Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Email Hacking
Anonymous Hackers Cyber Attacks Data Breach Email Hacking

Norwegian Parliament Hit by a Cyber-Attack on Its Internal Email System


Stortinget, the Norwegian Parliament succumbed to a cyber-attack that targeted its internal email system. The news came in on Tuesday when the Norwegian parliament's director, Marianne Andreassen, affirmed that the threat actors had targeted the parliament. 

The hackers penetrated email accounts for elected representatives and employees, from where they stole various amounts of data. Andreassen said that the incident is currently being monitored, and, so couldn't give any insight into who was responsible for the attack, or the number of hacked accounts.

People whose accounts were exposed in the attack have been informed about the same and a report has been filed with the Norwegian police and the nation's intelligence agency has just begun investigating the incident, as per a statement the agency posted on its Twitter account after the incident. 

The local press, who initially broke the story additionally, announced that the parliament's IT staffs has closed down its email service to keep the hackers from siphoning more information. 

Besides this, a representative for Norway's main opposition party, the Labour Party, told public broadcaster NRK that the attack had additionally affected a few Labour Party members and staff. 

After the incident was found, the Norwegian National Security Authority (NSA) was brought in to counter the attack and get to the bottom of what had occurred "We have been involved for a few days," said NSA spokesman Trond Oevstedal. 

"We are assisting parliament with analysis and technical assistance." Andreassen said that the parliament had discovered "anomalies a little more than a week ago." 

"A number of risk-reducing immediate measures were implemented to stop the attack," said Andreassen. "These measures had an immediate effect." 

In a statement issued earlier read: "Burglary has been registered in the email accounts of a small number of parliamentary representatives and employees. Our analyses show that different amounts of data have been downloaded." 

The Storting through this statement said that the attackers had snatched a vague measure of data. So far no there is no info released with respect to what sort of cyber-attack was executed against the Norwegian parliament or who was responsible for it. 

However, as Andreassen said to the reporters they take the matter quite seriously and have given our complete attention to investigating the situation to get a complete image of the incident and the possible degree of harm caused by it.

Read more »
Ransomware
Botnet Botnets Encrypted Files malspam malware Ransomware

Emotet Botnet Operators Switching to a New Template Named ‘Red Dawn’


Emotet malware has been continually evolving to the levels of technically sophisticated malware that has a major role in the expansion of the cybercrime ecosystem. First discovered as a simple banking Trojan, Emotet’s roots date back to 2014 when it attempted to steal banking credentials from affected machines.

However, after going through multiple upgrades, since then, it has taken upon various roles- to exemplify, it has leveled up its threat game long ago to become a “loader”; it gathers data and sends it via an encrypted channel to its command and control (C2) servers, it also downloads modules to further the functionality.

The threat actors, actively involved in the rapid expansion of “Emotet” as a service, have devised a new method of attacking their targets by making them access infected documents. Until a while ago, the operators of Emotet have been using an iOS-themed document template in their botnet campaigns, the template informed victims that the document was created on iOS and that in order to view the content properly, he needs to ‘Enable Content’.

However, this is not the scenario anymore. In its newer campaigns, the notorious botnet is reported to be employing a new template, named ‘Red Dawn’ by Emotet expert, Joseph Roosen, for its red accent colors.

While displaying the message, “This document is protected”, the Red Dawn template informs the user that the preview is unavailable and in order to view the document, he is required to click on ‘Enable Content’ or ‘Enable Editing’ button.

After the user is being tricked into accessing the document via the steps he was asked to follow, Emotet malware gets installed on his system following the execution of macros. Once the system is successfully infected, Emotet malware may proceed to deliver other malware and ransomware namely Trickbot and Qbot or Conti and ProLock respectively.

“#Emotet AAR for 2020/09/02: Only a couple malspams at dayjob. It looks like JP is getting targeted heavily now by E1/E2 and E3. Seeing templates on all 3! The new regex for E1 is stupid and I bet Yuri thought that was epic, well nope, even easier to block, new regex in report. TT”, Joseph Roosen said in his related Tweet.
Read more »
Hackers News
Cyber Attacks Hackers News

Cyber Criminals broke into the database of patients of the Russian cancer center and demanded a ransom

The Sverdlovsk Regional Clinical Center was hacked. Svetlana Lavrova, a neurophysiologist, told about this on her Facebook page.

“The data of 400 patients who were operated on from the 10th to the 21st were encrypted," said Alexander Dorofeev, Deputy chief physician at the Sverdlovsk Regional Cancer Center.

The Department of information policy of the Sverdlovsk region said that the hack occurred on August 21 at the time of installation and integration of the laboratory information system.

Hackers chose the moment when the system was most vulnerable, during the installation of new software. A specially designed virus encrypted data on test results - information that is so necessary to prescribe an effective treatment. They became unreadable without a special key.

Then the hackers demanded one thousand dollars for the decoder. The management agreed to pay, but the hackers stopped communicating.

As a result, a lot of work had to be done in a few days: manually restore medical reports, re-enter them into the database.

"Especially for those who doubt confidentiality: the missing data was not transferred to someone, no one found out who had what kind of tumor, just hackers "broke" our access to them," wrote a neurophysiologist Svetlana Lavrova on Facebook.

As a result, a statement to the police has not yet been written, since there was no time.  Now, when all the data has been restored and the patients received the necessary treatment, a check will be carried out. Police need to find out who these scammers are who tried to sell the lives of 400 people for a thousand dollars. And most importantly, how they managed to find out at what point the system will be vulnerable.

Read more »
Microsoft
Anubis malware Microsoft

Anubis Malware that Attacks Windows Users


In a recent cybersecurity incident, Microsoft reports of a new malware called 'Anubis.' Anubis is not related to any banking malware and is famous for attacking windows systems and devices. Recently, the MSI Microsoft Security Intelligence discovered a new window malware. Anubis is capable of stealing windows users' data and has a high threat level. Detailed analysis revealed that the malware triggers the coding of 'Loki' malware responsible for stealing data. The Loki malware came out a few years ago and wreaked hell as infamous ransomware.


According to Microsoft, "the new malware shares a name with an unrelated family of Android banking malware. Anubis is deployed in what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers." On its Twitter account, according to Microsoft's tweet, it found a new malware named Anubis, that was roaming in the wild until now. Currently, Anubi has only a limited target, and its range of attacks is also little. "Anubis is deployed in what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers," says MSI. Besides, the malware only targets windows systems. Hence, non-windows users are safe. Also, Microsoft defender can identify this malware. Therefore users are safe from Anubis. Another good news.

About Anubis 
Microsoft team first identified the malware in June, as of now, Anubis has become highly active. Having the same name Anubis, users shouldn't confuse it with another android trojan that bears the same name. The windows malware steals user information, including financial data, system data, cryptocurrency wallets, login credentials, and personal information, whereas the android trojan is only a banking malware.

The MSI team is yet to confirm how Anubis is attacking its targets. Therefore, every windows user, for now, should be alert while downloading any 3rd party application/softwares, suspicious emails, etc. The users should also use premium software that guarantees safety against malware. If you're not a Windows user, you needn't worry. The company will update its users if it finds more details about the malware.
Read more »
Technology News
Russia Russian Federation Technology Technology News

Russian engineer raised $5 million for Tamagotchi for hackers

Russian techno enthusiast Pavel Zhovner raised almost $5 million for the production of Tamagotchi for hackers Flipper Zero.  The project attracted 37,987 users of the Kickstarter crowdfunding platform.

Zhovner launched the campaign in early August and expected to be able to raise at least $60,000 within a month — the minimum amount needed to start production in China. However, the enthusiast received this money within 8 minutes after the start of the collection. A day later, the project raised $500,000, and by the end of the weekend - more than $1 million. The campaign ended on 29 August with an impressive result of $4 882 784.

“I’m even a little glad that this will finally end, I can breathe out. We are called to continue the campaign on all sorts of IndieGoGo, but we decided to take a break and go into development more tightly, without being distracted by marketing,” wrote Zhovner in his Telegram channel.

Flipper Zero is an electronic multitool equipped with a built-in radio module for receiving and transmitting signals at frequencies of 300-928 MHz, as well as an infrared transmitter for controlling household appliances.

The creator describes the device as a universal tool that can turn into anything in the hands of experts — from remote control for a TV to a device for hacking a Wi-Fi router.

The developers said that Flipper Zero does not fall under the description of a special tool or device for the secret collection of information. The device does not have the ability to capture audio-visual information and is not disguised as household items. The factory firmware will not contain jamming, brute force, or other potentially malicious features.

Also, inside Flipper Zero there is a cyberdolphin that needs to be fed. This mascot is a reference to Johnny Mnemonic, the cult cyberpunk film.

Kickstarter's sponsors are expected to be able to receive their devices as early as February 2021. Later, the creator plans to release Flipper Zero for free sale through online stores and resellers at a price of $169.

Read more »
Technology
Amazon Drone Technology

Amazons gets FAA's approval for Drone Delivery Trails



Retail giant Amazon got the approval to deliver their products from the sky (like your package dropped straight from the skies, well the thought is good but not really); that is to say, the online retail behemoth got USA's Federal Aviation Administration approval to start trials for drone airlines for delivery.

The Federal Aviation Administration approved Amazon Prime as an "air carrier" allowing it to begin deliveries by air with their drone tech, probably with the MK27 drone released last year. These will be under a trial program. Other companies that already had this approval are Wing, the Alphabet.Inc (Google) and United Parcel Service Inc. (UPS).

In recent years, companies in retail have been evolving and developing Drone Delivery to quite an extent and have achieved major leaps. Wing and UPS both fly their products to a limited distance via drones and Amazon has stated they would start their own trials through the exact data that was not mentioned. 

During the pandemic, Amazon made extensive profits and grew exponentially and their autonomous air delivery if applied globally with success could change the way for ecommerce forever. 

"This certification is an important step forward for Prime Air and indicates the FAA's confidence in Amazon's operating and safety procedures for an autonomous drone delivery service that will one day deliver packages to our customers around the world," said David Carbon, vice president of Prime Air, in a statement. "We will continue to develop and refine our technology to fully integrate delivery drones into the airspace, and work closely with the FAA and other regulators around the world to realize our vision of 30-minute delivery." 

The FAA said it has granted the approval to support innovation and development in Drone flights. But the approval was difficult and still has some issues as FAA's regulations are for humans aboard and not sans humans. Thus the agency is planning on making a new set of regulations for Drone flights. 

But routine Drone Deliveries still have a long way to go like something like this would require some standards for flight, machine, and mechanism along with proper air traffic control and route settings without a pilot - all of which would take years to set up.
Read more »
US
Botnet Cybersecurity Elections Fake news US

A Brief Summary of The Potential Threats Revealed in Black Hat 2020 Conference


Cybersecurity experts had a lot to say about possible cybersecurity threats in the USA Black Hat Conference.


Main Highlights

US Presidential Elections
As the US awaits its presidential elections, cybersecurity has become a significant issue. In the conference, experts came out with various solutions to election-related cybersecurity threats that might arise during the campaigning and offered new ideas to strengthen the infrastructure.

 Exploits and Vulnerabilities 
Cybersecurity expert Matt Vixey presented research on cybersecurity exploits. The main idea is that cyberattacks can only be prevented if there's a proper system involved; in other words, a plan-of-action. Here, the 'Human factor' risk is involved, and the hackers attack it.

DNS Attacks 
In recent times, DNS encryptions and its security have come into question. Hackers have come with a new way to breach the encryption; the technique is known as DOH (DNS-over-HTTPS). The key speaker for the topic was Mr. Eldridge Alexander, Cisco's Duo Labs, Security Research, and Development manager.

Cyberthreats and COVID-19 
The COVID-19 pandemic saw a surge in cybersecurity threats. With people working from home, hackers saw new targets that were easy to attack. Keeping this particular issue in mind, Shyam Sundar Ramaswami presented several ways to identify pandemic based malware or malspam, including a rapid statics analysis approach.

A world without passwords 
Imagine a world with no passwords, a world where all the systems are integrated with a unique authorization model. Wolfgang Goerlich and Chris Demundo presented their 'Zero Trust' theory, where systems would not need to require passwords, making a secure cyber world.

Possible Threats

  • Influence Campaigns- Misuse of social media platforms to disseminate fake news and misinformation has become a critical problem, especially during the election campaigns. 
  • According to James Pevur, satellite communications are open to surveillance and monitoring. Hackers can easily bug communication using a few sophisticated gadgets. 
  • Botnets- Hackers can use high watt devices and turn them into Botnets, attacking energy campaigns. 
  • Experts say that open source tools can be used by hackers to create fake websites or channels that look the same as the original. It can allow the influence of public opinion.
Read more »
Ransom
Cyber Security Data Breach Hackers Ransom

Paytm Mall Suffers Data Breach, Hackers Demanded Ransom


Paytm has allegedly suffered a huge data breach after a hacker group targeted the company's PayTM Mall database and demanded a ransom in return for the data. 
The hacker group, dubbed as 'John Wick' and has been known for hacking the database of companies under the pretense of helping them fix bugs in their frameworks. 

Global cyber intelligence agency Cyble stated that the John Wick hacker group had 'unhindered' access to Paytm Mall's whole production database through indirect access, which potentially influences all accounts and related info at Paytm Mall.

An official update Cyble states, “According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hacker's demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid..” 

The volume of info breached is presently unknown however, Cyble claims that attackers have made demands for 10 ETH, which is equivalent to USD 4,000. 

Paytm Mall spokesperson comments, "We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies." 

Nonetheless, 'John Wick' is known to have been broken into numerous Indian companies and collected ransom from different Indian organizations including OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through different aliases, like 'South Korea' and 'HCKINDIA'.

Read more »
North Korean Hackers
ATM Hacking Bank fraud Bank Hacking Cyberfraud North Korean Hackers

United States Issues Alert on North Korean Threat Actors Finding Better Ways to Rob Banks


The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command issued a joint warning on August 26th, alerting that North Korean hackers have reopened their campaign of targeting banks across the globe by making fraudulent transactions and ATM cash-outs.

The threat actors have made a systematic effort to attack financial institutions worldwide. They employ bold methods that do not guarantee a 100% success rate. However, these North Korean hackers have manipulated the ways in which some of the largest financial institutions interact with the international banking system. They dupe components of the system into making their hackers seem to be legitimate users; it allows them to transfer tens of millions of dollars into their accounts.

As these hackers continually intruded into bank transaction records and log files, financial institutions were prompted to release security alerts and necessary upgrades to counter and hence limit the threat. In haste to acquire valuable user data for ransom, these hackers have tampered hundreds of thousands of machines across the globe.

Notably, the attackers derived value from their failures and have amended their modus operandi in order to be more effective in their operations and fraudulent campaigns which can be seen in the $81 dollar theft from a Bangladeshi bank carried out by them in 2016. Other instances of their most profitable operations include attacking 30 countries in one single incident of fraudulent ATM cash-outs.

The alert came up with an “overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, a short profile of the group responsible for this activity, in-depth technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector.”

These attackers’ “international robbery scheme” poses a “severe operational risk” for individual banks beyond reputational harm and financial losses. A robbery directed at one bank may implicate multiple banks “in both the theft and the flow of illicit funds back to North Korea,” as per the alert.

They “initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors,” the alert states, cautioning that this suggests the hackers “are exploring upstream opportunities in the payments ecosystem.” The alert further warned.
Read more »
Russian Federation
Bashkortostan Cyber Security Cyber Security News Russia Russian Cyber Security Russian Federation

The Ministry of Internal Affairs of Bashkortostan intends to cooperate with white hackers to reduce cyber crime

The Ministry of Internal Affairs of Bashkortostan is ready to cooperate with white hackers and programmers to solve Internet crimes together with them. Law enforcement agencies want to attract volunteers-experts from among students-programmers to solve cybercrimes.

According to Major General of Justice, Deputy Minister, Head of the Main Investigation Department of the Ministry of Internal Affairs of the Republic of Bashkortostan Oleg Oleinik, the regional department of the Ministry of Internal Affairs is working together with the Regional Center of the Volunteer Movement and the police already have experience in cooperation with young programmers.

Recall that in the last two years, the number of cybercrimes in Bashkortostan has grown by almost 2.5 times: if in 2018, 2,500 cybercrimes were recorded, in 2019 – 6,300, then in the seven months of 2020, 6,500 cases have already been opened. Fraudsters use social engineering methods and debit money from cards of victims without any special technical means.

The Bashkortostan police said that they are ready to cooperate with IT companies that are also interested in eliminating cyber fraud. 

The interim head of the Department for Disclosure of General Criminal Frauds and Theft Committed Using Information and Telecommunication Technologies of the Criminal Investigation Department of the Ministry of Internal Affairs Marat Guzairov said that the crime is especially developed in the DarkNet, where databases are uploaded, weapons, drugs are sold, and pornography is distributed. Violation of the law occurs with the help of messengers, as well as resources blocked by Roskomnadzor, which can be accessed using certain programs.

According to the police, many young people are aware of this and could transfer their knowledge to law enforcement agencies.


Read more »
Tesla
malware Ransomware attack Tesla

How a loyal employee saved Tesla from a Russian 1 million malware attack


As Justin Richards said, "heroes can be found in the most unlikely places. Perhaps we all have it within us to do great things...", this tale of extortion, bribing, and planned attack brings out how a loyal employee saved Tesla from a 1 million malware attack.



In early August, an employee of Tesla was offered 1 million dollars to place an inside threat- a malware in Tesla's Newada factory; a conspiracy had it been successful could have cost the company millions. 

According to the US Justice Department indictment Egor Igorevich Kriuchkov, a 27-year-old Russian came to the United States in July and started messaging an employee of the sustainable technology company whom he had met years earlier. The employee, a Russian emigrant, and Kriuchkov met at a Reno area bar, and that's where the idea for infiltrating Tesla's network was first pitched to the employee. He would get $500,000 to open a malicious email or 1 million cash or Bitcoin for the incursion of malicious files via USB. 

 The employee though reported the miscreant to the company and soon the US Federal Bureau of Investigation got involved. The Investigation department and our unnamed employee worked out undercover to discover Kriuchkov's whole scheme where an inside threat would infiltrate the whole network with ransomware and if Tesla didn't pay the ransom- their data would be publicly released on the Internet.

 The conspirator Egor Igorevich Kriuchkov was arrested on 22 August, driving from Reno to Los Angeles where he was to catch a flight to flee the country, subsequently, after the arrest, he was presented to the court on Monday. Two other suspected conspirators have been identified as Kisa and Pasha (nicknames).

 Elon Musk, tweeted Thursday night "This is a serious attack", in response to Tesla's blog post. The attacker did confess that his gang has been working on similar attacks on other companies but the plan on Tesla could have been for more than money; it could have been a plan to obtain the high-end sustainable tech, manufacturing, and chemistry. The attack has not yet been revealed to be tied to the Russian Government.
Read more »
Subscribe to: Comments (Atom)