Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Armenia Cyber Security. Show all posts
Ransomware Gang
Armenia Cyber Security Azure Azure Storage Data Theft Ransomware Gang

Ransomware Outfits Are Exploiting Microsoft Azure Tool For Data Theft

 

Ransomware gangs like BianLian and Rhysida are increasingly using Microsoft's Azure Storage Explorer and AzCopy to steal data from compromised networks and store it in Azure Blob Storage. Storage Explorer is a graphical management tool for Microsoft Azure, whereas AzCopy is a command-line utility for large-scale data transfers to and from Azure storage. 

The stolen data in these attacks is thereafter kept in an Azure Blob container in the cloud, where threat actors can subsequently move it to their own storage, according to cybersecurity firm modePUSH's observations. 

However, the researchers observed that the perpetrators had to do additional work to make Azure Storage Explorer operate, such as installing prerequisites and upgrading.NET to version 8. This reflects the growing emphasis on data theft in ransomware operations, which is the primary leverage for threat actors in the subsequent extortion phase. 

Why Azure?

Though each ransomware gang has a unique set of exfiltration tools, they often use Rclone for syncing data with various cloud providers and MEGAsync for syncing with the MEGA cloud. 

Furthermore, Azure's scalability and efficiency, which allow it to manage massive volumes of unstructured data, are extremely useful when attackers want to exfiltrate large numbers of files in the least amount of time. 

ModePUSH claims to have noticed ransomware attackers employing numerous instances of Azure Storage Explorer to upload data to a blob container, hence speeding up the process. 

Uncovering ransomware exfiltration

The researchers discovered that the threat actors set the default 'Info' level logging while using Storage Explorer and AzCopy, which generates a log file at%USERPROFILE%\.azcopy. 

This log file is especially useful for incident responders since it contains information on file actions, allowing investigators to rapidly determine which data was stolen (UPLOADSUCCESSFUL) and which payloads were potentially injected (DOWNLOADSUCCESSFUL). 

Defence strategies include establishing alarms for odd patterns in file copying or access on crucial systems, monitoring for AzCopy execution, and tracking outbound network traffic to Azure Blob Storage endpoints at ".blob.core.windows.net" or Azure IP ranges. 

If an organisation already uses Azure, it is advised to use the 'Logout on Exit' feature, which will log users out automatically when they close the program, to stop hackers from stealing files with an ongoing session.
Read more »
Safety
$7.8 million settlement Armenia Cyber Security BetterHelp data security health data sharing Safety

BetterHelp Agrees to $7.8 Million Settlement for Health Data Sharing with 800,000 Users

 

The LockBit ransomware group has resurfaced, targeting Hooker Furniture, a significant player in the U.S. furniture industry. Alleging the theft of customer and business data, LockBit has set a deadline of May 08, 2024, for its publication.

Meanwhile, BetterHelp, a mental health platform offering online counseling since 2013, has reached a $7.8 million settlement with the U.S. Federal Trade Commission (FTC). The settlement addresses accusations of mishandling and sharing consumer health data for advertising purposes.

BetterHelp, known for its accessibility and range of therapy options including text, live chat, phone, and video sessions, serves individuals grappling with various mental health issues. An FTC investigation revealed the platform's unauthorized collection of user data, which was subsequently shared with third-party platforms for targeted advertising.

As part of the settlement, BetterHelp is obligated to refund $7.8 million to consumers who utilized its services between August 1, 2017, and December 31, 2020. This refund program extends to users of affiliated platforms such as MyTherapist and Teen Counseling, encompassing approximately 800,000 individuals.

Overseeing the refund process, Ankura Consulting will offer payment options including checks, Zelle, and PayPal. Consumers have until June 10, 2024, to select their preferred payment method.
Read more »
Hackers News
Armenia Armenia Cyber Security Azerbaijani Hackers Cyber Attacks Hackers News

Azerbaijani hackers obtained information from the Armenian Ministry of Defense


Passport data of several hundred Armenian citizens, including military personnel, as well as documents related to the Republic's military units, were leaked to the network by Azerbaijani hackers over the past three days. This was stated by media expert and information security specialist Samvel Martirosyan on July 8.

The expert noted that over the past month personal information of Armenian citizens infected with the coronavirus was leaked to the network six times. According to him, the criminals may have much more information than they published.

This is an extremely dangerous situation because among the documents there is such information as the number of vehicles in the military unit, and passport data can be used by fraudsters to issue loans.
Martirosyan believes that Azerbaijani hackers get access to official information mainly through email, taking advantage of the low level of computer literacy of the Armenian population. A significant amount of this information is sent via personal emails, which hackers can easily hack. To solve the problem, the expert suggests developing clear instructions on how to use the information and train people.

The National Security Service (NSS) of the Republic noted that they do not have information on the last data leakage but confirmed the fact of the previous two.

Earlier it became known that Azerbaijani hackers once again posted the data of Armenian citizens infected with Covid-19. On June 24, two files with names, addresses and mobile phones were published, but without passport data. Two weeks earlier, Azerbaijani hackers distributed the data of about 3,500 Armenian citizens with confirmed coronavirus infection, as well as residents of the Republic who were in contact with patients. "The e-mail of one of the outpatient regional medical centers was hacked and there was an attempt to extract information," said the NSS.

Read more »
Subscribe to: Posts (Atom)