer care number, in order to get his KYC updated online. Reportedly, after forwarding the email-id, Mr. Appalanaidu got an auto-generated SMS from the service provider for registering the email address for his contact number. Once the e-Sim request was forwarded by him to Airtel along with the email address, he received another auto-generated SMS handing him the e-SIM enabled handset and asking to proceed with the same. After that, he received a Google view form link on which he submitted the name of his bank and forwarded it to the caller. Immediately after his SIM card got blocked and a sum of Rs. 9,20,897 had been deducted from his bank account. Following the incident, Mr. Appalanaidu filed a complaint on 14th July urging for necessary actions to be taken by cyber police.

Similarly, the criminals cheated two other Airtel users for amounts - Rs. 5,94,799 and 1,03,990 respectively. In the light of that, Hyderabad cyber police issued an advisory to warn customers about how fraudsters are sending a heap of messages and calling them claiming to be Airtel customer care executives and asking them to send requests for the activation of eSIM and eSIM enables devices, which is just another way of cheating customers and tricking them into providing enough personal and financial details for fraudsters to capitalize on. ,
Read more »
lazarus
Cyber Attacks Hackers News Kaspersky lazarus

Experts found targeted attacks by hackers from North Korea on Russia


 Kaspersky Lab revealed that the well-known North Korean hacker group Lazarus has become active in Russia. The attackers attack through applications for cryptocurrency traders in order to steal data for access to the wallets and exchanges. In addition, the group collects research and industrial data.

 Experts believe that hackers are particularly interested in the military-space sphere, energy and IT, and the interest in bitcoin can be explained by the need for North Korea  to bypass sanctions

 The first cases of Lazarus targeted attacks on Russia appeared at the beginning of last year. According to Kaspersky Lab,  since at least spring 2018 Lazarus has been carrying out attacks using the advanced MATA framework. Its peculiarity is that it can hack a device regardless of what operating system it runs on — Windows, Linux or macOS.

 According to Kaspersky Lab, the victims of MATA include organizations located in Poland, Germany, Turkey, South Korea, Japan and India, including a software manufacturer, a trading company and an Internet service provider.

 Several waves of attacks have been detected this year. So, this month, Lazarus attacks were discovered in Russia, during which the backdoor Manuscrypt was used. This tool has similarities to MATA in the logic of working with the command server and the internal naming of components.

 "After studying this series of attacks, we conclude that the Lazarus group is ready to invest seriously in the development of tools and that it is looking for victims around the world," said Yuri Namestnikov, head of the Russian research center Kaspersky Lab.

 According to Andrey Arsentiev, head of Analytics and Special Projects at InfoWatch Group, Lazarus is one of the politically motivated groups. It is supported by the North Korean authorities and is necessary for this state: cybercrimes are committed to obtain funds for developing weapons, buying fuel and other resources. He explained that the anonymous nature of the cryptocurrency market makes it possible to hide transactions, that is, by paying for various goods with bitcoin, North Korea can bypass the sanctions,

 Kaspersky Lab noted that data from organizations involved in research related to the coronavirus vaccine is currently in high demand in the shadow market.
Read more »
North Korean Hackers
Cyber Attacks lazarus malware North Korean Hackers

Discovery of a New Malware Framework and Its Linkages with a North Korean Hacker Group



The discovery of a brand new malware framework and its linkages with a North Korean hacker group has heightened the panic within the digital world. Kaspersky, the cybersecurity company has already alerted the SOC groups of the discovery.

Referred to as  "MATA," the framework has been being used since around April 2018, principally to help in attacks intended to steal customer databases and circulate ransomware.

The framework itself gives its controllers the adaptability to target Windows, Linux, and macOS and comprises of a few components including loader, orchestrator, and plugins.

Kaspersky associated its utilization to the North Korean group "Lazarus”, which has been engaged for a considerable length of time in 'cyber-espionage' and sabotage and, by means of its Bluenoroff subgroup, endeavors to collect illegal funds for its Pyongyang masters.

The group was even pegged for WannaCry, just as refined attacks on financial institutions including the notorious $81m raid of Bangladesh Bank. Kaspersky senior researcher, Seongsu Park, contended that the most recent attacks connected to Lazarus display its eagerness to invest serious resources to create new malware toolsets in the chase for money and data.

“Furthermore, writing malware for Linux and macOS systems often indicates that the attacker feels that he has more than enough tools for the Windows platform, which the overwhelming majority of devices are run on. This approach is typically found among mature APT groups” he added later.

“We expect the MATA framework to be developed even further and advise organizations to pay more attention to the security of their data, as it remains one of the key and most valuable resources that could be affected.”

The security vendor encouraged the SOC teams to get to the most recent threat intelligence feeds, install dedicated security on all Windows, macOS and Linus endpoints, and to back-up regularly.

The framework seems to have been deployed in a wide variety of scenarios, focusing on e-commerce firms, software developers, and ISPs across Poland, Germany, Turkey, Korea, Japan, and India.

Read more »
Cybersecurity
Amazon cloud servers AWS Cybersecurity

Hackers Breached into Twilio's AWS; Company Confirms the Attack


In a recent cybersecurity breach incident, Twilio acknowledges that hackers breached into the company's cloud services (unsecured) and compromised its javascript SDK. The hackers modified the javascript that the company shares with the clients. Twilio, a famous cloud communications company, told a news agency about the incident, after an anonymous whistleblower had reported the issue to the agency. To summarise it all, a cybercriminal breached into Twilio's AWS (Amazon Web Services) S3 systems. It should be noted that the networks were unsecured and world-writable. The hacker modified the TaskRouter v1.20 SDK and attached some malicious codes designed to tell if the changes worked or not.


In response to the incident, Twilio says that the customer's privacy safety is the first and foremost concern for the company. Twilio confirms about the malware in the TaskRouter v1.20 SDK, and that it was the work of a 3rd party. The modification of the S3 bucket made the attack possible. According to Twilio, it immediately closed the S3 bucket after knowing the issue and has issued an inquiry into the incident. The company took roundabout 12 hours to deal with the issue. Currently, it has no proof if any of the customer accounts were stolen or not. However, it confirms that the hacker didn't break into the company's internal systems to modify coding or data.

 Twilio uses JavaScript SDK as a method to connect your business operations to its task router platforms. The company plans to publish a detailed report about the incident in a few days. However, a friendly suggestion to the users, if you have downloaded or installed an SDK copy, make sure that you have a legit copy.

 "Our investigation of the javascript that was added by the attacker leads us to believe that this attack was opportunistic because of the S3 bucket's misconfiguration. We believe that the attack was designed to serve malicious advertising to users on mobile devices," said Twilio to The Register as a response to the incident. It also says, "If you downloaded a copy of v1.20 of the TaskRouter JS SDK between July 19th, 2020 1:12 PM and July 20th, 10:30 PM PDT (UTC-07:00), you should re-download the SDK immediately and replace the old version with the one we currently serve."
Read more »
Russian Cyber Security
Data Privacy Laws Hacking News Privacy Russia Russian Cyber Security

An IT expert at the Russian State Duma Explains Data Risks of Using VPN


"To prevent hackers from getting personal data of users, users don't need to use a VPN connection in their daily life", said Yevgeny Lifshits, a member of the expert council of the State Duma Committee on Information Policy, Information Technology and Communications.

He explained that a VPN is a virtual network that is supposed to protect the user's personal data from hackers. It is assumed that using this network allows users to maintain network privacy. However, according to the expert, VPN services carry more danger than protection.According to Lifshits, such services are not needed in everyday life.

"Sometimes VPN services are necessary for work to transfer commercial data. In everyday life, they have no value."

According to the expert, if a person does not commit crimes that he wants to hide with a VPN, then he does not need to protect himself.  Otherwise, passwords may end up in the hands of hackers.

"A user installing a VPN believes that he has secured himself, but the service provider may allow a data leak,” said Lifshitz. 

According to him, if the VPN service is unreliable, hackers can get passwords and other personal data of the user. The expert noted that now there are thousands of companies offering a secure connection and an ordinary person can make a mistake with the choice of a reliable one.

Earlier it was reported that the personal data of 20 million users of free VPN services were publicly available on the Internet. Experts found on the open server email addresses, smartphone model data, passwords, IP addresses, home addresses, device IDs, and other information with a total volume of 1.2 terabytes. It is noted that the leak occurred from networks such as UFO VPN, Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN. Some of them have millions of downloads from Google Play and the App Store and high ratings.
Read more »
Tik Tok
data security National Security Privacy Tik Tok

Australia: TikTok Undergoing Scrutiny Over Data Security Concerns


Chinese video-sharing social networking platform, TikTok is undergoing scrutinization in Australia over data security and privacy concerns, according to the government sources. 

TikTok is a free app where users can post a minute long videos of short dances, lip-sync, and comedy using a multitude of creative tools at their disposal. The platform differs from other social media platforms in ways where it allows navigation through videos by scrolling up and down instead of usual tapping or swiping. 

Recently, the Bytedance owned, TikTok became a hot topic of discussion in both the offices of Home Affairs as well as Attorney-General; reportedly, the issue of privacy concerns drew more attention in the wake of the video-sharing giant opening an office in Australia. 

Lately, the platform had been making headlines for 'national security concerns'  which was one of the major reasons for Prime Minister Scott Morrison to examine TikTok, he stated that if there will be a need to take more actions than what the government had already been taking, then they won't be shy about it. 

Meanwhile, the inquiries carried out by Labor Senator Jenny McAllister put forth a need to scrutinize the app further, given a total of 1.6 million Australians were on TikTok. 

In conversation with ABC radio, she told, "Some of these approaches to moderating content might be inconsistent with Australian values," 

"For example, removing material about Tiananmen Square, or deprioritizing material about Hong Kong protests," she added. 

In a letter to Australian politicians, Lee Hunter,  general manager for TikTok Australia said, it's "critical you understand that we are independent and not aligned with any government, political party or ideology."

Read more »
Russian Cyber Security
Cyber Attacks Healthcare Hacking Russia Russian Cyber Security

Russian Foreign Ministry urged whole world to abandon cyber attacks on healthcare facilities during a pandemic


Against the background of the coronavirus pandemic, Moscow calls for an end to cyberattacks on healthcare facilities and critical infrastructure. This was announced on Monday, July 20, by the Russian President's Special Representative for International Cooperation in the Field of Information Security, Director of the Department of International Information Security of the Russian Foreign Ministry, Andrei Krutskikh.

He stressed that Russia shares the opinion of many countries that the information and communication infrastructure in the health sector is needed.

"We propose to secure the obligation for states to refrain from attacks not only on medical facilities, but also in general on the critical information infrastructure of institutions that provide vital public services," said Krutskikh.

In particular, the diplomat noted the spheres of education, energy, transport, as well as banking and finance. In addition, he added that work on this will continue at the  United Nations platforms on international information security.

In addition, the Russian Ministry of Foreign Affairs offered Germany to hold consultations on cybersecurity.

"We consider it extremely important to resume a full-scale dialogue in this format with the involvement of the necessary range of experts on international information security. This will help neutralize an unnecessary irritant in our bilateral relations and transfer interaction on the issue of information security into a practical plane," said Krutskikh.

Moreover, the special representative commented on the situation with  Russian Dmitry Badin.
According to Krutskikh, Russia has offered Germany several times to hold consultations on information security, including in 2018, but the German side disrupted the planned talks.

Earlier, E Hacking News reported that the Office of the German Federal Public Prosecutor issued an arrest warrant for a Russian whom they suspect of hacking into the computer systems of the German Parliament in 2015. The publication reports that the suspect's name is Dmitry Badin, he is allegedly an officer of the GRU.  Russia repeatedly denied accusations of involvement in hacker attacks. 
Read more »
Healthcare
COVID-19 Cybersecurity Healthcare

Importance of Cybersecurity in the Healthcare Sector


Hackers and cybercriminals have targeted the healthcare sector for a long time. Among the healthcare industry, hospitals are generally the primary target for hackers, as they generate a lot of money. The hospitals hold very sensitive information of the patients, including credentials and personal data, and the hackers can take advantage of that. Due to the coronavirus pandemic, hospitals have received a large number of funds from the government and other agencies to deal with the issue, and the hackers are after the money.


The critical issue is that healthcare IT systems store patient credentials, including banking details, ID, and credit card details. Besides this, information such as patient's HIV details can be exposed, and cybercriminals can exploit for extortion. On the dark web, ID credentials can be sold for very profitable money, so the government and healthcare industry should take extra precautions to stay safe from cyber attacks. In the present pandemic crisis, blackmail has become one of the most common cyberattacks threats. Blackmail is different from ransomware; in the latter, the player holds company data as ransom by encrypting malware. Whereas, while blackmailing, the hacker threatens to expose critical data, unless his demands are met, which is mostly money.

In this scenario, the hospitals don't have any option but to compensate the cybercriminal as revealing patient information is not only dangerous but also against the doctor-patient confidentiality. In the starting phase of the COVID-19 outbreak, hackers across the world didn't target the healthcare industry. It created a false sense of security among the government and experts that the healthcare sector was safe from hackers and cyber attacks. It was all but long when the hackers finally decided to take a toll on cyberattacks on healthcare.

Therefore, the healthcare industry should step-up and create a robust cybersecurity infrastructure that ensures patients' privacy and security. General awareness of cybersecurity among citizens is also essential, especially sensitizing the hospital staff. Most important and the last one, healthcare institutes should team up with cybersecurity agencies that provide protection and security from cyber attacks and hackers.
Read more »
Subscribe to: Comments (Atom)