Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Botnets. Show all posts
WiFi Routers
Antivirus Botnets Crypto Data Breach data threat ISP Protocol WiFi Routers

Four Red Flags Warning You of a Hacked Wi-Fi Router

 

Wi-Fi has become a necessary component of our daily lives in today's hyperconnected society. Everything from watching movies online to doing our banking online depends on it. But this convenience also raises the possibility of cyberthreats, such as the hacking of our Wi-Fi routers. Numerous recent investigations have alerted billions of Wi-Fi customers to four warning signs that their routers may have been hijacked.
  1. Sluggish Performance: One of the first signs that your router may have been hacked is a noticeable decline in its performance. If your internet speed suddenly becomes slower than usual or if you experience frequent disconnections, it could be a red flag. Hackers often use compromised routers as a gateway to carry out their malicious activities, which can result in a significant drop in network performance.
  2. Unauthorized Access: If you have noticed any unfamiliar devices connected to your Wi-Fi network, it's a clear indication that your router's security may have been breached. Hackers gain unauthorized access to routers and connect their devices to snoop on your internet traffic, steal sensitive information, or launch further attacks on other connected devices.
  3. Unexpected Behavior: Another red flag of a hacked router is the occurrence of unusual or unexpected behavior. This could include your router's settings being changed without your knowledge or consent, strange error messages appearing, or unknown devices attempting to access your network. These abnormal activities should raise suspicion and prompt further investigation.
  4. Increased Data Usage: If you notice a sudden and significant increase in your monthly data usage, it could be a sign of a hacked router. Cybercriminals may use compromised routers to carry out activities such as distributing malware, participating in botnets, or mining cryptocurrencies, all of which can consume a substantial amount of data without your knowledge.

So, what can you do if you suspect your router has been hacked? Here are a few steps you can take to address the issue:
  • Change Router Passwords: Begin by changing the administrative password for your router. Use a strong, unique password that combines upper and lowercase letters, numbers, and special characters.
  • Update Firmware: Check if there are any available firmware updates for your router and install them promptly. Manufacturers often release updates to address security vulnerabilities and improve overall performance.
  • Enable Encryption: Ensure that your Wi-Fi network is encrypted with a strong security protocol, such as WPA2 or WPA3. This will help protect your network from unauthorized access.
  • Scan for Malware: Run a comprehensive antivirus and anti-malware scan on all devices connected to your network. This can help detect and remove any malware or malicious programs that may have been introduced through the hacked router.
  • Contact Your Internet Service Provider (ISP): If you suspect that your router has been compromised, reach out to your ISP for assistance. They can provide guidance and support in resolving the issue and may even replace the router if necessary.
Knowing the warning signs that suggest your router may have been compromised is essential. You can safeguard your private information, maintain a secure Wi-Fi network, and make sure that you and your family have a safer online experience by quickly recognizing and responding to these indicators. Take proactive measures to protect your router and the network's attached devices by being alert, educated, and cautious.
Read more »
World Economic Forum
AI Botnets Cyber Crime Cyberattacks Cybercrime Trends Data Storage DLTs Hackers WEF WEF Annual Meeting 2023 World Economic Forum

A Catastrophic Mutating Event Will Strike the World in 2 Years, Claims WEF


The World Economic Forum (WEF) in Devos, Switzerland has come up with its set of uplifting predictions for 2023. The latest report warns of a global catastrophic cyber event in the near future. 

The WEF Annual Meeting includes government leaders, businesses, and civil society addressing the state of the world, while also discussing the priorities of the year ahead. 

“The most striking finding that we’ve found is that 93 percent of cyber leaders, and 86 percent of cyber business leaders, believe that the geopolitical instability makes a catastrophic cyber event likely in the next two years. This far exceeds anything that we’ve seen in previous surveys,” says WEF managing director Jeremy Jurgens during a presentation, highlighting the WEF Global Security Outlook Report 2023. 

Adding to the unpredictability of the turn of events, Jurgens cited a recent cyberattack that was intended to disable Ukrainian military capabilities but inadvertently also shut down a portion of the production of energy across Europe. 

In regards to this, Jürgen Stock, Secretary-General of Interpol, says that “This is a global threat[…]It calls for a global response and enhanced and coordinated action.” 

According to him, the increased profit that various bad actors acquire from cybercrime should encourage world leaders into working in a collaborative manner, making it a top priority as they face "new sophisticated tools." 

Albania Set to Combat Cybercrime 

Albania, which recently experienced a significant cyberattack is now collaborating with larger allies to thwart the criminals, acting as a sort of laboratory for people to understand what is to come. 

During the presentation, Edi Rama, the Prime Minister of Albania, illustrated on the industry's growth— from $3 trillion in 2015 to an anticipated $10.5 trillion in 2025. This, according to Rama means that if cybercrime were a state, it would have the third-largest global economy after the U.S. and China. 

Expected Cybercrime Trends in the Next Two Years 

Cyber threats are evolving at a faster rate, with cybercrime underground turning into an organized cybercrime ecosystem. In order to effectively combat these threats, it has become essential to stay up-to-date on the trends in cybercrime, which will eventually reflect its future status in the cyber world. 

Here, we are listing some of the trends that are likely to be prevalent in cybercrime tactics in the coming years: 

  • Artificial Intelligence/ Machine Learning 

AI and machine learning have the ability to boost attack automation, speed, frequency, and efficiency while also enabling the possibility of targeted attacks that are specifically aimed at particular groups. They might also speed up cyber detection, protection, and recovery systems from a cybersecurity perspective. 

  • Computing and Data Storage Technology 

The innovation and immense usage of computing and data storage technologies in all sectors and services will eventually give threat actors more chances to exploit, gain unauthorized access to and disseminate illicit data. 

  • Blockchain and Distributed Ledger Technologies (DLTs) 

Digitalized transactions could be manipulated for nefarious purposes, such as blocking them from being processed, since they are digitalized and processed by DLTs. DLTs may also be used to store inappropriate or disruptive content that is difficult to get rid of. 

  • Botnets and Automated Malware Deployment Tools 

The rapid expansion of the Internet of Things (IoT), which is connecting more and more devices to the internet, is also giving a massive opportunity for threat actors to conduct malicious activities. The increasing inclination towards bots and automated malware deployment tools have as well contributed as an aid to the attackers. These inexpensive and easy-to-use tools lower the skill level barrier for hackers to launch attacks. 

Read more »
Trojan Attacks
Antivirus APT Backdoor Botnets Cyber Crime Endpoint ESET Symantec Trojan Attacks

Hacker Group Cranefly Develops ISS Method

The novel method of reading commands from seemingly innocent Internet Information Services (IIS) logs has been used to install backdoors and other tools by a recently leaked dropper. Cybersecurity experts at Symantec claimed an attacker is utilizing the malware known as Cranefly also known as UNC3524 to install Trojan. Danfuan, another undocumented malware, as well as other tools.

Mandiant reported that Cranefly mainly targeted the emails of individuals who specialized in corporate development, merger and acquisitions, and significant corporate transactions when it was originally founded in May. Mandiant claims that these attackers remained undetected on target networks for at least 18 months by using backdoors on equipment without support for security measures.

One of the main malware strains used by the gang is QUIETEXIT, a backdoor installed on network equipment like cloud services and wireless access point controllers that do not enable antivirus or endpoint monitoring. This allows the attacker to remain undetected for a long time.

Geppei and Danfuan augment Cranefly's arsenal of specialized cyber weapons, with Geppei serving as a dropper by collecting orders from IIS logs that look like normal web access requests delivered to a compromised host.

The most recent Symantec advisory now claims that UNC3524 used Hacktool-based backdoors in some instances. Multiple advanced persistent threat (APT) clusters use the open-source technology Regeorg.
Additionally, Symantec has cautioned that Cranefly is a 'pretty experienced' hacking group as evidenced by the adoption of a new method in conjunction with the bespoke tools and the measures made to conceal their activity.

On its alert and Protection Bulletins website, Symantec lists the indicators of compromise (IoC) for this attack. Polonium is another threat actor that usually focuses on gathering intelligence, and ESET recently saw Polonium utilizing seven different backdoor variants to snoop on Israeli firms.

Cranefly employs this sneaky method to keep a foothold on compromised servers and gather information covertly. As attackers can send commands through various channels, including proxy servers, VPNs, Tor, or online development environments, this method also aids in avoiding detection by investigators and law enforcement.

It is unclear how many systems have been compromised or how often the threat actors may have utilized this technique in ongoing operations.



Read more »
User Privacy
Apple Botnets Cyber Crime Endpoint Gamers iOS Kaspersky Microsoft User Privacy

Microsoft Alert a Major Click Fraud Scheme Targeting Gamers

Microsoft is keeping tabs on a widespread click fraud scheme that targets gamers and uses covertly installed browser extensions on hacked devices.

The act of exaggerating the number of clicks on pay-per-click advertisements that constitutes a fraudulent click. According to experts, botnets are responsible for approximately a third of the traffic created by advertising on ad networks. To safeguard their image and keep their clients happy, advertising platforms frequently use click fraud prevention techniques, such as the Google search engine. 

In a series of tweets over the weekend, Microsoft Security Intelligence stated that "attackers monetize clicks generated by a web node WebKit or malicious browser extension stealthily installed on devices."

The internet company clarified in a tweet that the initiative targets unaware people who click rogue advertising or comments on YouTube. 

By doing this, a fake game cheats ISO file will be downloaded, and when opened, it will install the threat actors' necessary browser node-webkit (NW.js) or browser extension. Microsoft also mentioned that they saw the actors using Apple Disk Image files, or DMG files, indicating that the campaign is a cross-platform endeavor. 

It's important to note that the ISO file contains hacks and cheats for the first-person shooter game Krunker. Cheats are software tools that provide users of a game with a distinct advantage over other players.

DMG files, which are Apple Disk Image files usually used to distribute software on macOS, are also employed in the attacks in place of ISO images, demonstrating that the threat actors are aiming their attacks at several operating systems.

The discovery is no longer shocking because threat actors frequently use gamers as fine targets in their efforts, especially those who are scrambling to locate free cheats online.

The prevalence of virus spreading through well-known game franchises was demonstrated earlier in September by a report from endpoint security provider and customer IT security software company Kaspersky. The most popular file was distributed via Minecraft, which had 131,005 users infected between July 2021 and June 2022. 



Read more »
RDP Flaw
Botnets C&C Cyber SecurityTrojan Attacks Kaspersky Phishing and Spam RDP Flaw

Small Businesses Remain Vulnerable, With Rising Cyberattacks

 

Small businesses are three times more likely than big corporations to fall prey to scammers in 2021. A single cyberattack's average loss has risen from $34,000 to just about $200,000. These businesses have had to deal with legal bills, compliance penalties, reputational harm, and client loss in addition to cash losses. Many small enterprises are unable to recover from these setbacks.

Kaspersky Lab researchers tracked the amount of Trojan-PSW (Password Stealing Ware) detections in 2022: 4,003,323 versus 3,029,903, up nearly a quarter from the same period in 2021. Trojan-PSW is malware that collects passwords and other account information, allowing attackers to gain access to a company's network and steal important information. Web malware has been particularly bad in Indonesia, the United States, Peru, and Egypt, with the number of incidents in these nations growing several times in the last year.

Several firms have adopted the Remote Desktop Protocol (RDP), a technology that allows computers on the same corporate network to be linked together and accessed remotely, even when employees are at home. However, because RDP is of particular interest to cybercriminals, if an attacker gains access to the corporate network through RDP, they can commit fraud on any of the company's PCs that have been linked. 

The general number of RDP attacks has fallen marginally, but not across the board. There were around 47.5 million attacks in the first trimester of 2021 in the United States, compared to 51 million in the same period in 2022. 

Advanced security services might include built-in training to keep IT professionals informed about the latest cyberthreats. Business owners can transform themselves into sought-after cybersecurity specialists by investing in training and education. 

These specialists will be able to understand how threats may affect their organization and change technological and organizational cybersecurity measures accordingly. Experts at Kaspersky recommend investing in an advanced security product that can perform incident analysis. 

These authorities can figure out where and how a leak happened, they will be better equipped to deal with any unwanted ramifications. Kaspersky Endpoint Security Cloud Pro is a new edition of Kaspersky Endpoint Security Cloud that includes advanced new features such as automated response options and an expanded range of security controls in a single solution. 

Along with all the more ground capabilities, Cobb, the security consultant, recommends that businesses invest in three extra protection measures: 
  • Data backup solution: This ensures that information that has been compromised or lost during a breach can be easily restored from a different place. 
  • Businesses may consider adopting encryption software to protect sensitive data such as employee records, client/customer information, and financial statements. 
  • Password-security software or two-step authentication: To limit the likelihood of password cracking, use these technologies with internal programs.
Read more »
NATO
Bangladesh Cyber Army Botnets CIA Cyber Attacks DDOS Tools keylogger Malicious actor NATO

 Bangladesh Cyber Incident Response Team has Issued a Warning About Malware Attacks Around Eid

 

Officials have warned of a possible cyber-attack on Bangladesh's financial and other key institutions' computer systems during the Eid vacations. According to a statement issued by the Digital Security Agency, the affected authorities must install or update anti-DDOS hardware and software. 

Officials believe the warning was sent by the government's specialized cyber-threat agency as a global cyberwar erupts in the Russia-Ukraine conflict, with NATO assisting the latter with arms support. 

The Bangladesh Computer Council's e-Government Computer Incident Response Team (BGD e-GOV CIRT) also recommends all key information facilities' internal systems be checked and monitored.

Following the current conflict between Ukraine and Russia, Tarique M Barkatullah, director (operations) of the Digital Security Agency and project director of the BGD e-GOV CIRT, stated “hackers from both sides are using important information infrastructures of different countries to spread botnets and malware and attack each other.” 

Botnets are computer networks infected with malware (such as computer viruses, key loggers, and other malicious code or malware) and remotely controlled by criminals, either for monetary gain or to launch assaults on websites or networks. 

BGD e-Gov CIRT discovered over 1400 IP numbers used in Russia after analyzing the warning message issued by the Russian Computer Security Incident Response Team. According to the CIA, hackers are using these IPs to spread propaganda and launch distributed denial of service (DDoS) operations. 

Tareq M Barkatullah, project director of BGD e-Gov CIRT, remarked in this reference: “The country's afflicted financial institutions and public service suppliers are being hampered in providing its usual services due to the exploitation of these IP-enabled Bangladeshi servers."

According to the Financial Express, Prof Dr. Md Salim Uddin, chairman of the executive committee of Islami Bank Bangladesh Limited (IBBL), several financial institutions have been targeted by cyber-attacks as a result of the current crisis between Ukraine and Russia.

IBBL is well-prepared to thwart any cyber-attack because it is always adopting new technological solutions. Among the internal systems, he emphasized strengthening cyber-security with new tech solutions and monitoring systems. To prevent all types of cyber threats, financial institutions should join an organization or platform to improve cooperation and integration. He further urges the government to expand collaboration and support in this area in order to combat rising cyber-threats in the future.
Read more »
Kaspersky
Amazon Web Services Botnets Cloudfare Cryptocurrency Frauds Cyber Attacks DDOS Attacks ISP Kaspersky

Cloudflare Blocks a  DDoS Attack with 15 million Requests Per Second

 

On Wednesday, Cloudflare, an internet infrastructure company, revealed it has successfully resisted one of the largest volumetric distributed denials of service (DDoS) attacks ever seen. A DDoS attack with a pace of 15.3 million requests per second (rps) was discovered and handled earlier this month, making it one of the greatest HTTPS DDoS attacks ever. 

According to Cloudflare's Omer Yoachimik and Julien Desgats, "HTTPS DDoS assaults are more pricey of necessary computational resources due to the increased cost of establishing a secure TLS encrypted connection." "As a result, the attacker pays more to launch the assault, and the victim pays more to mitigate it. Traditional bandwidth DDoS assaults, in which attackers seek to exhaust and jam the victim's internet connection bandwidth, are different from volumetric DDoS attacks. Instead, attackers concentrate on sending as many spam HTTP requests as possible to a victim's server to consume valuable server CPU and RAM and prevent legitimate visitors from accessing targeted sites."

Cloudflare previously announced it mitigated the world's largest DDoS attack in August 2021, once it countered a 17.2 million HTTP requests per second (rps) attack, which the company described as nearly three times larger than any prior volumetric DDoS attack ever observed in the public domain. As per Cloudflare, the current attack was launched from a botnet including about 6,000 unique infected devices, with Indonesia accounting for 15% of the attack traffic, trailed by Russia, Brazil, India, Colombia, and the United States. 

"What's intriguing is the majority of the attacks came from data centers," Yoachimik and Desgats pointed out. "We're seeing a significant shift away from residential network Internet Service Providers (ISPs) and towards cloud compute ISPs." According to Cloudflare, the attack was directed at a "crypto launchpad," which is "used to showcase Decentralized Finance projects to potential investors." 

Amazon Web Services recorded the largest bandwidth DDoS assault ever at 2.3 terabytes per second (Tbps) in February 2020. In addition, cybersecurity firm Kaspersky reported this week about the number of DDoS attacks increased 4.5 times year over year in the first quarter of 2022, owing partly to Russia's invasion of Ukraine.
Read more »
TrickBot
Banking Trojan Botnets Conti Emotet Trojan IP Address malware Qakbot RSA TrickBot

The Emotet Malware is Alive and Using TrickBot to Rebuild its Botnet

 

The malicious Emotet botnet, which made a comeback in November 2021 after a 10-month break, is showing indications of steady expansion once again, collecting a colony of over 100,000 infected hosts to carry out its destructive actions. 

In a new round of attacks, Emotet, a Banking Trojan which has evolved into a formidable modular threat, has reappeared with improved features. It has infected devices to carry out additional spam campaigns and install various payloads like the QakBot (Qbot) and Trickbot malware. These payloads would subsequently be utilized to give threat actors, such as Ryuk, Conti, ProLock, Egregor, and others, early access to deploy ransomware. 

"While Emotet has not yet reached the same magnitude as before, the botnet is displaying a strong resurrection with a total of around 130,000 unique bots scattered over 179 countries since November 2021," Lumen's Black Lotus Labs researchers wrote in a report. On April 25th, 2021, German law enforcement used the network to send an Emotet module that removed the malware from afflicted devices. 

The TrickBot malware has begun to dump an Emotet loader on affected devices, according to Emotet research group Cryptolaemus, GData, and Advanced Intel. While Emotet used to deploy TrickBot, the threat actors now use a mechanism called "Operation Reacharound" by the Cryptolaemus group, which rebuilds the botnet utilizing TrickBot's current infrastructure. 

Apart from command-and-control (C2) lists and RSA keys, which change from version to version, Emotet's main payload hasn't changed much, but the list of phrases used to establish a process name for its bot has been renewed. Along with new binaries, words like engine, finish, magnify, resapi, query, skip, and many more are utilized and modified. Researchers may be able to construct signatures to detect Emotet infections on machines once these lists have been secured, but signature-based detection is more challenging if the list changes. 

Abuse.ch has published a list of the new Emotet botnet's command and control servers and strongly advises network administrators to ban the linked IP addresses. Another new feature is the ability to collect extra system information from compromised workstations in addition to a list of running processes. The number of bots and associated dispersion are crucial indicators of Emotet's success in reconstructing its once-vast infrastructure.
Read more »
Subscribe to: Posts (Atom)