Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

ZOO
Bumblebee Malware Cyberattacks Cybersecurity DLL Google Malicious program malware ZOO

Google Delivers Bumblebee Malware

 


A malware campaign has recently been detected that uses Google ads and SEO poisoning to spread malware. The malware that attacks corporate users is dubbed Bumblebee. It was discovered that Bumblebee, a malware targeted at enterprise users, is distributed via marketing channels like Google Adwords and SEO poisoning that promote popular software applications such as Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. BazarLoader's backdoor is intended to be replaced by this malware. 

A tool called BazarLoader assists users in connecting to networks and gaining access to them. Several leading security organizations have stated that it is often the cause of ransomware attacks. 

It is a constant challenge to stay ahead of the new threats that emerge in cybersecurity regularly. BumbleBee malware is used by ransomware gangs as a tool to gain initial access to networks and carry out attacks. An attempt was made by the Conti team to replace the BazarLoader backdoor with this malware, which was discovered in April 2022, but the backdoor has since been removed. 

There was a recent discovery of a dangerous version of BumbleBee malware. As part of the attack chain, PowerSploit was used to inject reflective DLLs into memory, which was a sneaky and dangerous technique. By doing this, existing antivirus products are not able to detect malware when it is loaded into memory, which makes detection and prevention harder, resulting in malware being able to stay undetected.

A malicious program often comes packaged as an ISO file, which contains a DLL that has a custom loader inside it, bundled inside an ISO file. The malware was dubbed BUMBLEBEE due to its proprietary user agent "Bumblebee," resulting in its unique name. BumbleBee was observed fetching Cobalt Strike Payloads at the time of analysis by Google's Threat Analysis Group (TAG). 

In an ongoing campaign found by Secureworks, researchers there have discovered trojanized versions of popular apps that are being distributed through Google ads to unsuspecting victims who are being infected with the BumbleBee malicious software. These advertisements advertise Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. Using bogus downloads pages, they prompt users to download a Trojanized version of the software after redirecting them to a bogus download page on the internet. 

Google Ads Distribute Malware

In addition, the researchers discovered that a Google advertisement campaign would be used for an upcoming campaign. It has become common practice to use Trojanized versions of popular apps to promote malware loaders to unsuspecting victims through these advertisements. This campaign consisted of a Google advertisement promoting a fake Cisco AnyConnect Secure Mobility Client download page that was marketed by a Google advertisement. 

The page was created on February 16, 2023, under an "appcisco[.]com" domain and hosted on that server. Through this malicious advertisement on Google, the user was taken to an incorrect download page accessed via a compromised WordPress site. There was a fake landing page on the web that promoted an MSI installer that was entitled “cisco-anyconnect-4_9_0195.msi” that installs the malware BumbleBee. 

It is imperative to recognize the risks posed by such campaigns and take appropriate measures to secure the systems and networks affected by them. To detect and prevent such attacks, companies must ensure robust security measures are in place. You must remain vigilant and trained in cybersecurity best practices to protect yourself against these sophisticated attacks.

A cyberattack on Eurocontrol, the European air traffic control organization, did not end at the end of the weekend, as the effects continued until today. According to a report in the Wall Street Journal, the disruptions caused by Russia's KillNet networks did not disrupt flights.      
Read more »
Wire Transfer
Cyber Fraud Cyberscams Data Safety Fake news Sophisticated Assaults User Privacy User Security Wire Transfer

Be Wary Because Cybercriminals Are Getting More Ingenious

 

In the media, misinformation is regularly discussed, primarily in relation to politics and is often used interchangeably with fake news. Even though these are major problems, a greater and more direct threat is frequently disregarded: how cybercriminals utilise false information to steal from businesses and people. 

The dictionary defines disinformation as "false or inaccurate information, especially that which is deliberately intended to deceive." But when mixed with a lot of exact and genuine information, particularly information that only a select few are aware of, misinformation can be highly persuasive and deceitful. Criminals can use real information stolen through cyberattacks, along with a little bit of deception, to have a significant financial impact on both businesses and people. 

Using wire transfers for profit 

Most of us have heard of fraud schemes that target credit card information. Most of the time, erroneous credit card charges may be disputed or reversed, preventing you from eventually losing any money. However, there is a significant distinction with wire transfers: they are frequently immediate and irreversible. In other words, if a wire transfer is used, the money is lost, especially if the fraud is not found right away. This functionality has been used by cybercriminals in a number of ways. 

One example is when crooks get access to a company's computer systems and spend time reading emails and understanding internal procedures. The fraudsters discover who is authorised to provide wire transfer orders to the financial office and what the procedures are. They then pose as these officials one by one for several days, issuing wire transfer orders, some for more than $500,000, to the criminal's accounts. When one organisation the author spoke with realised this costly problem, protocols were put in place to require proof that such wire transfers were indeed requested by authorised individuals. This entailed connecting directly with the authorised individual over the phone and checking the transaction's details. 

Unfortunately, such sensible processes are frequently implemented only after a crime has already occurred. Wire fraud can cost individuals as well as organisations money. Executive home buyers are popular demographics. A critical step in most home buying transactions is the wire transfer of a substantial sum of money to a title or escrow company, which holds the funds until the title to the property is transferred to the new owner, and then — and only then — the escrow company transfers those funds to the home seller. 

Criminals take advantage of these circumstances by following a multi-step process. First, they gain access to the computer systems of the real estate agent, attorney, or title agent. They could spend weeks or even months researching impending closings, company procedures, and minutiae such as wire transfer instructions samples. Because last-minute issues can occur, property purchasers are frequently advised to make the wire transfer a day or two in advance. 

Since the title corporation generally gives the instructions one day ahead of time, cyber thieves will send the instructions two days ahead of time. Because they are based on the real instructions, these instructions look to be from the title firm, but the destination information has been changed. They have buried a small amount of false information among a large amount of accurate material. This method has been used to steal hundreds of millions of dollars in a single year. According to FBI data, more than 13,000 people were actually the victims of wire fraud in the real estate and rental industry in 2020, resulting in losses of more than $213 million, a 380% rise from 2017. 

After making numerous anxious calls, you finally learn that your money was taken, leaving you penniless and homeless. There are a number of actions that both individuals and businesses can take to lower the risk of cybercrime with wire transfers. Before sending money, you should always call the person who is supposed to receive it to confirm the wire transfer instructions. The criminals may have included a fake phone number in the instructions you received, so make sure you can confirm that you are actually speaking to the right person. To do this, always check the correct number in advance using an official website or by speaking directly to a known source who can confirm the correct information. 

A scenario where you sold your old house and utilised the proceeds, along with your savings, to purchase a newer, better house in a different city is possible. The day after you move into your new home, you might be halfway to the new city in your automobile when your real estate agent calls to inquire about the status of your down payment. 

Stealing paychecks 

Many businesses offer systems that enable employees to update and retain their personal data, including their home address, phone number, and banking information for direct deposit of their paychecks on a monthly basis. Some highly paid employees' accounts were compromised by criminals, who changed the bank information the day before the payment was scheduled to be made. So that nothing would be observed as being out of the ordinary, they updated the bank details back to normal the following day. They carried on with this plan for a few months before an executive realised the scheduled monthly payments had not reached his bank after receiving a notification of insufficient funds on a cheque. This shows how crucial it is to monitor your bank account frequently enough to spot odd or fraudulent behaviour, especially to make sure that expected deposits are being made. 

Boss scam 

The typical hoax, in which the CEO of the business requests that the CFO deliver money somewhere, is one that most of us have heard of. You could think that since you aren't a CEO, these frauds don't apply to you, but that isn't the case. One variation of this scam, which is particularly prevalent on college campuses, involves staff members receiving what looks to be an email from a higher ups, usually the department head. One example of a narrative presented to a staff person is, "I just realised that I am going to my nephew's birthday party tonight and I'm in meetings all day, so I won't have time to get a gift. 

Could you please do me the courtesy of purchasing a $100 gift card and emailing me the numbers on the back? One victim bemoaned, "It was not just coming from one of my colleagues; it came in the name of my department chair." Eight out of ten faculty members in one department fell for the con, according to a story I've heard. It is crucial to confirm once more that your supervisor is the true sender of the communication. 

Bottom line

All of this is to say that while fake news and other forms of disinformation are a problem, having a lot of reliable data combined with even a small amount of misinformation can have catastrophic results. These are but a few current instances. As mentioned, there are steps that can be taken to prevent such crimes, or at the very least significantly lower their frequency, but they must be implemented before the crime occurs. 

However, keep in mind that cybercriminals are extraordinarily inventive and frequently equipped with a wealth of personal data. It is crucial to stay informed about new schemes, to exercise caution, and to build your defences because more dangerous plots could be on our way.
Read more »
Phishing Attack
Cookies Dark Web Data Breach FBI Malicious Software NCA Phishing Attack

Operation Cookie Monster Shuts Down a Global Dark Web Marketplace



A multinational coalition of 17 law enforcement agencies has cracked down on the largest illicit dark web market in the world in an extensive operation dubbed Operation Cookie Monster. Thousands of stolen identities and online login passwords that were being sold on the marketplace were found thanks to this international investigation. The FBI and Dutch National Police-led operation has significantly hindered global efforts to combat cybercrime.

The platform in question was Genesis Market, founded in 2018, which harvested data from malicious software deployed by hackers into computer networks. It advertised and sold stolen data such as usernames, passwords, bank account details, and device fingerprints like computer and mobile phone identifiers. According to law enforcement agencies, the site had offered over 80 million account access credentials from more than 1.5 million compromised computers worldwide since its inception, including thousands of credentials stolen from over 460,000 devices that were advertised for sale when it was taken offline.

Rob Jones, Director General and Threat Leadership of Britain’s National Crime Agency (NCA) stated, "Behind every cybercriminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending. Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market.” 

The operation seized not only stolen identities but also browser fingerprints which can be used for identity theft. Louise Ferrett, an analyst at British cybersecurity firm Searchlight Cyber said that these browser fingerprints are harvested from computers infected with malicious software.

Europol’s Head of the European Cybercrime Centre Edvardas Å ileris said, "Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers.” 

The importance of this operation cannot be understated – it has set a valuable precedent for international cooperation in cybercrime-fighting initiatives. In addition to tracking down those responsible for malicious software deployment and identity theft activities on this platform, police have also taken measures to prevent future occurrences with preventative activity such as searches and arrests. 

While Operation Cookie Monster may have been successful in taking down one marketplace selling stolen identities, it is essential to remain vigilant against other forms of cybercrime that are still out there – such as hacking and phishing attacks – in order to ensure secure online transactions and prevent identity theft in the future.


Read more »
Router vulnerability
Corporate Routers Data Breach Data Leak Data Sale Network Loopholes Router vulnerability

Data on Resold Corporate Routers can be Used by Hackers to Access Networks

 

Enterprise-level network equipment available on the black market conceals important information that hackers could use to infiltrate company networks or steal consumer data. 

Researchers examined a number of used corporate-grade routers and discovered that the majority of them had been incorrectly decommissioned and then sold online. 

Selling core routers 

Eighteen secondhand core routers were purchased by researchers at cybersecurity company ESET, who discovered that on more than half of those that operated as intended, it was still possible to obtain the full configuration data. 

All other network devices are connected via core routers, which act as the foundation of a big network. They are built to forward IP packets at the greatest rates and handle a variety of data transmission interfaces. 

When the ESET research team initially purchased a few secondhand routers to create a test environment, they discovered that they had not been completely wiped and still included network configuration data as well as information that might be used to identify the former owners.

Four Cisco (ASA 5500) devices, three Fortinet (Fortigate series) devices, and eleven Juniper Networks (SRX Series Services Gateway) devices were among the hardware items purchased. 

Cameron Camp and Tony Anscombe claim in a report from earlier this week that two devices were mirror images of one other and were treated as one in the evaluation results while one device was dead on arrival and excluded from the tests. 

Only two of the 16 remaining devices had been toughened, making some of the data more difficult to access. Only five of the remaining 16 devices had been properly deleted. 

The majority of them, however, allowed access to the whole configuration data, which contains a wealth of information about the owner, how they configured the network, and the relationships between various systems. 

The administrator of corporate network devices must issue a few commands to safely wipe the settings and reset the device. In the absence of this, routers can be started in recovery mode, which enables configuration verification. 

Network loopholes 

The researchers claim that a few of the routers stored user data, information allowing other parties to connect to the network, and even "credentials for connecting to other networks as a trusted party." 

Additionally, the router-to-router authentication keys and hashes were present on eight out of the nine routers that provided the whole configuration data. Complete maps of private applications stored locally or online were included in the list of business secrets. Examples include SQL, Spiceworks, Salesforce, SharePoint, VMware Horizon, and Microsoft Exchange. 

“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens” - ESET researchers explained. 

According to the study, such in-depth insider knowledge is normally only available to "highly credentialed personnel" like network administrators and their managers. With this kind of knowledge at hand, an attacker might simply create an undetectable assault vector that would take them far inside the network. 

"With this level of detail, impersonating network or internal hosts would be far easier for an attacker, especially given that the devices frequently contain VPN credentials or other easily cracked authentication tokens," the researchers added. 

Numerous of them had been in managed IT provider environments, which run the networks of big businesses, according to information found in the routers. 

One device even belonged to a managed security services provider (MSSP) that managed networks for hundreds of clients across a variety of industries (such as manufacturing, banking, healthcare, and education). 

The researchers then discuss the significance of thoroughly cleaning network devices before getting rid of them in light of their findings. Companies should have policies in place for the secure disposal of their digital equipment. 

The researchers also caution against always employing a third-party service for this task. They learned that the business had utilised such a service after informing the owner of a router of their discoveries. 

The advice is to wipe the device free of any potentially sensitive data and reset it to factory default settings in accordance with the manufacturer's instructions.
Read more »
VPN
CAN attacks criminals ESET High Tech Method Privacy Stealing VPN

Vehicles Stolen Using High-Tech Methods by Criminals

 


Over the past 20 years, the number of cars stolen in the United States has been reduced by half. However, authorities are now seeing an increasing number of break-ins associated with high-tech techniques being used in these break-ins. 

There has been evidence to suggest that some employees at the Immigration and Customs Enforcement Agency (ICE) misused law enforcement databases to spy on their romantic partners, neighbors, and business partners. 

According to a new dataset obtained through records requests, hundreds of ICE employees and contractors have been under scrutiny since 2016 because they attempted to access medical, biometric, and location data without permission. There are more questions raised by the revelations about ICE's rights to protect sensitive information. 

Local intelligence agencies have found that in the current period, criminals are using sophisticated technology to target high-end luxury cars equipped with keyless entry systems and emergency starting features to commit theft. 

It was noted that the group identified three main methods criminals use to gain access to and steal vehicles with these features across the nation.

There was a video that was captured by Michael Shin of Los Angeles two years ago, where he captured the image of a man opening his car while holding just a backpack. As Shin explained, the man was not prepared to break into the car, as he had no break-in tools in his possession.  An NICB official affirmed that 35 vehicles were tested using this type of system by the NICB. As a result, 18 test cars were opened, started, and driven off by the team, with no problems at all. 

Morris said it was believed that professional criminals have discovered how to build their versions of the devices that the NICB used for its break-in tests. Morris explained that the NICB used devices supplied by a company that works closely with law enforcement on security testing for these tests. 

With criminals discovering how to hack into vehicle security systems and defeat them, car owners must be vigilant to protect their vehicles. As Morris pointed out in his statement, this is a serious reminder of the risks associated with today's cars that function as essentially "computers on wheels." 

In a recent study, ESET researchers discovered that there is a significant amount of sensitive data contained within old enterprise routers. The company purchased an old router and analyzed it, discovering it had login details for the company VPN, hashed root admin passwords, and details of the previous owner. The old routers contained login details for the company VPN and other valuable information. As a result of the information available on the router, it is easy to impersonate the company that sold it previously. Passkeys are going to take over all your passwords in the future, but a messy phase is beginning to emerge in the race to replace all your passwords with them. Getting new technologies off to a good start is among the biggest challenges in introducing them to the market. 

The fact that authorities have been puzzled by this type of break-in in the past has been a source of puzzlement for several years now but insurance investigators now believe that criminals are using key fobs - the little authentication devices you use to access newer models that are “keyless” - to start and unlock cars remotely by simply pushing a button. 

As a result of tests conducted by the research and development team, the group found that the vehicle's computer-controlled systems are being exploited by thieves carrying out highly sophisticated cyber-attacks.

It is important to note that a combination of CAN attacks, FOB relays, and key cloning attacks are among these attacks. 

  • When a CAN Attack occurs, high-tech electronic equipment is used to gain entry to the vehicle's Control Area Network and then access the computer system to start the engine using remote access software. As a result, the vehicle begins working as soon as the engine is started. 
  • By utilizing advanced receivers and transmitters aimed at remote reading the vehicle's security key, Fob Relaying is possible, allowing an attacker to unlock and begin the vehicle even if it is in the owner's possession. 
  • In the third method, a variety of sophisticated techniques and equipment are used to disable the vehicle's alarm system and then clone and steal the security key for the vehicle after the vehicle has been forced entry.
Read more »
Windows
Data Evil Extractor malware Ransowmare Safety Security Windows

This Evil Extractor Malware Steals Data from Windows Devices

 


Experts have discovered a hazardous new malware strain that is circulating the internet, stealing sensitive data from victims and, in some cases, installing ransomware as well. The malware, dubbed Evil Extractor, was found by Fortinet cybersecurity experts, who published their findings in a blog post, noting that it was produced and disseminated by a business called Kodex and was marketed as a "educational tool." 

“FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog,” the researchers said. “It usually pretends to be a legitimate file, such as an Adobe PDF or Dropbox file, but once loaded, it begins to leverage PowerShell malicious activities.” 

An environment-analysis tool and an info stealer are among the harmful actions. As a result, the malware would first check to ensure that it is not being planted in a honeypot before capturing as much sensitive data from the endpoint as possible and transferring it to the threat actor's FTP server. It is also capable of encrypting data.

The tool, known as Kodex Ransomware, downloads zzyy.zip from evilextractor[.]com, which contains 7za.exe, an executable that encrypts data using the argument "-p," which means the files are zipped with a password. 

The malware then sends a ransom note asking $1,000 in Bitcoin in exchange for the decryption key, as is customary. "Otherwise, you will be unable to access your files indefinitely," the notification states. According to reports, the malware mostly targets people in the Western world.

"We recently reviewed a version of the malware that was injected into a victim's system and, as part of that analysis, identified that most of its victims are located in Europe and America," Fortinet states.

It's not known if the operators were successful in spreading the ransomware or how many victims they impacted.
Read more »
Social Security Number
Cyber Security Data data security Investigation IRS Safety Social Security Number

The IRS is Deploying Four Investigators Across the Globe to Combat Cybercrime

 


Starting this summer, the Internal Revenue Service (IRS) intends to dispatch four cybercrime investigators to Australia, Singapore, Colombia, and Germany. These four new jobs indicate a major boost in the IRS's global efforts to combat cybercrime, such as cryptocurrency, decentralized finance, and bitcoin laundering services. 

In recent years, IRS-CI agents have played a key role in investigating crimes on the dark web as part of landmark international operations such as the shutdown of the drug and hacking services marketplace AlphaBay and the arrest of its administrator, the bust of the internet's largest child abuse website, and the takedown of a marketplace for stolen Social Security numbers, among others.

Until now, the IRS has only one cyber investigator abroad, in The Hague, Netherlands, who has been mostly working with Europol since 2021. Guy Ficco, the IRS's executive director for worldwide operations policy and IRS-CI support, initially mentioned the expansion during a panel discussion at the Chainalysis Links conference on April 4.

“Starting really now we’re going to be piloting for additional posts, putting dedicated cyber attaches in Bogota, Colombia, in Frankfurt, Germany, in Singapore, and in Sydney, Australia,” Ficco said. “I think the benefits have been — at least with the Hague and with Europol posts — have been very tangible.”

In an email, IRS spokesperson Carissa Cutrell explained that the four new positions are part of a pilot program that will run for 120 days, from June to September 2023, and are designed "to help combat the use of cryptocurrency, decentralized finance, and mixing services in international financial and tax crimes." Following the 120-day pilot program, the IRS will decide whether to keep the agents in the new countries.

“Success will hinge on the attachés’ ability to work cooperatively and train our foreign law enforcement counterparts, and build leads for criminal investigations,” Cutrell said.

According to Chris Janczewski, a special agent in the IRS-CI Cyber Crimes Unit, expanding the IRS's presence abroad is crucial to expediting foreign investigations.

“The U.S.-based case agent can’t always travel to coordinate with foreign partners on investigative needs and the cyber attaché has to act as the proxy for the case agent,” Janczewski told TechCrunch in an email. “Their expertise on knowing what questions to ask, what evidence can reasonably be obtained, and the impact of any cultural or legal implications.”

Janczewski handled the investigation of the largest dark web child abuse site, Welcome to Video. He is presently the worldwide investigations director of TRM Labs, a blockchain intelligence firm. He explained that depending on the countries with whom the IRS is dealing, there may be different legal methods to gather evidence, "but often informal information in real-time is needed in fast-moving investigations."

“In these situations, it comes down to professional relationships, knowing who to call and what to say,” he said.

Aside from the five cyber investigators, the IRS maintains 11 attaché locations around the world, including Mexico, Canada, Colombia, Panama, Barbados, China, Germany, the Netherlands, the United Kingdom, Australia, and the UAE.

“These partnerships give CI the ability to develop leads for domestic and international investigations with an international nexus. In addition, attachés provide support and direction for investigations with international issues, foreign witnesses, foreign evidence, or execution of sensitive investigative activities in collaboration with our international partners,” the IRS-CI wrote in its 2022 annual report. “Attachés also help uncover emerging schemes perpetrated by promoters, professional enablers, and financial institutions. These entities facilitate tax evasion of federal tax obligations by U.S. taxpayers, as well as other financial crimes.”

Read more »
Phishing Attacks
Artificial Intelligence Chat Bot Data Breach Malicious actor Phishing Attacks

ChatGPT: A Game-Changer or a Cybersecurity Threat

The rise of artificial intelligence and machine learning technologies has brought significant advancements in various fields. One such development is the creation of conversational AI systems like ChatGPT, which has the potential to revolutionize the way people communicate with computers. However, as with any new technology, it also poses significant risks to cybersecurity.

Several experts have raised concerns about the potential vulnerabilities of ChatGPT. In an article published in Harvard Business Review, the authors argue that ChatGPT could become a significant risk to cybersecurity as it can learn and replicate human behavior, including social engineering tactics used by cybercriminals. This makes it challenging to distinguish between a human and a bot, and thus, ChatGPT can be used to launch sophisticated phishing attacks or malware infections.

Similarly, a report by Ramaon Healthcare highlights the concerns about the security of ChatGPT systems in the healthcare industry. The report suggests that ChatGPT can be used to collect sensitive data from patients, including their medical history, which can be exploited by cybercriminals. Furthermore, ChatGPT can be used to impersonate healthcare professionals and disseminate misinformation, leading to significant harm to patients. 

Another report by Analytics Insight highlights the risks and rewards of using ChatGPT in cybersecurity. The report suggests that while ChatGPT can be used to improve security, such as identifying and responding to security incidents, it can also be exploited by cybercriminals to launch sophisticated attacks. The report suggests that ChatGPT's integration into existing security systems must be done with caution to avoid unintended consequences.

While ChatGPT has immense potential to transform the way people communicate with computers, it also poses significant risks to cybersecurity. It can be used to launch sophisticated attacks, collect sensitive information, and spread misinformation. As such, organizations must ensure that appropriate security measures are in place when deploying ChatGPT systems. This includes training users to identify and respond to potential threats, implementing strong authentication protocols, and regularly monitoring the system for any suspicious activity.

Read more »
VPN
Cyber Security Online Safety Tourist Threat User Privacy User Security VPN

Tourist Cyber Threats Exposed: Where and When to Use a Travel VPN

 

Travelling is about more than just taking in new foods, cultures, and scenic views. It's also about stepping outside of our normal comfort zones, whether this involves a protracted trip, a cramped bus ride, communication difficulties with the locals, or extreme and unusual weather. 

But in the digital world, problems can happen both online and offline. People must connect to risky public Wi-Fi networks while travelling in order to, for example, browse the internet. Even worse, some countries impose stringent limitations on what internet users can and cannot do. All of this indicates that whenever travellers use a foreign internet connection, they may be putting their digital privacy—or worse—at danger.

Travel-related internet scams could be the first thing that springs to mind when thinking about tourist cyber-traps. Tourists are one of the prime targets of criminals' aggressive phishing attempts of all stripes. 

When compared to prior fiscal years, Action Fraud, the UK's national reporting centre for fraud and cybercrime, saw a startling increase of more than 120%. This indicates that victims in the UK alone lost a total of more than £7 million. 

With aggregate scores of 15.15 percent and 20.15 percent, respectively, threat analysts at tech radar identified that China and Cuba are the most dangerous tourist destinations online. 

Perhaps unsurprisingly, China received very poor marks in the categories of censorship (1.89%) and cybersecurity (2.91%). As well as its intrusive surveillance methods, the Great Firewall is well known for severely limiting what people may do and view online. To protect your data and get around restrictions, experts advised utilising a reliable China VPN. 

Egypt, which ranks fourth overall and third worst for censorship, is another nation that, although bringing in millions of tourists each year, could quickly turn into a cyber-nightmare if the proper online security measures aren't taken. 

The United Arab Emirates has the lowest data privacy score of any nation (8.33%) when it comes to web tracking. 

To keep safe online while travelling overseas, Andreas Theodorou, TechRadar's resident expert on digital privacy, provided the following advice:

"A reliable VPN is a non-negotiable essential if you plan on using public WiFi abroad. There are so many opportunities for your information to be stolen and your device to be compromised—it's like playing Russian roulette with your digital privacy," Theodorou explained.

Estonia received a score of 91.48%, making it the country with the highest overall rating for online safety. The results for internet access and cybersecurity were very encouraging, each receiving a perfect grade. Kenya, Germany, France, Costa Rica, the United Kingdom, and Canada are among the top 10 safest nations in the world, according to scores. 

Despite ranking lower than Japan, South Africa, Hungary, and Italy and just slightly higher than South Korea, the US is one of the top 20 safest nations. Argentina, Colombia, and Singapore are also included in the top twenty. 

Privacy tips

Tourists who want to follow their favourite TV shows or sporting events while travelling might benefit greatly from VPNs. The top geo-restricted material unblockers can unblock a tonne of content from any location in the world, while some are more effective than others. 

When travelling, there are more opportunities to browse risky websites and/or download infected files, thus it is useful to always have one of the best antivirus programmes running on your laptop or smartphone. Also helpful in this situation might be a safe, tracker-free browser.

Before leaving, users should also verify the privacy settings on their devices. This entails checking that the operating system and any installed apps are both current. Since some security programmes might be prohibited in the country users are visiting, it is essential to download and install them all before leaving.
Read more »
virus
APT Cyber Attacks Cybersecurity Linux Malware malware North Korea SET SimplexTea virus

Linux Malware Set to Be Deployed by North Korean APT Group

 


There is a shred of growing evidence that North Korean actors were responsible for the 3CX software supply chain hack, as found by ESET researchers. The newly discovered piece of malware extends the evidence that a North Korean group hacked the supply chain. 

In analyzing the backdoor, researchers from cybersecurity firm Eset found that it was tied to Pyongyang's latest fake job recruitment campaign, Operation Dream Job. This campaign recruits people for Pyongyang jobs. The Eset report indicates that North Korean hackers produce and use malware that works on all major desktop operating systems, including Windows, MacOS, and Linux. 

There is no connection between Linux malware and the 3CX supply-chain attack disclosed in late March by Lazarus Group. However, ESET researchers said they were confident that the 3CX attack was conducted by this company. This is even though it does not seem related to the Linux malware. As the name suggests, this is less a distinct organization than it is an umbrella term for a variety of North Korean hacking groups, some state-sponsored, and some criminal, that work for the Hermit Kingdom, and that are based in the country. 

A Trojan attack on 3CX's source code by North Korean hackers was publicly reported in late March, revealing their source code was stolen. A research team from Mandiant reported this week that they had traced the infection source to a previous attack on Trading Technologies' software supply chain. 

Trading Technologies develops software used in financial trading. Researchers from Symantec said on Friday that they had identified two more victims of the Trading Technologies hack that occurred earlier this week. 

There was no doubt throughout this whole investigation that the 3CX case had a North Korean connection from the very start. On March 29, a CrowdStrike engineer posted a message on a Reddit thread in which he reported that this had happened. 

It has also been confirmed that a North Korean nexus was involved in the attack by a preliminary report to be presented to 3CX by Mandiant - hired to investigate the breach. As well as Syphos, Check Point, Broadcom, Trend Micro, and other security companies have also provided summaries of the events. Most of them attribute the compromise to a group aligned with North Korea, citing various reasons. 

In addition to having more than 600,000 clients, 3CX according to their website, boasts several big names in the field. These include American Express, BMW, Air France, Toyota, IKEA, and many others. Shodan's search, conducted on March 30, found over 240,000 phone management systems exposed by 3CX. Huntress, a managed security service provider, reported on March 13, that it received 2,783 incident reports where the binary 3CXDesktopApp.exe matches known malicious hashes. In addition, it has a 3CX-certified certificate attached. 

HSBC, a British multinational bank with a presence in more than 155 countries, offered software development services involving Linux backdoors revealed by ESET researchers. It is believed that anyone who double-clicked on the PDF offer letter downloaded ESET's SimplexTea backdoor for Linux, an operating system known for its lack of security.

SimplexTea has similarities to Bluecall, a North Korean backdoor for Windows computers that had already been identified. This includes the use of domains to construct secure TLS connections similar to SimplexTea domains.  

It is also worth noting that the SimplexTea backdoor used the same core implementation of the A5/1 cipher used by North Korean hackers to sabotage Sony Pictures' release of the comedy "The Interview", which depicts Kim Jong Un's death by fiery helicopter as a camera pans through the company's offices. 

In addition to this direct connection, Eset also mentions that it shares the network infrastructure with the Trojanized VoIP software that serves as the backdoor for the 3CX hackers. As a command-and-control domain, each of these programs uses journalide.org as its point of control. There is also a similar method of loading the configuration files for SimplexTea malware and 3CX malware. 

In a statement released by ESET, the North Korean actors have been identified as the Lazarus Group. Despite this, Mandiant has identified the documents as likely associated with UNC4736, also known as AppleJeus, a Pyongyang hacking activity motivated by profit. 

According to Conversant Group's chief executive officer, John Anthony Smith, this Linux-based malware attack shows how threat actors are continuously expanding their arsenals, targets, tactics, and reach to circumvent security controls and practices in place. There is a growing trend among threat actors to expand the range of their malware variants to affect more systems, he added.
Read more »
Security
Application Cyber Security Data Location data Messaging Apps Safety Security

Can Messaging Apps Locate You? Here's All You Need to Know

 

If you're worried about cybersecurity, you might question whether texting apps can follow you. Yes, but it's not as big of a deal as you believe. Understanding how location monitoring works on major messaging applications, as well as the risks associated with it, is critical. Many social media apps require location information in order to streamline the services they provide. Road directions, food delivery, and other features that require access to your location to serve you better are examples of these services. So messaging applications can easily and precisely follow you, and they collect this information from you in a variety of ways.

One of the most typical methods is to simply ask you to enable your location and grant the app permission to access it. The GPS technology allows the programme to access your latitude and longitude coordinates, pinpointing your location, after you grant it permission. For example, several free messaging programmes, including your standard SMS app, iMessage, and WhatsApp, provide a live-location function that allows you to share your current location if necessary.

Wi-Fi and Bluetooth signals from your phone can also provide location information. Apps that monitor the signal strength of adjacent Wi-Fi routers and Bluetooth devices can track your whereabouts. However, this technology is less dependable than GPS tracking and can only provide an estimated location.

Some photo-sharing social networking apps, such as Instagram and Snapchat, leverage location-based functionality on your device, such as geotagging photos or providing more accurate search results. Then there's Twitter, which uses algorithms to serve your feed items based on location.

Another culprit is your IP address. When a device connects to the internet, it is assigned a unique IP address. This address may expose your general location, such as your city or area. Location history (a record of where your phone, i.e. you, has been) can be stored on the servers of apps like Snapchat.

Most messaging apps provide thorough information about their privacy policies and how they track your location and keep your data. So, rather than skipping them without reading the material, you should go into them. If you are uncomfortable with their practices, you can restrict their access through your device settings. However, doing so may result in inconsistencies and inaccuracies with the app's location-based functionality. The most serious hazards linked with location tracking by messaging media apps are invasions of privacy and data breaches.

How to Prevent Messaging Apps from Tracking You

Using airplane mode is the best approach to prevent your location from being tracked. However, doing so would disable incoming calls as well as your data connection. Fortunately, there are less restrictive methods for preventing messaging apps from seeing your location data.

You can always disable your location. Most phones feature a button in the quick panel for this. However, if yours does not, you can do so using a Samsung Galaxy phone:
  • Go to your phone's Settings.
  • Head over to Apps.
  • Select the app you want to turn on/off privacy access.  
  • Tap on Permissions, and then Location.
  • Tap Deny, and WhatsApp won't have access to your location anymore.
VPNs, or Virtual Private Networks: They protect your privacy by routing your internet traffic through a remote server operated by the VPN operator. A VPN uses a variety of approaches to prevent tracking. First, it switches your IP address to that of the VPN server in another location, which is usually far away. Any programme that attempts to trace your location using your IP address will be unable to do so because it has been changed to that of the VPN server.

Premium VPNs also encrypt your data, disguising the data transmitted between your device and the VPN server. Any third party attempting to intercept it will find it illegible as a result. They frequently feature firewalls and ad blockers that they can employ to avoid any problems.

Utilize Private Browsers: Some web browsers include firewalls and ad blockers that restrict third-party cookies and delete your browsing history when you close the app. So, if you use these private browsers to access social media, you can be confident that your location is hidden from prying eyes.

One must also study the privacy policies of these apps and take steps to limit the location sharing to trusted contacts only.
Read more »
Subscribe to: Comments (Atom)