Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Telecom
Credential Phishing Dark Web Data Breach Finance Healthcare Malicious actor Ransomware Attacks. Stock market Telecom

Dark Web: 31,000 FTSE 100 Logins

 

With unveiling the detection of tens of thousands of business credentials on the dark web, security experts warn the UK's largest companies that they could unintentionally be exposed to significant vulnerability. Outpost24 trawled cybercrime sites for the compromised credentials, discovering 31,135 usernames and passwords related to FTSE 100 companies using its threat monitoring platform Blueliv.

The Financial Times Stock Exchange (FTSE) 100 Index comprises the top 100 companies on the London Stock Exchange in terms of market capitalization. Across several industry verticals, these businesses reflect some of the most powerful and lucrative businesses on the market. 

The following are among the key findings from the study on stolen and leaked credentials: 

  • Around three-quarters (75%) of these credentials were obtained by traditional data breaches, while a quarter was gained through personally targeted malware infections. 
  • The vast majority of FTSE 100 firms (81%) had at least one credential hacked and published on the dark web, and nearly half of FTSE 100 businesses (42%) have more than 500 hacked credentials. 
  • Since last year, there were 31,135 hacked and leaked credentials for FTSE 100 organizations, with 38 of them being exposed on the dark web. 
  • Up to 20% of credentials are lost due to malware infections and identity thieves.
  • 11% disclosed in the last three months (21 in the last six months, and 68% for more than a year) Over 60% of stolen credentials come from three industries: IT/Telecom (23%), Energy & Utility (22%), and Finance (21%). 
  • With the largest total number (7,303) and average stolen credentials per company (730), the IT/Telecoms industry is the most in danger. They are the most afflicted by malware infection and have the most stolen credentials disclosed in the last three months.
  • Healthcare has the biggest amount of stolen credentials per organization (485) due to data breaches, as they have become increasingly targeted by cybercriminals since the pandemic started. 

"Malicious actors could use such logins to get covert network access as part of "big-game hunting" ransomware assault. Once an unauthorized third party or initial access broker obtains user logins and passwords, they can either sell the credentials on the dark web to an aspiring hacker or use them to compromise an organization's network by bypassing security protocols and progressing laterally to steal critical data and cause disruption," Victor Acin, labs manager at Outpost24 company Blueliv, explained.
Read more »
Scammers
Bitcoins Cryptocurrency Fraud Cyber Fraud Frappo Hackers phishing Scam Scammers

Welcome “Frappo”: Resecurity Discovered a New Phishing-as-a-Service

 

The Resecurity HUNTER squad discovered "Frappo," a new underground service available on the Dark Web. "Frappo" is a Phishing-as-a-Service platform that allows fraudsters to host and develop high-quality phishing websites that imitate significant online banking, e-commerce, prominent stores, and online services in order to steal client information. 

Cybercriminals created the platform in order to use spam campaigns to spread professional phishing information. "Frappo" is widely advertised on the Dark Web and on Telegram, where it has a group of over 1,965 members where hackers discuss their success in targeting users of various online sites. The service first appeared on the Dark Web on March 22, 2021, and has been substantially updated. The most recent version of the service was registered on May 1, 2022. 

"Frappo" allows attackers to operate with stolen material in an anonymous and encrypted manner. It offers anonymous billing, technical assistance, upgrades, and a dashboard for tracking acquired credentials. "Frappo" was created as an anonymous cryptocurrency wallet based on a Metamask fork. It is totally anonymous and does not require a threat actor to create an account. 

Amazon, Uber, Netflix, Bank of Montreal (BMO), Royal Bank of Canada (RBC), CIBC, TD Bank, Desjardins, Wells Fargo, Citizens, Citi, and Bank of America are among the financial institutions (FIs) for which the service creates phishing pages. The authors of "Frappo" offer hackers a variety of payment options based on the length of their subscription.  "Frappo," works like SaaS-based services and platforms for legitimate enterprises, enabling hackers to reduce the cost of developing phishing kits and deploy them on a larger scale. Notably, the phishing page deployment procedure is totally automated, since "Frappo" uses a pre-configured Docker container and a secure route to gather compromised credentials through API. 

Once "Frappo" is properly configured, statistical data such as how many victims opened the phishing page, accessed authorisation and input credentials, uptime, and the server status will be collected and visualised. Compromised credentials will appear in the "Logs" area alongside further information about each victim, such as IP address, User-Agent, Username, Password, and so forth. The phishing pages (or "phishlets") that have been discovered are of high quality and include interactive scenarios that fool victims into providing authorization credentials. 

Threat actors have successfully leveraged services like "Frappo" for account takeover, business email compromise, and payment and identity data theft. Cybercriminals use sophisticated tools and methods to assault consumers all over the world. Digital identity protection has become one of the top objectives for online safety, and as a result, a new digital battleground emerges, with threat actors looking for stolen data.

Christian Lees, Chief Technology Officer (CTO) of Resecurity, Inc. stated, “Resecurity is committed to protecting consumers and enterprises all over the globe, and is actively involved in public-private partnerships to share actionable cyber threat intelligence (CTI) with financial institutions, technology companies and law enforcement to ultimately minimize the risk of credentials being compromised and data breaches being executed.”
Read more »
Twitter
Blockchain Security Crypto heist Data Breach DeFi DNS Flaw Exchange Server Twitter

MM.Finance, a DeFi platform, Had More Than $2 Million Stolen

 

In a Domain Name System (DNS) attack, hackers decided to retrieve $2 million worth of digital assets, as per MM.Finance. It is a DeFi ecosystem with the largest decentralized exchange on the Cronos blockchain. 

Hackers target the reliability or integrity of a network's DNS service in these attacks. The attacker could "inject a malicious contract address into the frontend code," as per the team behind MM.Finance, which bills itself as the world's largest decentralized finance ecosystem on the Cronos blockchain. "Attacker changed the network contract address in our hosted files via a DNS vulnerability." In a Medium post-mortem, the business claimed, "We understand that some of you have suffered considerable sums and are filled with anxieties and despair." 

After completing swaps or adding and deleting liquidity on the MM.Finance site starting on May 4, users lost money. "The malicious router kicked in and the LPs were withdrawn to the attacker's address when victims navigated to mm. finance to remove liquidity," the company revealed. MM.Finance has offered the attacker 48 hours to refund 90% of the stolen funds, warning that if the deadline is not met, it will notify the FBI. 

The attacker made off with more than $2 million in cryptocurrencies before laundering it all through Tornado Cash, a service that allows users to hide the source of their payments. The company is forming a compensation fund for anyone affected, and the platform's creators have stated that they will forego its part of trading revenue to pay the losses. The reward pool will be open for 45 days, with a procedure in place to reimburse individuals that participate. 

The company said it linked the seized assets to the OKX exchange in follow-up postings on Twitter, threatening to contact the FBI if the funds were not restored. OKX's CEO stated that the company is looking into the matter. According to DeFi Llama data, liquidity is still strong, with $804 million in total worth locked up (TVL).
Read more »
US Government
Cyber Attacks Peru Ransomware attack security threat US Government

Multiple Organizations Targeted by Conti Ransomware Worldwide

 

The Conti ransomware gang is wreaking havoc with its assaults around the globe. The latest victim is the Peru MOF – Dirección General de Inteligencia (DIGIMIN), the premier intelligence agency in Peru. 

The ransomware group claimed to have stolen 9.41 GB of data from the agency responsible for national, military, and police intelligence, as well as counterintelligence. Targeting intelligence agency could lead to the disclosure of secret and confidential documents and pose a threat to national security. 

Last week, the US Department of State offered a reward of up to $15 million for information on the threat actor. The reward includes $10 million for the identification or the location of the leaders of the Conti ransomware gang. 

Additionally, $5 million is offered for information that results in the arrest /or conviction of any individual in any country conspiring to participate in or attempting to participate in a Conti variant ransomware incident. The reward is offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP).

"The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years," the statement read. "The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti ransomware variant the costliest strain of ransomware ever documented." 

Costa Rica President Rodrigo Chaves declared a national cybersecurity emergency over the weekend, following a financially motivated Conti ransomware attack against his administration that has paralyzed the government and economy of the Latin American nation. Shortly after the incident occurred in April, the former President Carlos Alvarado publicly declined to pay a $10 million ransom demand. In turn, Conti has published nearly all of the 672 GB of data stolen from the government. 

After targeting the Costa Rican government, the ransomware group posted a message on their news site that the assault was merely a “demo version.” The group also said the attack was solely motivated by financial gain as well as expressed general political disgust, another signal of more government-directed attacks. 

The assaults by the Conti ransomware group are really concerning and even forced a nation to declare a national emergency. Thus, security experts recommended organizations invest in robust preventive strategies, including anti-ransomware solutions, frequent backups of data, network firewalls, and email gateways.
Read more »
Russian Hackers
Caramel Corp Credit Card Fraud Cyber Fraud E-Commerce Financial Fraud Russian Hackers

Caramel Credit Card Theft is Proliferating Day by Day

 

A credit card stealing service is gaining traction, providing a simple and automated option for low-skilled threat actors to enter the sphere of financial fraud. Credit card skimmers are malicious scripts that are put into compromised e-commerce websites and wait patiently for customers to make a purchase. 

Following a purchase, these malicious scripts capture credit card information and transport it to remote sites, where threat actors can collect it. Threat actors then use these cards to make online purchases for themselves or sell the credit card information to other threat actors on dark web markets for as little as a few dollars. Domain Tools found the new service, which claims that it is run by a Russian criminal outfit called "CaramelCorp." 

Subscribers receive a skimmer script, deployment instructions, and a campaign management panel, which includes everything a threat actor needs to start their own credit card stealing campaign. Caramel only sells to Russian-speaking threat actors after a first verification procedure that weeds out individuals who use machine translation or are new to the sector. 

A lifetime subscription costs $2,000, which isn't cheap for aspiring threat actors, but it includes complete customer service, code upgrades, and growing anti-detection methods for Russian-speaking hackers. 

The "setInterval()" technique, which exfiltrates data between preset periods, is used to acquire credit card data. While it may not appear to be an efficient strategy, it can be used to collect information from abandoned carts and completed purchases. Finally, the campaigns are managed through a panel that allows the subscriber to monitor the affected e-shops, configure the gateways for obtaining stolen data, and more. 

While Caramel isn't new, and neither are skimming campaigns. In December 2020, Bleeping Computer discovered the first dark web posts offering the kit for sale. Caramel has grown in popularity in the underground scene thanks to continued development and advertising. The existence of Caramel and other similar skimming services lowers the technical barrier to starting up and managing large-scale card skimming campaigns, potentially increasing the prevalence of skimmer operations. 

One can defend themself from credit card skimmers as an e-commerce platform user by utilising one-time private cards, putting up charging limitations and prohibitions, or just using online payment methods instead of cards.
Read more »
South Korea
CCDCOE Cyber defense Cyber Security NATO South Korea

South Korea Joins NATO's Cyber Research Centre, Becomes First Asian Member

South Korean intelligence agency on Thursday said that South Korea has joined a cyber defense group under NATO (North Atlantic Treaty Organization), becoming its first Asian member community. ZDNet reports "South Korea had suffered numerous cyberattacks in the past with targets ranging from state-run nuclear research institutes to cryptocurrency companies, most of which were allegedly committed by North Korean hacking groups." 

According to National Intelligence Service (NIS), South Korea, along with Luxembourg and Canada, have been added to the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), a think tank from Tallinn, Estonia. It supports member countries and NATO with cyber defense research, exercises, and training. CCDCOE was founded in 2008 by NATO countries, on behalf of Estonia's initiative, as a response to the country suffering intense cyberattacks done by Russia. 

With the inclusion of the three latest members, CCDCOE now has 32 members among which, 27 are sponsored members of NATO and 5 contributing members, which includes South Korea, which is not a part of NATO. NIS said that South Korea has been active since 2019 to become a member of CCDCOE to learn cyber defense expertise to safeguard the country's infrastructure backbone, and to plan out a global strategy. NIS is planning to send more staff to the center and increase the scope of joint training. Cyberattacks were making a massive impact on users and countries that need global cooperation to respond. 

South Korea will work alongside CCDCOE members to formulate a robust cyber defense system. "Even prior to becoming an official member of the center, South Korea had taken part in CCDCOE's large-scale, live-fire cyber defense exercise, Locked Shields, where thousands of experts from member nations and partners jointly defended a fictional country against simulated cyberattacks," says ZDNet.

Read more »
Tech Firm
Crypto Scam cryptocurrency Cyber Fraud Phony Websites Tech Firm

Fake Crypto Giveaways Use Elon Musk Ark Invest Video to Steal Millions of Dollars

 

Using a “double your funding” scheme, threat actors once again are luring their victims with the promise of high Bitcoin profits. Millions of dollars have been stolen with the help of fake endorsements from the prominent faces of Elon Musk, Jack Dorsey, and Cathie Wood.

The unknown fraudsters made more than $1.3 million in just a few weeks after re-streaming an edited model of an old live panel dialogue on cryptocurrency with Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest’s “The ₿ Word” convention. 

Cybersecurity analysts from cybersecurity firm McAfee have published a report on this, in which they spotted 11 fraudulent websites linked to the videos. McAfee updated the report after it was published to say that the number of these websites had elevated to 26 in just 24 hours. 

“The YouTube streams promoted several websites with a similar theme. They claim to send cryptocurrencies at twice the value received. For example, if you send 1BTC, you will receive 2BTC back,” said McAfee. 

Additionally, researchers examined the crypto wallets associated with the sites to which the victims had to send their “investment”. For example, on May 5, there were trades worth $280,000. Total damage was estimated at $1.3 million. Numbered, but there are certainly a significant number of other victims.

Bleeping Computer also uncovered about 10 YouTube channels reposting the manipulated discussion. The title of just about all of them included the strings Tesla, Elon Musk, Ark Invest, or a mixture of them. Interestingly, a few of these channels selling a cryptocurrency rip-off website have massive followership, between 71,000 and 1.08 million subscribers. 

In the majority of cases, the number of subscribers for these channels seems to have been artificially blown so as to add credibility to the videos promoting the scam, since they haven’t any different content material out there. 

Previously, fraudsters used different movies associated with Elon Musk, together with SpaceX launches or Tesla movies, to efficiently promote pretend giveaways and earn hundreds of thousands of dollars.

In 2020, Brad Garlinghouse, CEO of financial tech firm Ripple filed a lawsuit against YouTube for failing to remove fake videos featuring his name. Last March, he ended up settling with the tech giant. YouTube claimed that it wasn’t responsible for the content third parties published on its platform.
Read more »
Ukrainians
cyber attack Cyber Attacks Cyber Threats DDOS Attack Russian Ukrainians

Ukrainians DDoS Russian Vodka Supply Chains

 

According to the Russian news portal Vedomosti, Ukrainian cyber threat actors compromised Russia’s central alcohol distribution portal that is considered crucial for the distribution of alcoholic beverages in Russian regions called Unified State Automated Alcohol Accounting Information System or EGAIS.

EGAIS is a portal that plays important role in alcohol distribution in the nation. As per the law, for all alcohol producers and distributors, it is mandatory to register their shipments with EGAIS. Therefore, this attack caused extensive service blockage across Russia. 

The group hit the portal with DDoS attacks launched on May 2nd and 3rd. Through the DDoS or distributed denial of service attacks, the perpetrators overwhelm servers with superfluous requests in an attempt to overload systems and render some or all legitimate requests from being fulfilled. 

Also, according to the experts, sophisticated strategies have to be required against such types of attacks, as simply attempting to block a single source is insufficient. Three sites belonging to the platform have been hit by DDoS attacks. 

On May 4th, two EGAIS sites showed the error “the server stopped responding,” and the third didn’t work. The attacks took place on May 2nd and the next day system failures became more obvious about the attack. 

Wine trader Fort said that the site stopped working on May 4th, and the Union of Alcohol Producers, Igor Kosarev, and Ladoga representatives claimed the same. 

Fort further added that they had failed to upload about 70% of invoices to EGAIS due to the attack. Its supplies of wine to retail chains and restaurants in the region apparently failed to distribute on May 4 due to the incident. The outage impacted not only vodka distribution but wine companies faced disruption as well alongside purveyors of other types of alcohol. 

“Due to a large-scale failure, factories cannot accept tanks with alcohol, and customers, stores, and distributors cannot receive finished products that have already been delivered to them,” Vedomosti reported.

Ukrainian threat actors group, the Disbalancer took responsibility for the attack and announced their future plans to launch more attacks on the platform.
Read more »
Malicious actor
API Bug Data Breach Fake Apps Healthcare system HIPAA Malicious actor

A New Regulation Seeks to Secure Non-HIPAA Digital Health Apps

 

A guideline designed and distributed by several healthcare stakeholder groups strives to secure digital health technologies and mobile health apps, the overwhelming majority of which fall outside of HIPAA regulation. 

The Digital Health Assessment Framework was launched on May 2 by the American College of Physicians, the American Telemedicine Association, and the Organization for the Review of Care and Health Applications. The methodology intends to examine the use of digital health technologies while assisting healthcare leaders and patients in assessing the factors about which online health tools to employ. Covered entities must also adopt necessary administrative, physical, and technical protections to preserve the confidentiality, integrity, and availability of electronically protected health information, according to the Health Insurance Portability and Accountability Act Rules. 

Healthcare data security was never more critical, with cyberattacks on healthcare businesses on the rise and hackers creating extremely complex tools and tactics to attack healthcare firms. Before HIPAA, the healthcare field lacked a universally agreed set of security standards or broad obligations for protecting patient information. At the same time, new technologies were advancing, and the healthcare industry began to rely more heavily on electronic information systems to pay claims, answer eligibility issues, give health information, and perform a variety of other administrative and clinical duties. 

Furthermore, the Office for Civil Rights at the Department of Health and Human Services has enhanced HIPAA Rule enforcement, and settlements with covered businesses for HIPAA Rule violations are being reached at a faster rate than ever before. 

"Digital health technologies can provide safe, effective, and interacting access to personalized health and assistance, as well as more convenient care, improve patient-staff satisfaction and achieve better clinical outcomes," said Ann Mond Johnson, ATA CEO, in a statement. "Our goal is to provide faith that the health and wellness devices reviewed in this framework meet quality, privacy, and clinical assurance criteria in the United States," she added. 

Several health apps share personal information with third parties, leaving them prone to hacks. Over 86 million people in the US use a health or fitness app, which is praised for assisting patients in managing health outside of the doctor's office. HIPAA does not apply to any health app which is not advised for use by a healthcare provider. 

The problem is that the evidence strongly suggests the app developers engage in some less-than-transparent methods to compromise patient privacy. Focusing on a cross-sectional assessment of the top tier apps for depression and smoking cessation in the US and Australia, a study published in JAMA in April 2019 found that the majority of health apps share data to third parties, but only a couple disclosed the practice to consumers in one‘s privacy policies. 

Only 16 of the evaluated applications mentioned the additional uses for data sharing, despite the fact that the majority of the apps were forthright about the primary use of its data. 

According to the aforementioned study, nearly half of the apps sent data to a third party yet didn't have a privacy policy. But in more than 80% of cases, data was shared with Google and Facebook for marketing purposes. 

Another study published in the British Medical Journal in March 2019 discovered that the majority of the top 24 health education Android applications in the USA linked user data without explicitly informing users. In 2021, a study conducted by Knight Ink and Approov found that the 30 most popular mHealth apps are highly vulnerable to API hacks, which might result in the exploitation of health data. Only a few app developers were found in violation of the Federal Trade Commission's health breach rule. 

The guideline from ACP, ATA, and ORCHA aims to help the healthcare industry better comprehend product safety. "There has been no clear means to establish if a product is safe to use in a field of 365,000 goods, where the great majority fall outside of existing standards, such as medical device regulations, federal laws, and government counsel," as per the announcement. 

The implementation of digital health, covering condition management, clinical risk assessment, and decision assistance, is hampered by a lack of direction. The guide is a crucial step in identifying and developing digital health technologies which deliver benefits while protecting patient safety, according to ACP President Ryan D. Mire, MD. The guidelines were developed using the clinical expertise of ACP and ATA members, along with ORCHA's app assessment experience.

ACP also launched a pilot test of digital health solutions that were evaluated against the new framework in conjunction with the new framework. Mire hopes that the trial will assist providers to identify the most effective features for recommending high-value digital health technologies to patients and identify potential impediments to extensive digital health adoption.
Read more »
threats
BCSC Cyber Security Developers FBI Malicious Apps Security Security and Safety threats

NCSC Warns Of Threats Posed By Malicious Apps

 

A new report by the UK's National Cyber Security Centre (NCSC) has alerted of the threats posed by malicious applications. While most people are familiar with apps downloaded to smartphones, they are also available on everything from smart TVs to smart speakers. 

The government is seeking input on new security and privacy guidelines for applications and app stores. Ian Levy, the NCSC's technical director, stated app stores could do more to improve security. Cybercriminals are currently exploiting vulnerabilities in app stores on all types of linked devices to cause harm,  as per Mr Levy. 

Android phone users downloaded apps containing the Triada and Escobar malware from various third-party app stores last year, according to the FBI.  "This resulted in cyber-criminals remotely taking control of people's phones and stealing their data and money by signing them up for premium subscription services," it said.

The NCSC's report noted that apps "can also be installed on laptops, computers, games consoles, wearable devices (such as smartwatches or fitness trackers), smart TVs, smart speakers (such as Alexa devices), and IoT (internet of things) devices". It includes an example of a security firm illustrating how it could construct a malicious app for a prominent fitness tracker that could be downloaded via a link that seemed legitimate because it used the company's web address. 

Spyware/stalkerware capable of stealing anything from location to personal body data was found in the app. After the security firm alerted the company, it proceeded to rectify the situation. 

 The thirst for applications grew during the pandemic, according to the NCSC research, with the UK app market currently valued at £18.6 billion ($23.2 billion). The government's proposal to ask app retailers to commit to a new code of practice outlining baseline security and privacy requirements is supported by the cyber-security centre. 

"Developers and store operators making apps available to UK users would be covered. This includes Apple, Google, Amazon, Huawei, Microsoft and Samsung," the government stated.

 A new code of practice would require retailers to set up procedures to find and repair security problems more quickly.
Read more »
Technology
New Feature New Innovation Password free Tech giants Technology

Google, Apple, Microsoft to Soon Bring Passwordless Sign-Ins for Users

 

Big tech giant companies including Apple, Google, and even Microsoft announced almost two years ago that the companies will create a passwordless future for all, thus, dismissing the need for passwords for protection and making authentication more secure. 

On the occasion of World Password Day, May 5, these tech giants encourage passwordless sign-ins in every device including mobiles, laptops, and browser platforms such as Chrome, Edge, and Safari browsers; and the Windows and macOS desktops in the coming year. 

Google's Sampath Srinivas who is in charge of the secure authentication said the "passkey will bring us much closer to the passwordless future" as tech giants seek a "common passwordless sign-in standard". 

This new standard for passwordless authentication is created by FIDO (Fast Identity Online) and the World Wide Web Consortium. Passwordless authentication will allow users to have access to their online accounts as usual but using a unique cryptographic token called a passkey will be quicker in the user's sign-in authentication and allow a person to log in without a password. 

Apple Senior Director of platform product marketing Kurt Knight said, "Just as we design our products to be intuitive and capable, we also design them to be private and secure. Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.” 

This new feature will allow apps and websites to offer easy passwordless sign-ins, and security to users across devices and platforms said apple. Also, without password log-ins is expected to be a much safer way, considering that passwords are more prone to malicious activities. Plus, maintaining and remembering passwords is a difficult task for many. 

Microsoft’s vice president for security, compliance, identity, and privacy, Vasu Jakkal, said that "With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running. For example, users can sign in on a Google Chrome browser that’s running on Microsoft Windows—using a passkey on an Apple device.”
Read more »
Subscribe to: Comments (Atom)