Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

New Zealand
Cyber Attacks DDOS Attacks Fancy Bear New Zealand

NZ Stock Exchange Halted Temporarily Twice After Being Hit by Cyber Attacks


The New Zealand stock exchange was hit by a cyber-attack due to which it had to remain offline two days in a row. The exchange said the attack had "impacted NZX network connectivity" and it had chosen to temporarily halt trading in cash markets not long before 16:00 local time.

The trading had to be stopped briefly for a second time, yet was back ready for action before the day's end. 

A DDoS attack is generally a quite straightforward kind of cyber-attack, wherein a huge 'array' of computers all attempt to connect with an online service at the same time usually resulting in 'overwhelming its capacity'. 

They frequently use devices undermined by malware, which the owners don't know are a part of the attack. 

While genuine traders may have had issues with carrying out their business, but it doesn't mean any financial or personal data was accessed. NZX said the attack had come “from offshore via its network service provider". 

The subsequent attack had halted the trading for a long time in the working day - from 11:24 to 15:00 local time, the exchange said. In any case, in spite of the interference, the exchange was up at the end of the business, close to its 'all-time' high. 

Nonetheless, NZX said it had first been hit by a distributed denial of service (DDoS) attack from abroad and so the New Zealand cybersecurity organization CertNZ had also given a caution in November that mails were being sent to financial firms threatening DDoS attacks except if a ransom was paid. 

The mails professed to be from a notable Russian hacking group Fancy Bear. 

Be that as it may, CertNZ said at the time 'the threat had never had never been carried out, past a 30-minute attack as a scare tactic'.
Read more »
Russian Hackers
Cyber Crime Cyber Crime Report Cyber Criminals Russian Russian Hackers

Russian citizen arrested in the United States on charges of organizing a cyber crime


According to the Ministry of Justice, 27-year-old Yegor Kryuchkov tried to pay $1 million to an employee of a company from Nevada in order to introduce malware into its computer network. When the FBI joined the investigation, the Russian tried to run from the United States

A Federal Court in Los Angeles has arrested a Russian citizen, Yegor Kryuchkov, on charges of conspiring to commit cybercrime. This was reported by the press service of the US Department of Justice.

According to the Department, 27-year-old Kryuchkov in the period from July 15 to August 22 this year tried to bribe an employee of an unnamed American company located in the state of Nevada. The statement claims that the Russian offered him $1 million for participation in the implementation of the fraudulent scheme.

The Ministry of Justice reported that Kryuchkov allegedly planned to load malicious software into the computer system of this company. This would allow him and his associates to gain unhindered access to company data.

Last week, Kryuchkov was contacted by the Federal Bureau of Investigation (FBI), after which he left Reno (Nevada) and went to Los Angeles in order to leave the United States. The Russian, according to the Department, asked his friend to buy him a plane ticket.

Kryuchkov was detained in Los Angeles on August 22. According to the Ministry of Justice, the Russian entered the United States on a tourist visa.

The Russian Embassy in the United States said that diplomats are aware of Kryuchkov's arrest. "We will contact the Russian in the near future to find out the problem. We will provide him with the necessary consular and legal assistance,” said the diplomatic mission.

Read more »
Vulnerabilities and Exploits
Bank Cyber Security Bank Information Security Russia Vulnerabilities and Exploits

Experts identified flaw that allows criminals to steal money using Faster Payments System (FPS)


Experts have identified a flaw that allows criminals to steal money from accounts of clients of banks through the Faster Payments System (FPS),  which is often opposed to the idea of a crypto-ruble.

The experts found out that when the function of transfers via the FPS in the mobile bank was activated, one of the credit institutions was left vulnerable. Fraudsters were able to take advantage of this error and get customer account data.

Then the attackers launched the mobile bank in debug mode,  logged in as real clients, and sent a request to transfer funds to another bank, only instead of their account they indicated the account number of another client for debiting. Since the system does not verify the ownership of the account, it debited the money and transferred it to the fraudsters.

According to market participants, this is the first case of theft of funds using the FPS. The vulnerability could only be known by someone familiar with the application: an employee or developer.

The Central Bank noted that the problem was found in the mobile app of only one credit institution and promptly eliminated. 

Yaroslav Babin, head of web application security analysis at Positive Technologies, said that using the FPS is safe, but there may be problems in the applications of individual banks.

According to him, if hackers found a vulnerability in the application of a credit institution, the client will not be able to influence the safety of their funds in any way. All responsibility lies with the Bank that developed and released the app.

Babin recommends that banks pay more attention to system security analysis, implement secure development methods, and analyze the source code of all public applications or their updates before publishing them.

It is worth noting that the Faster Payments System is a service that allows individuals to instantly transfer money by mobile phone number to themselves or others. At the moment, all the largest credit organizations in Russia and more than 70 banks are connected to the FPS.

Read more »
Russia
Cybersecurity FBI Nevada Russia

FBI Arrests Russian Hacker, Who Tried To Convince An Employee to Hack His Nevada Company


 A hacker from Russia went to America and asked an employee of a Nevada company to install a malware in their company network. 

In a recent incident, the U.S Department of Justice declared charges against a Russian hacker today. The Russian national had traveled all the way to America to ask an American employee if he could set up malware, offering him $1,000,000 for the job. As per the court's reports today, the culprit, a 27-year-old hacker from Russia, named Egor Igorevich Kriuchkov, is found as a criminal member of an infamous Russian hacking group. The purpose of the attack was to gain internal access to the company's network and hack confidential information, later to be used as extortion for ransom purposes.


According to the company employee, Igor told him that to prevent the company from knowing about the primary attack, his team of hackers would launch DDoS attacks as a decoy to distract the corporate."The purpose of the conspiracy was to recruit an employee of a company to surreptitiously transmit malware provided by the coconspirators into the company's computer system, exfiltrate data from the company's network, and threaten to disclose the data online unless the company paid the coconspirators' ransom demand," says the court document.

However, Igor's heist plan failed when the employee who was contacted reported this incident to the FBI. The FBI kept a watch on Igor for the first few days, observing his every move. When it finally had all the evidence for the prosecution, the FBI arrested Igor last Saturday.

Timeline of Igor's visit to his arrest- 
  • Igor contacts employee CHSI (identified by the court) via WhatsApp and briefs him about the attack. Both used to be friends two years ago. 
  • Igor arrives in the U.S, meets with CHSI at a bar. 
  • On Igor's last day of the trip, he gives CHS1 all the details about the 'special project.' 
  • In the later events, the FBI contacts Igor, who tries to flee the country at that moment and is finally arrested.
Read more »
P2P Botnets
Botnets Cyberattack DDoS DDOS Attacks P2P Botnets

Over 500 SSH Servers being Breached by FritzFrog P2P Botnet


Cyberspace has seen an unprecedented rise in modified versions of peer-to peer, also known as (P2P) threats, it might have appeared that these P2P services have been vanishing, but in reality, they have emerged even stronger in newer ways. BitTorrent and eMule are still known to be in use by attackers.

A peer-to-peer (P2P) network is an IT infrastructure in which two or more computers have agreed to share resources such as storage, bandwidth and processing power with one another. Besides file sharing, it also allows access to devices like printers without going through separate server software. A P2P network is not to be confused with client-server network that users have traditionally used in networking, here, the client does not contribute resources to the network.

Researchers at Guardicore have recently discovered a sophisticated peer-to-peer (P2P) botnet called as FritzFrog that has been actively operated since January 2020, breaching SSH servers; it’s a Golang-based modular malware that executes a worm malware written in Golang, it is multi-threaded, completely volatile, and fileless and leaves no trace on the infected system’s disk.

It has a decentralized infrastructure which distributes control among all its nodes. The network uses AES for symmetric encryption and the Diffie-Hellman protocol for key exchange in order to carry out P2P communication via an encrypted channel.

So far, more than 20 malware samples have been discovered by the researchers as FritzFrog attempted to brute force over 500 SSH servers belonging to educational institutions, governmental institutions, telecom organizations, banks, and medical centers worldwide. The campaign also targeted some well known high-education institutions in the United States and Europe, along with a railway firm.

Botnets are being leveraged by attackers for DDoS attacks and other malicious activities, as per the recent attack trend. Earlier in June this year, the Monzi malware was seen exploiting IoT devices, mainly DVRs and routers. Threat actors brought together various malware families namely Mirai, Gafgyt and IoT Reaper, to carry out a botnet capable of DDoS attacks, command or payload execution or data exfiltration.

“FritzFrog’s binary is an advanced piece of malware written in Golang. It operates completely in-memory; each node running the malware stores in its memory the whole database of targets and peers,” according to Guardicore’s report.

“FritzFrog takes advantage of the fact that many network security solutions enforce traffic only by the port and protocol. To overcome this stealth technique, process-based segmentation rules can easily prevent such threats.”

“Weak passwords are the immediate enabler of FritzFrog’s attacks. We recommend choosing strong passwords and using public key authentication, which is much safer. In addition, it is crucial to remove FritzFrog’s public key from the authorized_keys file, preventing the attackers from accessing the machine. Routers and IoT devices often expose SSH and are thus vulnerable to FritzFrog; consider changing their SSH port or completely disabling SSH access to them if the service is not in use.” The report further read.
Read more »
Microsoft
COVID-19 Cyber Security Microsoft

Microsoft's new report suggest a rapid transformation in cyber security due to the pandemic

 In just two months of the pandemic, the digital world went through "two years worth of digital transformation" according to Microsoft and to compute these changes the company did a survey of 800 leaders from companies with more than 500 employees from the United States, United Kingdom, India, and Germany. The report circumcises the pandemic threat landscape, the long term cybersecurity, budget, staffing, and the adjustments companies did to update their security.


The crux of the matter remains that the pandemic bought on a  multitude of attacks and scams but the very thing strengthened the need for better cybersecurity and many businesses realized this and overall we saw a grave change where digital security is concerned.

According to Microsoft's report following are the changes bought on in cybersecurity by the global pandemic in the long term-
Security as a prime factor in Digital Empathy
With scales of business going WFH (work from home), business leaders quickly realized better security is more productive and drives a better end-to-end experience. For most business leaders the main aim was to improve user experience and productivity thus investing in cybersecurity with VPNs and Multi-factor authentications. The reports show a considerable increase in cybersecurity investments in the surveyed countries since the beginning of the pandemic.

Zero Trust Journey
According to csooonline.com, "Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access." Earlier, this Zero Trust capability was an option, now this has become the priority and everyone's on it for a much secure and private environment inside the database of the company.

More Database, Better Threat Intelligence
The pandemic highlighted the advantages of cloud backups and threat tracking. Microsoft tracked around 8 Million threats daily from around the world due to the diverse and large data input. With the help of automated tools, human insights, and large data, many threats could be tracked and stopped before they reached the user. 

Cyber reliance key to business operations
Cyber Security is fundamental for efficient business operations and cyber resilience. For that remote workplace, businesses need to constantly update their security plans and threat assessment as well as employ end to end security solutions.

Microsoft reports, "More than half of cloud forward and hybrid companies report having cyber-resilience strategy for most risk scenarios compared to 40% of the primarily on-premises organization. 19% of companies relying primarily upon on-premises technology do not expect to maintain a documented cyber-resilience plan."

 Cloud Security Solutions as Inevitable 
Nearly, 40% of organizations invested in cloud security solutions, followed by Data and Information Security (28%), Network Security(27%), and Anti-phishing tools (26%). Cloud not only protects data but also helps track security issues and provides overall integrated security.


  
Read more »
Russian Cyber Security
Cyber Fraud Information Security News Russia Russian Cyber Security

The Russian quality system (Roskachestvo) reported on the new traps of scams in WhatsApp

The absolute majority of fraud in WhatsApp occurs through social engineering when the text prompts the user to click on a link or download a file, said Ilya Loevsky, deputy head of Roskachestvo. So, criminals often make mass mailings with various profitable offers or lotteries to encourage the user to participate and click on an infected link or download a suspicious file.

"As a rule, hackers use big names of companies, such as Google, Apple, Facebook, hot topics like COVID-19, or super-profitable offers (last year it was a "promotion" about 1000 free gigabytes of the Internet for the 10th anniversary of the service). Fraudsters often fake official WhatsApp profiles by copying the name and design,” the expert gives examples.

According to the expert, sending such messages to your contacts is undesirable, as it only contributes to the spread of fraud.

However, after clicking on a malicious link, anything can happen to the victim, from stealing personal data to withdrawing funds from their card.

It is interesting to note that in June 2020, ESET reported a phishing attack aimed at the audience of WhatsApp and Telegram messengers. Users received messages asking them to fill out a questionnaire and get four barrels of beer from a famous brand as a gift.

One of the conditions for participation in the campaign was the mandatory forwarding of messages to ten contacts in WhatsApp.

In January of this year, a similar phishing attack was launched on WhatsApp users. Victims were lured by messages that a famous sports brand was celebrating an anniversary and giving t-shirts and shoes. To receive gifts, users were encouraged to click on the link.

Loevsky concluded that sometimes messages from unknown users may contain just forwarded files that spread panic in society, so it is better to disable auto-upload of media files in the messenger settings and not accept files from unknown accounts.

Read more »
Trump
China Privacy TikTok Trump

TikTok Files Lawsuit Against the U.S. Government Over Ban of Its Application


Tiktok has confirmed that it is going to sue the U.S. government for banning the use of Tiktok application in the United States. However, the Lawsuit will not ensure the Chinese company's future in the U.S. market even if it wins. The company claims that it has been trying to agree with Donald Trump administration's concerns and has been trying to reach a consensus for one year. Instead of entering a general agreement, the U.S. government is not paying attention to this issue, says TikTok. According to the company, the administration is not willing to offer any opportunities to resolve the problems.


Reuter reports, "it was not immediately clear which court TikTok plans to file its lawsuit. The company had previously said it was exploring its legal options, and its employees were also preparing their own lawsuit. While TikTok is best known for its anodyne videos of people dancing and going viral among teenagers, U.S. officials have expressed concerns that information on users could be passed on to China's communist government."

Tiktok says that to safeguard fair treatment of its users' and justice, it has no other option than to challenge the Trump administration in the court. Earlier this month, Trump had banned financial dealings with Tiktok, owned by ByteDance and WeChat, owned by Tencent. According to him, these Chinese apps could be a threat to U.S. national security, economy, and trade affairs. According to the administration, TikTok stores a large amount of user data, including internet usage, browser history, network data, and location.

The Chinese Communist Party can exploit this data and use it for extortion purposes, blackmail, cyberattacks, and even espionage acts. "TikTok did not specify which court it planned to tap for its lawsuit, but this move would not stop the company from being compelled to relinquish its U.S. operations, which was laid out under Trump's second executive order issued on August 14 and was not subject to judicial review," reports ZDNet. In response, TikTok says that it modified its user policies to deal with the issue, bringing new measures to prevent misinformation and ensure user privacy.
Read more »
User Security
Android devices data security Privacy User Data User Security

Here's how to Ensure Data Security Using FShred App


Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on their Android, it doesn't get deleted in an irrecoverable manner and can be recovered in a number of ways using recovery tools. Although regaining access to a deleted file might be rewarding in many scenarios, the rest of the time users would prefer a once and for all deletion of the same to ensure data safety.

In the sphere of Data security, continually rising unwanted activities of unauthorized users call for the creation of something that can protect users against data breaches and cyberattacks destroying their sensitive data. Users need their data to be erased in a manner that no recovery tool can undo it.

How can it be done?

When users have no intention to retrieve their deleted data by any means, data eraser apps come into play. These apps help users delete their sensitive data in ways that make it irrevocable from their Android devices. It proves to be of significant service when users plan to sell their smartphone or just share it with someone as it could mean a serious threat to their important data.

FShred is a user-friendly app that makes use of data sanitization methods that overwrite data on both, internal and external storage of Android phone to permanently delete the deleted files from the internal storage, it does so by overwriting all available space with random data. What does that mean? It's a process that replaces all the deleted files (Photos, videos, etc) with purposeless bytes sent by a random generator; by overwriting the occupied space, it effectively ensures the deletion of that data beyond recovery.

Developed by Emile Gee, FShred is one amazing tool that would allow you easily wipe all your sensitive data using advanced shredder algorithms, it shreds your data and recovers valuable storage space on your Android device.

The app has undergone various tests with file recovery tools such as GT File Recovery and none of the applications were successful in recovering the deleted data. Additionally, the app contains no in-app purchases or advertisements and is completely free and handy for users.
Read more »
uber
Cyber Security Data Breach Hackers uber

Uber's Former Chief Security Officer Charged for Covering up A Massive Data Breach

Uber's former chief security officer, Joe Sullivan, was very recently charged by the federal prosecutors in the United States for covering up an enormous data breach that the company had endured in 2016.

Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that additionally included paying hackers $100,000 ransom to keep the incident a secret, according to the press release published by the U.S. Department of Justice. 

It said, "A criminal complaint was filed today in federal court charging Joseph Sullivan with obstruction of justice and misprision of a felony in connection with the attempted cover-up of the 2016 hack of Uber Technologies.” 

The 2016 Uber's data breach exposed names, email addresses, phone numbers of 57 million Uber riders and drivers, and driving license numbers of around 600,000 drivers. 

The company revealed this data out in the open almost a year later in 2017, following Sullivan's exit from Uber in November. 

Later it was reported for, that two hackers, Brandon Charles Glover of Florida and Vasile Mereacre of Toronto, were the ones responsible for the incident and were the ones to whom Sullivan ‘approved’ paying cash in return for the promises to delete information of the clients that they had stolen.

The problem initially began when Sullivan, as a representative for Uber, in 2016 was reacting to FTC inquiries with respect to a previous data breach incident in 2014, and at the same time, Brandon and Vasile reached him in regards to the new data breach. 

"On November 14, 2016, approximately 10 days after providing his testimony to the FTC, Sullivan received an email from a hacker informing him that Uber had been breached again and his team was able to confirm the breach within 24 hours of his receipt of the email. Rather than report the 2016 breach, Sullivan allegedly took deliberate steps to prevent knowledge of the breach from reaching the FTC." 

As indicated by court archives, the ransom amount was paid through a bug bounty program trying to document the blackmailing payment as ‘bounty’ for white-hat hackers who highlight the security issues however have not compromised information. 

The federal prosecutors said, “After Uber personnel were able to identify two of the individuals responsible for the breach, Sullivan arranged for the hackers to sign fresh copies of the non-disclosure agreements in their true names. The new agreements retained the false condition that no data had been obtained. Uber's new management ultimately discovered the truth and disclosed the breach publicly, and to the FTC, in November 2017." 

However just last year, the two hackers were pleaded guilty to a few counts of charges for hacking and blackmailing Uber, LinkedIn, and various other U.S. corporations. In 2018, English and Dutch data protection regulators had likewise fined Uber with $1.1 million for neglecting to secure its clients' personal data during a 2016 cyber-attack.

As of now, if Sullivan is found guilty of cover-up charges, he could expect at least eight years in prison along with potential fines of up to $500,000.

Read more »
Scam
Coronavirus Cyber Fraud Information Security News Scam

Russian media reported on fake domains for pre-ordering coronavirus vaccine

After the Russian Ministry of Health registered the first coronavirus vaccine, the number of new domains associated with the vaccine increased on the Internet.

Creating a phishing site takes three to four hours thanks to designers and illegal CDNs, and earnings from them can range from thousands of dollars and much more depending on the audience and period, said Andrey Zaikin, head of the Information Security department at CROC IT company.

In the ten days since the vaccine was registered, 113 related domains appeared in the .com and .ru zones, said Eugene Voloshin, Director of the cybersecurity company Bi.Zone. Infosecurity a Softline Company adds that in July-August 2020, 445 domains were registered, which is about nine per day.

Such sites started appearing in March. They offered to buy a non-existent vaccine and medication for coronavirus.

One resource in English offered to pre-order a vaccine in the amount of 10,000 to 1 million doses and pay a quarter of the cost of the batch, reported the Telegram channel @In4security.

According to Check Point, the number of actual attacks related to the coronavirus has decreased: in July, there were about 61 million on average per week, and in June - about 130 million per week. In contrast, Trend Micro believes that the number of Internet threats exploiting the topic of coronavirus is growing, as the number of complaints from citizens has increased three to four times. In the first half of 2020, the company identified 9 million such threats.

The volume of phishing increased as people became much more active on the Internet during the pandemic and this continues to this day, believes expert of Kaspersky Lab. 

Read more »
Subscribe to: Comments (Atom)