Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

HelloKitty Ransomware Renames to 'HelloGookie,' Unveils CD Projekt and Cisco Data

  The operator behind the HelloKitty ransomware has rebranded it as 'HelloGookie,' with passwords for previously leaked CD Projekt...

All the recent news you need to know
Social Engineering
AI Cyber Attacks Hackers Intelligence Social Engineering

Where Hackers Find Your Weak Spots: A Closer Look


Social engineering is one of the most common attack vectors used by cyber criminals to enter companies. These manipulative attacks often occur in four stages: 

  1. Info stealing from targets
  2. Building relationships with target and earning trust
  3. Exploitation: Convincing the target to take an action
  4. Execution: Collected info is used to launch attack 

Five Intelligence Sources

So, how do attackers collect information about their targets? Cybercriminals can employ five types of intelligence to obtain and analyze information about their targets. They are:

1. OSINT (open-source intelligence)

OSINT is a hacking technique used to gather and evaluate publicly available information about organizations and their employees. 

OSINT technologies can help threat actors learn about their target's IT and security infrastructure, exploitable assets including open ports and email addresses, IP addresses, vulnerabilities in websites, servers, and IoT (Internet of Things) devices, leaked or stolen passwords, and more. Attackers use this information to conduct social engineering assaults.

2. Social media intelligence (SOCMINT)

Although SOCMINT is a subset of OSINT, it is worth mentioning. Most people freely provide personal and professional information about themselves on major social networking sites, including their headshot, interests and hobbies, family, friends, and connections, where they live and work, current job positions, and a variety of other characteristics. 

Attackers can use SOCINT software like Social Analyzer, Whatsmyname, and NameCheckup.com to filter social media activity and information about individuals to create tailored social engineering frauds. 

3. ADINT (Advertising Intelligence)

Assume you download a free chess app for your phone. A tiny section of the app displays location-based adverts from sponsors and event organizers, informing users about local players, events, and chess meetups. 

When this ad is displayed, the app sends certain information about the user to the advertising exchange service, such as IP addresses, the operating system in use (iOS or Android), the name of the mobile phone carrier, the user's screen resolution, GPS coordinates, etc. 

Ad exchanges typically keep and process this information to serve appropriate adverts depending on user interests, behavior, and geography. Ad exchanges also sell this vital information. 

4. DARKINT (Dark Web Intelligence)

The Dark Web is a billion-dollar illegal marketplace that trades corporate espionage services, DIY ransomware kits, drugs and weapons, human trafficking, and so on. The Dark Web sells billions of stolen records, including personally identifiable information, healthcare records, financial and transaction data, corporate data, and compromised credentials. 

Threat actors can buy off-the-shelf data and use it for social engineering campaigns. They can even hire professionals to socially engineer people on their behalf or identify hidden vulnerabilities in target businesses. In addition, there are hidden internet forums and instant messaging services (such as Telegram) where people can learn more about possible targets. 

5. AI-INT (artificial intelligence)

In addition to the five basic disciplines, some analysts refer to AI as the sixth intelligence discipline. With recent breakthroughs in generative AI technologies, such as Google Gemini and ChatGPT, it's easy to envisage fraudsters using AI tools to collect, ingest, process, and filter information about their targets. 

Threat researchers have already reported the appearance of dangerous AI-based tools on Dark Web forums such as FraudGPT and WormGPT. Such technologies can greatly reduce social engineers' research time while also providing actionable information to help them carry out social engineering projects. 

What Can Businesses Do to Prevent Social Engineering Attacks?

All social engineering assaults are rooted in information and its negligent treatment. Businesses and employees who can limit their information exposure will significantly lessen their vulnerability to social engineering attacks. Here's how.

Monthly training: Use phishing simulators and classroom training to teach employees not to disclose sensitive or personal information about themselves, their families, coworkers, or the organization.

Draft AI-use policies: Make it plain to employees what constitutes acceptable and unacceptable online activity. For example, it is unacceptable to prompt ChatGPT with a line of code or private data, as well as to respond to strange or questionable queries without sufficient verification.

Utilize the same tools that hackers use: Use the same intelligence sources mentioned above to proactively determine how much information about your firm, its people, and its infrastructure is available online. Create a continuous procedure to decrease this exposure.

Good cybersecurity hygiene begins with addressing the fundamental issues. Social engineering and poor decision-making are to blame for 80% to 90% of all cyberattacks. Organizations must prioritize two objectives: limiting information exposure and managing human behavior through training exercises and education. Organizations can dramatically lower their threat exposure and its possible downstream impact by focusing on these two areas.

Read more »
Web browser
Android Phone Cyber Security fast removal junk files Safety SEO-friendly Web browser

Here's How to Remove Unnecessary Files from Your Android Phone's Web Browser

 

The web browser on your Android phone collects a significant amount of data from the websites you visit, much of which is unnecessary to keep on your device. Regardless of whether you use Google Chrome, Mozilla Firefox, or Samsung Internet, this data, stored in cookies and cache, serves various purposes, such as enabling faster website loading and maintaining login sessions. However, a considerable portion of this data is superfluous and poses privacy risks.

Frequent clearing of your browser's cookies and cache is advisable due to the accumulation of unnecessary data, including transient junk and active tracking mechanisms from websites. These trackers often contribute to targeted advertising, where your browsing history influences the ads you encounter. For instance, after browsing online stores, you might notice advertisements tailored to your recent activities, like offers for eyeglasses or reminders of items in your shopping cart on Amazon.

Regularly clearing your cache helps eliminate unwanted data from your phone, especially if there are unidentified data trackers among your browser's cookies. Though clearing your cache may require you to log back into some websites, it's a minor inconvenience compared to the benefits of maintaining your phone's cleanliness and privacy.

The process for clearing cookies and cache varies depending on your phone's model and the web browser app you use. For Google Chrome, Samsung Internet, and Mozilla Firefox on Android devices, specific steps can be followed to clear this data effectively.

In Google Chrome, access the option to clear browsing data through the More menu or the Settings menu. For Samsung Internet, you can clear browsing data within the app or through your phone's Settings app, with options to delete various types of data, including cache and cookies. Mozilla Firefox offers extensive options for clearing browsing data, allowing users to delete specific types of data such as open tabs, browsing history, site permissions, and downloads, in addition to cookies and cached images and files. Additionally, Firefox provides an option to automatically delete browsing data upon quitting the app, enhancing privacy.

Both Chrome and Firefox offer basic and advanced settings for clearing browsing data, including options to specify the time range for deletion and to delete saved passwords and autofill form data. Chrome may prompt users regarding the importance of certain websites before clearing data, providing an opportunity to confirm the action.

Regularly clearing cookies and cache in your Android web browser is essential for maintaining privacy and optimizing device performance.
Read more »
NHS
Cyberattacks CyberCrime Cyberhackers CyberThreat Dark Web Data Breach Data Records Galloway Medical Files NHS

Dark Web Nightmare: Scots NHS Patient Data Breach Exposes Medical Files

 


Following a major data breach at NHS Dumfries and Galloway, patients can access their private medical records online with just a few clicks. It has been reported that an extremely large amount of data has been stolen from the NHS by a group known as INC Ransom. 

To keep this vast amount of personal information confidential, the group demanded a ransom and then uploaded a massive amount of information to the dark web. As a result of the cyber attack on NHS Dumfries and Galloway in March, the data of its victims has now been released onto the dark web. NHS Scotland advised potential victims to remain vigilant about cyber attacks. 

Nevertheless, the media reports claim that a search on the dark web resulted in personal information about six patients, including a disabled child aged 10 and an 81-year-old man who was disabled. In addition to providing patients' names and dates of birth, the documents also include their home addresses and even their personal email addresses, details of the patient's life and medical history, test results, and private disclosures about their condition that were made to physicians. 

In response to the Sunday Mail report, NHS Dumfries and Galloway confirmed to the newspaper that patients have been informed, but they don't know what files the hackers have or how many more individuals have been compromised. Using the dark web, cybercriminals released documents that proved they had hacked the NHS system that were easily accessed by the Sunday Mail. 

There are some of the most personal details about six patients, including an 81-year-old man who was disabled at the age of 10 and a disabled 10-year-old girl. Furthermore, the documents reveal the patient's name and date of birth, in addition to their unique numerical identifiers called CHI numbers. It also gives their home addresses, as well as one person's e-mail address.

Furthermore, they contain intimate details regarding people's lives and medical histories, as well as test results, which are disclosed to doctors privately. According to the Sunday Mail, NHS Dumfries and Galloway has informed six patients that their data has been stolen, but they have no idea how many more have been affected or what files they have on hand.

As deputy leader of Labour, Jackie Baillie asked Health Secretary Neil Gray to explain how the breach occurred and what measures are being taken to prevent it in other health boards As a result of the breach, experts warn that the people whose personal information was compromised may be vulnerable to identity theft and other kinds of fraud. Managing director of the Cybersecurity Research Centre at Abertay University, Professor Lynne Coventry, said, "Health records can contain sensitive health information as well as financial information, making them more valuable than financial records." 

As a result of the data breach, thousands of people may potentially be affected, but authorities are not yet sure how significant it will be. There have been several calls for transparency from the NHS regarding the breach, and Patrick McGuire, partner at Thompsons Solicitors, says the NHS needs to provide support to those who were affected by the breach. 

McGuire also claimed that the NHS could be faced with significant legal claims from individuals whose personal information was exposed. This has got to be one of Scotland's biggest data breaches, possibly even the whole of Scotland. McGuire stated that the amount of information is enormous. The Scottish Conservative party's health spokesman, Dr Sandesh Gulhane, has stated that those whose information has been stolen are likely to seek financial compensation and that defending these claims could prove to be a significant challenge. 

During his interview with the press, Mr Gray revealed that he must take responsibility for the mitigation of the damage and prevent future attacks by explaining to the public what actions are being taken to mitigate these damages. As a result of the scale of the attack, it is difficult for NHS Dumfries and Galloway to determine exactly what data the hackers could access or how many individuals might be impacted. Police Scotland has confirmed that an investigation is ongoing. 

According to the health board, the six patients whose information had already been published online have already been contacted. Moreover, the NHS Scotland regional board has reported that no disruptions were reported to patient-facing services due to the cyber incident and that normal operations continued. 

According to the Scottish government, the cyber attack targeted NHS Dumfries and Galloway and no further incidents have been reported across NHS Scotland as a result of the cyber attack. The company has been around since July 2023, when it appeared on the scene. Numerous organizations, including healthcare institutions, have been indiscriminately targeted by ransomware. 

The group obtains access to the enterprise via phishing emails and exploiting vulnerabilities in software resulting in exploitation of Citrix NetScaler vulnerability CVE-20233519. Using TOR, it communicates with its victims over a TOR-based portal and tracks payments using a unique ID code that is at the heart of every payment.
Read more »
Transactions
Bengaluru Cyber Crime Scam Stock market Transactions

Stock Market Scam in Bengaluru: Businessman Loses Rs 5.2 Crore



In a recent cybercrime incident, a 52-year-old businessman from Bengaluru fell victim to a stock market scam, losing a staggering Rs 5.2 crore. The victim, referred to as Sharath for anonymity, reported the incident to the cybercrime police on April 8. According to his account, the ordeal began when he received a WhatsApp message on March 11 promoting stock market investments with promises of high returns. Despite refraining from clicking the accompanying link, Sharath found himself involuntarily added to a WhatsApp group named "Y-5 Ever Core Financial Leader," boasting around 160 members.

Subsequently, Sharath received numerous calls from unidentified numbers, urging him to download an application linked to the investment scheme. Initially resistant, Sharath eventually succumbed to the persuasion tactics employed by the fraudsters and downloaded the app. Under the guidance of the perpetrators, Sharath began purchasing stocks facilitated by multiple accounts provided by the fraudsters. Assured that his funds were being invested in the stock market, Sharath transferred a staggering Rs 5.2 crore to five designated accounts by April 2.

Despite his growing suspicions, Sharath's attempts to withdraw profits or reclaim some of his invested capital for further investments were thwarted by the fraudsters. It was only then that he realised he had fallen victim to a scam. In response to the complaint, authorities have initiated legal proceedings under the IT Act, with ongoing investigations. Efforts have been made to freeze the funds in the fraudsters' accounts in collaboration with bank officials, raising hopes for potential recovery of some of the lost money, as confirmed by a senior police official.

Senior Citizen Scammed: Woman Loses Rs 6 Lakh

In another distressing incident, a 61-year-old woman fell prey to cybercriminals impersonating Delhi police and Customs officials. Exploiting her fear, the fraudsters falsely accused her of drug smuggling and money laundering, coaxing her to transfer Rs 6.56 lakh. Manipulating her trust, they provided fake validation procedures, leading to her significant loss.

These incidents serve as stark reminders of the growing tactics of cybercrime and the importance of caution while engaging in online transactions. Authorities urge the public to exercise caution and scepticism when encountering unsolicited investment opportunities or suspicious requests for financial transactions. As investigations continue into these cases, efforts to combat cybercrime through deliberate security measures and real-time data sharing remain imperative to safeguard individuals and businesses from falling prey to such fraudulent schemes.


Read more »
VPM
Child pornography Extortion Honeytrap malware VPM

Malware Author Lures Child Abusers Into Honeytrap to Extort Them

 

You rarely root for online criminals, but a new malware campaign targeting child exploiters does not make you feel awful about the victims. 

Since 2012, threat actors have developed a range of malware and ransomware that impersonate government agencies and earn affected Windows users that they are seeing CSAM. The software informs users that they must pay a "penalty" to keep their information from being transferred to law enforcement. 

One of the first "modern" ransomware operations, known as Anti-Child Porn Spam Protection or ACCDFISA, used this extortion strategy in conjunction with initially locking Windows systems and eventually encrypting files. 

Similar extortion techniques were used by cybersecurity researcher MalwareHunterTeam to share an executable malware sample named "CryptVPN" [VirusTotal] with BleepingComputer last week. This time, though, the malware creator is going after people who actively seek child pornography rather than innocent people. 

Security specialists investigated the malware and discovered that threat actors posed as UsenetClub, a subscription service that allows users to download films and images from Usenet with "uncensored" access.

Usenet is an online discussion platform that allows users to discuss different topics in "newsgroups" to which they have subscribed. While Usenet is used for valid discussion of a variety of topics, it is also a notorious source of child pornography.

Threat actors designed a fraudulent site pretending to be UsenetClub and offered three subscription tiers for the site's content. The first two were paid subscriptions, ranging from $69.99 per month to $279.99 annually. However, a third option claimed to allow free access if you install and employ the free "CryptVPN" software to access the site. 

Clicking the "Download & Install" button will download a CryptVPN.zip file from the website, which when unpacked will contain a Windows shortcut called "CLICK-HERE-TO-INSTALL". 

This file is a shortcut to the PowerShell.exe executable that downloads and saves the CryptVPN.exe executable to C:\Windows\Tasks.exe before executing it. The malware executable is packaged with UPX, however when unpacked, it contains a PDB string indicating that the creator titled the malware "PedoRansom". 

The malware does nothing uncharacteristic except change the target's wallpaper to an extortion demand and drop a ransom note named README.TXT on the desktop, which includes similar extortion demands. 

"You were searching for child exploitation and/or child sexual abuse material. You were stupid enough to get hacked," reads the extortion demand. "We have collected all your information, now you must pay us a ransom or your life is over.”

The extortion goes on to say that the victim must pay $500 to the bc1q4zfspf0s2gfmuu8h5k0679sxgxjkd7aj5e6qyl Bitcoin address within ten days or their identity will be leaked. Currently, this bitcoin address has only received roughly $86 in payments. 

Threat actors have long used "sextortion" strategies, such as sending bulk emails to a large number of people in an attempt to scare them into paying an extortion demand. 

These approaches worked very well at first, with spammers extorting more than $50,000 per week during the early operations. However, as time passes and the victims of these frauds become more aware, sextortion operations no longer yield the same money. 

While this strategy is more innovative and will scare many individuals looking for this type of stuff, we doubt many people will pay the extortion demand.
Read more »
Identity Theft
Customer Information cyber attack Data Breach Data Leak data security Experian Identity Theft

Wells Fargo Data Breach: Safeguarding Customer Information in a Digital Age

 

In a digital age where data breaches have become all too common, the recent disclosure of a data breach at Wells Fargo, a prominent multinational financial services corporation, has once again brought cybersecurity concerns to the forefront. The breach, impacting the personal information of two clients, underscores the challenges faced by financial institutions in safeguarding sensitive data and maintaining customer trust. 

The breach exposed clients' names and mortgage account numbers, raising significant concerns about the security of personal information within the financial services sector. According to Wells Fargo, the breach was not the result of a cyberattack but rather an employee breaching company policy by transferring information to a personal account. While the exact timeline and duration of unauthorized access remain unclear, Wells Fargo has taken swift action to address the situation and mitigate risks to affected individuals. 

In response to the breach, Wells Fargo has prioritized the welfare of its customers and has taken proactive steps to assist those impacted. The company has offered complimentary two-year subscriptions to Experian IdentityWorks5M, a comprehensive identity theft detection service. This includes daily monitoring of credit reports, internet surveillance to monitor identity-related activity, and full-service identity restoration in the event of theft. Affected individuals are encouraged to activate their subscriptions within 60 days from the date printed on the notification letter, either online or by phone. The team is available via phone during specified hours and offers language assistance services for non-English speakers, as well as support for individuals with hearing or speech difficulties. 

While the specifics of the data breach are still under investigation, Wells Fargo remains committed to enhancing security measures and preventing similar incidents in the future. The breach serves as a stark reminder of the evolving nature of cyber threats and the importance of remaining vigilant in protecting sensitive information. This incident also highlights a recurring issue within the banking industry, as Wells Fargo is not the only financial institution to experience a data breach in recent months. 

In February 2024, Bank of America, another one of the Big Four Banks in North America, announced a data breach affecting its customers. The Bank of America data breach was attributed to a cyberattack targeting one of its service providers, Infosys McCamish Systems. 

As investigations into the breach continue, Wells Fargo reassures its customers of its unwavering commitment to security and vows to implement additional measures to safeguard customer information. Despite the challenges posed by cyber threats, Wells Fargo remains dedicated to maintaining customer trust and protecting sensitive data in an increasingly interconnected world.
Read more »
Retail Industry
Carpetright cyber attack Cyber Attacks Essex Hacking Retail Industry

Cyber Attack Hits UK's Carpetright, Affecting Customer Orders

 



Carpetright, an eminent flooring retailer in the UK, has fallen victim to a cyber attack, causing disruption to its operations and affecting hundreds of customer orders. Last week, hackers targeted the flooring specialist’s head office in Purfleet, Essex, by sending malware to gain unauthorised access. As a result, customers have been unable to place orders on the company's website or in any of its 400 shops since last Thursday, when systems were taken offline. A spokesperson for the retailer expressed regret for any inconvenience caused, stating, “We are not aware of any customer or colleague data being impacted by this incident and are currently conducting tests and resetting systems, with investigations ongoing.”

The malware infiltration prompted a response from Carpetright's IT security team, who took the drastic measure of taking the entire network offline to contain the threat and prevent further spread. As a result, essential systems crucial for day-to-day operations, including payroll information and employee booking portals, became inaccessible.

The consequences of the attack extended beyond the company's internal operations, as phone lines remained down, leaving customers unable to reach support. Despite the disruption, company officials assured stakeholders that no customer or colleague data had been compromised.


Rising Threat of Cyber Attacks

The cyber attack on Carpetright comes amidst a concerning trend, with recent surveys indicating a sharp increase in cyber attacks targeting British businesses. According to the findings, half of British businesses reported experiencing a cyber attack within the past year, marking a terrific uptick from previous years.


NHS Dumfries and Galloway and British Library Targeted

The incident at Carpetright follows similar cyber attacks on critical institutions, including NHS Dumfries and Galloway and the British Library. Last month, NHS Dumfries and Galloway fell victim to a ransomware attack orchestrated by the INC Ransom group, resulting in the unauthorised access of patient data. The breach raised concerns about patient confidentiality and highlighted the vulnerability of healthcare infrastructure to cyber threats.


In a separate incident, the British Library suffered a major technology outage following a cyber attack by the Rhysida ransomware group. The attack disrupted operations at the renowned research library and underlined the institution of cyber criminals targeting high-profile institutions.


Challenges Faced by Carpetright

The cyber attack compounds the challenges faced by Carpetright in contemporary times, as the company navigates a downturn in demand and heightened competition. Founded in 1988 by Philip Harris, Carpetright has weathered various storms over the years, including its delisting from the London Stock Exchange in 2019 following its acquisition by Meditor, a British hedge fund.


As Carpetright seeks to recover from the cyber attack and adapt to the unfolding market dynamics, its resilience and ability to innovate will be critical in ensuring its long-term viability amidst ongoing uncertainties, including the cost of living crisis impacting consumer behaviour.


Read more »
Subscribe to: Posts (Atom)