Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label CERT. Show all posts
phishing
AI Deepfakes CERT Cyber Security Fraud phishing

How to Protect Your Small Business from Cyber Attacks

 


It so coincided that October was international cybersecurity awareness month, during which most small businesses throughout Australia were getting ready once again to defend themselves against such malicious campaigns. While all cyber crimes are growing both here and all around the world, one area remains to be targeted more often in these cases: the smaller ones. Below is some basic information any small businessman or woman should know before it can indeed fortify your position.

Protect yourself from Phishing and Scamming.

One of the most dangerous threats that small businesses are exposed to today is phishing. Here, attackers pose as trusted sources to dupe people into clicking on malicious links or sharing sensitive information. According to Mark Knowles, General Manager of Security Assurance at Xero, cyber criminals have different forms of phishing, including "vishing," which refers to voice calls, and "smishing," which refers to text messages. The tactics of deception encourage users to respond to these malicious messages, which brings about massive financial losses.

Counter-phishing may be achieved by taking some time to think before answering any unfamiliar message or link. Delaying and judging if the message appears suspicious would have averted the main negative outcome. Knowles further warns that just extra seconds to verify could have spared a business from an expensive error.

Prepare for Emerging AI-driven Threats Like Deepfakes

The emergence of AI has provided new complications to cybersecurity. Deepfakes, the fake audio and video produced using AI, make it increasingly difficult for people to distinguish between what is real and what is manipulated. It can cause critical problems as attackers can masquerade as trusted persons or even executives to get employees to transfer money.

Knowles shares a case, where the technology was implemented in Hong Kong to cheat a finance employee of $25 million. This case highlights the need to verify identities in this high-pressure situation; even dialling a phone can save one from becoming a victim of this highly sophisticated fraud.

Develop a Culture of Cybersecurity

Even a small team is a security-aware culture and an excellent line of defence. Small business owners will often hold regular sessions with teams to analyse examples of attempted phishing and discuss awareness about recognising threats. Such collective confidence and knowledge make everyone more alert and watchful.

Knowles further recommends that you network with other small business owners within your region and share your understanding of cyber threats. Having regular discussions on common attack patterns will help businesses learn from each other's experiences and build collective resilience against cybercrime.

Develop an Incident Response Plan for Cyber

Small businesses typically don't have dedicated IT departments. However, that does not mean they can't prepare for cyber incidents. A simple incident-response plan is crucial. This should include the contact details of support: trusted IT advisors or local authorities such as CERT Australia. If an attack locks down your systems, immediate access to these contacts can speed up recovery.

Besides, a "safe word" that will be used for communication purposes can help employees confirm each other's identities in such crucial moments where even digital impersonation may come into play.

Don't Let Shyness Get in Your Way

The embarrassment of such an ordeal by cyber crooks results in the likelihood that organisations are not revealing an attack as it can lead the cyber criminals again and again. Knowles encourages any organisation affected to report suspicions of the scam immediately to bankers, government, or experienced advisors in time to avoid possible future ramifications to the firm. Communicating the threat is very beneficial for mitigating damages, but if nothing was said, chances are slim to stop that firm further from getting another blow at that point of time in question.

Making use of the local networks is beneficial. Open communication adds differences in acting speedily and staying well-informed to build more resilient proactive approaches toward cybersecurity.


Read more »
URL Shortener
CERT Critical Flaw cyber security agency DHS DNS attacks Domain Malicious actor Phising Attacks unauthorised access URL URL Shortener

PUMA Network: Unmasking a Cybercrime Empire

A massive cybercrime URL shortening service known as "Prolific Puma" has been uncovered by security researchers at Infoblox. The service has been used to deliver phishing attacks, scams, and malware for at least four years, and has registered thousands of domains in the U.S. top-level domain (usTLD) to facilitate its activities.

Prolific Puma works by shortening malicious URLs into shorter, more memorable links that are easier to click on. These shortened links are then distributed via email, social media, and other channels to unsuspecting victims. When a victim clicks on a shortened link, they are redirected to the malicious website.

Security researchers were able to track Prolific Puma's activity by analyzing DNS data. DNS is a system that translates domain names into IP addresses, which are the numerical addresses of websites and other devices on the internet. By analyzing DNS data, researchers were able to identify the thousands of domains that Prolific Puma was using to deliver its malicious links.

Prolific Puma's use of the usTLD is particularly noteworthy. The usTLD is one of the most trusted TLDs in the world, and many people do not suspect that a link with a usTLD domain could be malicious. This makes Prolific Puma's shortened links particularly effective at deceiving victims.

The discovery of Prolific Puma is a reminder of the importance of being vigilant when clicking on links, even if they come from seemingly trusted sources. It is also a reminder that cybercriminals are constantly developing new and sophisticated ways to attack their victims.

Here are some tips for staying safe from Prolific Puma and other malicious URL shortening services:

  • Be wary of clicking on links in emails, social media posts, and other messages from unknown senders.
  • If you are unsure whether a link is safe, hover over it with your mouse to see the full URL. If the URL looks suspicious, do not click on it.
  • Use a security solution that can detect and block malicious links.
  • Keep your web browser and operating system up to date with the latest security patches.

The security researchers who discovered Prolific Puma have contacted the United States Computer Emergency Readiness Team (US-CERT) and the Department of Homeland Security (DHS) about the service. Both agencies are working to take down Prolific Puma's infrastructure and prevent it from being used to launch further attacks.

Prolific Puma is not the first malicious URL-shortening service to be discovered. In recent years, there have been a number of other high-profile cases of cybercriminals using URL shortening services to deliver malware and phishing attacks.

The discovery of Prolific Puma is a reminder that URL shortening services can be abused for malicious purposes. Users should be cautious when clicking on shortened links, and should take steps to protect themselves from malware and phishing attacks.

Read more »
VMware
CERT CISA & FBI CVE vulnerability Encryption malware Patch Fix Ransomware Attacks. VMware

Ransomware Targeting VMware ESXi Servers Rises

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint advisory warning about an ongoing ESXiArgs ransomware campaign targeting unpatched and out-of-service or out-of-date versions of the VMware ESXi hypervisor for virtual machines (VMs).

The OpenSLP service contains a heap overflow bug that can be exploited by unverified threat actors in simple attacks. This security hole is identified as CVE-2021-21974 on the CVE database. 3,800 VMware ESXi servers around the world have reportedly been compromised, potentially rendering any running VMs useless, as per CISA.

Application of the patch as soon as feasible is strongly advised by CERT-FR, but it also says that systems that are not patched should be checked for indicators of compromise.

Although it has since moved to North America, the ESXiArgs ransomware appears to have begun attacking servers in Europe around February 3. Organizations should isolate impacted servers, reinstall ESXi 7. x or ESXi 8. x in a supported version, and apply any patches, according to the French computer emergency response team (CERT).

Updated ESXiArgs Ransomware

On infected ESXi hosts, the ransomware encrypts files with the. vmxf,.vmx,.vmdk,.vmsd, and. nvram extensions and produces a.args file for each encrypted document with metadata.

The research shows that ESXiArgs is based largely on stolen Babuk source code, which has previously been used by other ESXi ransomware attacks, including CheersCrypt and the PrideLocker encryptor from the Quantum/Dagon group. It is unclear whether this is a new variety or simply a shared Babuk codebase because the ransom notes for ESXiArgs and Cheerscrypt are quite similar but the encryption technique is distinct.

CISA and FBI urged owners of VMware ESXi servers to upgrade them to the most recent version, harden ESXi hypervisors by turning off the SLP service and make sure the ESXi hypervisor is not accessible through the open internet.

Read more »
Technology
CERT Cyber Attacks CYBER Research Cybersecurity malware NIC Technology

Defending Data Breaches Through Cybersecurity

 


This year the government has been working on a cybersecurity strategy that aims to thwart the risk of data breaches, which has been considered a top priority since 2020. In light of a series of ransomware attacks concerning critical data that may have been compromised in recent months, experts and officials view these measures as imperative to protect against such attacks. 

There has been a recent breach of Solar India Industries Limited, which is a company that supplies defense-related equipment, and the All India Institute of Medical Sciences (AIIMS), which is a leading research and healthcare organization in the country, that was reported to be the work of attackers in the last couple months. 

One of the strategies is to assess the severity of several vertical segments of data breaches, according to a person familiar with the matter. As part of these mitigation measures, a national threat intelligence exchange is being set up. A malware repository is being created. Baseline audits are being conducted, and awareness events such as Cyber Week are being planned. 

There is a three-pronged strategy centered on people, processes, and technology. A prime example is the people vertical, which entails improving cyber hygiene so that more cybersecurity professionals are trained and increasing cyber hygiene education. 

The document contains recommendations for processes, a plan for managing cybercrime crises, a standard operating procedure, and a privilege system. This is to ensure that users are given the minimum access to the system. 

There is no need for firewalls to be installed, intrusion prevention systems to be installed, behavioral analysis tools to be installed, network segmentation to be created, and offline backups to be configured. 

According to one of the officials mentioned above, some of these investment areas have already been taken on by the government. 

Aside from the National Informatics Centre (NIC), the government is also looking to revamp the Department of Information and Communication Technology, which is responsible for storing most of the government's information, as well as providing IT solutions to the government. 

The Indian National Security Council Secretariat has been conceptualizing a policy for the past two years under the leadership of Lieutenant General Rajesh Pant. He is the head of the National Security Council Secretariat. An emerging threat in the technology sector is being addressed through a policy called the National Cyber Security Strategy, 2021. This policy identifies the need for a legislative framework to address this challenge. 

To better protect data and ensure that data breaches are reported and punished, the federal ministry of electronics and information technology is drafting a digital data protection bill to govern the process of reporting and penalizing data breaches. The former official mentioned above pointed out the need for a system of regular auditing systems to make sure that data breaches are minimized. He also pointed out that an overarching mechanism is in place to ensure this happens. 

Based on a response to a question in parliament, according to the answer to the question, there were 41,378 cyber security incidents in 2017 and 1,267,564 announced in 2022. 

The government also replied to a question in the context of cyberspace being anonymous, and borderless, and now incorporating different types of devices and services into it. It uses technological innovations and innovation to make it even more sophisticated and complex. 

CERT-In is a national nodal agency responsible for incident response in the country as well as collecting information on cyber incidents that occur to Indian users. Any data breach affecting Indian users must be reported to the Indian Computer Emergency Response Team. The ministry of electronics and information technology informed Parliament on November 16 that there were a total of 14, 6, and 22 incidents identified between the years 2020, 2021, and 2022 (until November) according to the information reported to CERT-In and tracked by it. 

It was also reported to Parliament that between June 2018 and March 2022, Indian banks reported 248 data breaches that resulted in the leak of card-related information from their systems. 

There is no single National Cyber Security Strategy that can be effective without the inclusion of robust resilience measures, which is the view of Supreme Court lawyer NS Nappinai, the founder of Cybersaathi. Consequently, it is only this kind of thing that can protect us in the event of a black swan occurring. There have always been and will always be cyber security threats, but what protects against attacks on critical infrastructure is to make sure they are anticipated and avoided and to have a recovery plan that is quick and simple, she explained further.
Read more »
Vulnerabilities and Exploits
CERT CERT-In Cyberattack Cybersecurity Remote Code Execution Vulnerabilities and Exploits

Take Steps to Protect Your Enterprise Against the Risks

 

Earlier this month, the Apache Software Foundation announced that its log4j Java-based logging utility (CVE-2021-44228) had been vulnerable to a remote code execution vulnerability (CVE-2021-4428). It was rated a critical severity vulnerability by MITRE and given a CVSS score of 10 out of 10. After the release of the Log4j patch, the vulnerability in the database was exploited in the wild shortly thereafter.

Consequently, several governmental cybersecurity organizations throughout the world, including the United States Cybersecurity and Infrastructure Security Agency, the Austrian CERT, and the United Kingdom National Cyber Security Centre, issued alerts urging organizations around the globe to instantly patch their systems. 
 
During a discussion with Jonathan Care, Senior Director Analyst at Gartner a better understanding of the security implications of the Log4j vulnerability was given. In his presentation, he discussed how organizations are susceptible to threats arising from this vulnerability. He also discussed what measures they should be taking to ensure their enterprise systems are protected against potential threats arising from the vulnerability. 
 

Are There Any Systems Affected by the Log4j Vulnerability? 
 

In addition to affecting enterprise applications and embedded systems, Log4j's vulnerability is extremely widespread. Thus, it may influence their sub-components, as well as their sub-systems. Java-based applications including Cisco Webex, Minecraft, and FileZilla FTP are all examples of affected programs, but this is by no means an exhaustive list. Ingenuity, a NASA helicopter mission in the Mars 2020 program, uses Apache Log4j's logging API to record events, so the vulnerability affects this mission as well. 
  
There are many resources available on the web which list vulnerable systems in the security community. Nevertheless, it should be noted that these lists are constantly changing, which makes it imperative to keep an eye on them. As a result, do not take a non-inclusion of a particular application or system as an indication that it will not be impacted by the patch. 

There is a high probability that a particular technology stack will be exposed to this vulnerability. The vulnerability is likely to affect key suppliers such as SaaS vendors, cloud hosting providers, and web hosting providers. 
 

Risk to Enterprise Applications and Systems, if the Vulnerability is Exploited

 
This vulnerability can be exploited by attackers if it is left unpatched, thus allowing them to take control of and infiltrate enterprise networks if it is left unpatched. The vulnerability is already being exploited by malware, ransomware, and a wide array of other automated threats that are actively taking advantage of this vulnerability. 
 
This vulnerability can be exploited with a great deal of ease  all an attacker needs to do is enter a simple string into a chat window, which is all that it takes. 
 
It is referred to as a "pre-authentication" exploit, which means that to exploit the vulnerability, the attacker does not have to sign into the vulnerable system. You should be prepared for the possibility of your web server becoming vulnerable. 
 

To Protect Their Enterprises From Cybersecurity Threats, What Should CyberSecurity Leaders Do? 

 
Identifying this vulnerability and remediating it as quickly as possible should be one of the top priorities for cybersecurity leaders. The first thing you should do is conduct a detailed audit of any applications, websites, and systems within your domain of responsibility that are connected to the internet or can be viewed as public-facing on the Internet. 

Consider the importance of protecting sensitive operational data such as customer details and access credentials, which are stored on systems that contain sensitive operational data. 
 
When you have completed the audit of your remote employees, you should turn your attention to the next step. Personal devices and routers that constitute a vital link in the chain of security should be updated by these provisions. An active, involved approach is likely to be required to achieve this. There is no point in simply issuing a list of instructions since this does not suffice. To gain access to a key enterprise application or data repository, vulnerable routers could be a potential entry point. Your IT team needs to support and cooperate with you in this endeavor. 
 
When an organization has created an incident response plan and initiated formal severe incident response actions, now is the appropriate time to implement formal severe incident response measures. A board of directors, the CEO, the CIO, and the entire organization must be involved in this incident as we believe all levels of the organization should be involved. 

Make sure you have informed senior leadership and that they are prepared to answer public questions about this issue. For at least the next 12 months, vigilance will be crucial for preventing the exploitation of this vulnerability and the attack patterns exploiting it. This is because neither is likely to disappear for some time.
Read more »
Malicious actor
"IS that you" Phishing Scam CERT Credential stealing Cyber Attacks Facebook Scams Malicious actor

Facebook :"Is that you?" 500,000 People Were Victims of this Phishing Scam

 

Facebook has often been a favorite hunting ground for cybercriminals who delight in preying on the naive members of the internet community. While addressing a very prevalent fraud known as "Is that you?" cybernews has conducted research. It's a type of video phishing scam in which the attacker delivers a link to a fictitious video in which the victim appears. When you click, the trouble begins as soon as you enter some personal information and log in. 

Researchers were recently rewarded for such diligence when they received a warning from fellow cyber investigator Aidan Raney – who originally contacted them after the original results were released – that malicious links were being sent to users. Upon further investigation, it was discovered that thousands of these phishing links had been circulated via a devious network spanning the social media platform's back channels. If left unchecked, hundreds of thousands of naive social network users might fall prey to the shady connections - the "Is That You?" scam was said to have ensnared half a million victims before researchers discovered it. 

Raney explained, "I worked out what servers did what, where code was hosted, and how I might identify additional servers." "I then used this information, as well as urlscan.io, to seek for more phishing sites with similar features to this one." 

A thorough examination of the servers linked to the phishing links revealed a page that was transmitting credentials to devsbrp. app. A banner believed to be attached to a control panel was discovered with the wording "panelfps by braunnypr" printed on it. A second search using keywords led the study team right to the panel and banner designer, whose email address and password variations were also identified  neatly turning the tables on fraudsters who prey on unwary web users' credentials. 

Cybernews accessed a website which proved to be the command and control hub for most of the phishing assaults linked to the gang, known to include at least 5 threat actors but could have plenty more, using the threat actor's personal details. This gave our brave investigators a wealth of information about the culprits of the Facebook phishing scam, including the likely country of residence  the Dominican Republic.

"We were able to distribute the user list for everyone who has signed up for this panel," the Cybernews researcher explained. "We started unearthing the identities with as many people on the list as we could using the usernames on the list, but there is still more work to be done." Researchers provided the appropriate information to the Dominican Republic's Cyber Emergency Response Team (CERT) at the time, as evidence suggested that the campaign had started there as well.
Read more »
User Privacy
CERT Data Breach IP Address Private Data Russian Hackers User Privacy

Millions of Loan Applicant's Data is Leaked via an Anonymous Server

The security team at SafetyDetectives, led by Anurag Sen, revealed the specifics of a misconfigured Elasticsearch server that exposed the personal information of millions of loan applicants. The information primarily came from individuals who applied for microloans in Ukraine, Kazakhstan, and Russia. 

The server was identified randomly on December 5th, 2021, while monitoring specific IP addresses. Since the anonymous server lacked authentication mechanisms, it was left vulnerable and unprotected, resulting in the loss of over 870 million records and 147GB of data. 

SafetyDetectives couldn't identify the server's host. Customers' logs from a variety of microloans providers' websites were stored on a server, however, the majority weren't financial services like lenders or banks, but rather third-party intermediates who operate as a link between the loan firm and the applicant. The majority of the data in the server's logs were in Russian which led experts to conclude that the server is owned by a Russian corporation. 

Different types of personal information (PII) and sensitive user data were revealed in this leak, according to SafetyDetectives researchers, including details of users' "internal passports" and other types of data. Internal passports are used to substitute for national IDs in Russia and Ukraine. They are only valid within the country's borders. 

The internal passport details revealed in the exposed data include Marital status Gender, Birthdate, location, physical address, full name, including first, middle, and patronymic names. Number of passports, issue/expiration dates, and serial number. Some of the disclosed information, including cities, names, addresses, and issued by places, was written in Cyrillic script, which is generally utilized in Asia and Europe.

This vulnerability is estimated to affect around 10 million users. Most INNs belonged to Ukrainians, but several server logs and passport numbers belonged to Russians. The server was based in the Dutch city of Amsterdam. 

On December 14th, 2021, SafetyDetectives contacted the Russian CERT, and the Dutch CERT on December 30th, 2021. Both, though, declined to assist. On January 13th, 2022, the server's hosting company was informed, and the server was secured the same day. Given the scope and type of the data exposed, the event might have far-reaching consequences.
Read more »
Ransom
CERT Cyber Attacks DDOS Attack New Zealand Ransom

New Zealand Banks and Post Offices Hit by a Cyber Attack

 

On Wednesday, the websites of a number of financial institutions in New Zealand, as well as the country's national postal service, were momentarily unavailable due to a cyber-attack, according to officials. A DDoS (distributed denial of service) attack targeting a number of organizations in the nation has been reported, according to the country's Computer Emergency Response Team (CERT). 

Minister David Clark, who is in charge of the digital economy and communications, said CERT has informed him that "a number" of organizations have been compromised. “At this time, efforts to ascertain the impact of this incident are ongoing. I won’t get ahead of this process,” Clark said, in a statement. “CERT assures me it is actively engaging with affected parties to understand and monitor the situation.” 

CERT's objective is to assist businesses and government agencies on how to respond to and prevent cyber-attacks. It also collaborates with other government institutions and law enforcement, such as the National Cyber Security Centre (NCSC). 

According to local media sources, Australia and New Zealand Banking Group's (ANZ.AX) New Zealand site and NZ Post were among the websites hit by the attack. ANZ informed clients through Facebook that it was aware that some of them were unable to use online banking services. "Our tech team are working hard to get this fixed, we apologize for any inconvenience this may cause," the post said. 

The "intermittent interruptions" on NZ Post's website were caused by a problem with one of its third-party suppliers, according to the company. Several Kiwibank clients took to social media to complain outages at the little institution, which is partially controlled by the New Zealand Post. In a Twitter post, Kiwibank apologized to clients and said it was trying to resolve "intermittent access" to its app, online banking, phone banking, and website. 

A DDoS assault overloads a website with more traffic than it can manage, causing it to fail. While the identity of the attacker and their motivation are unknown in this case, the goal might be to extract a ransom from the victim in order for the assault to be stopped. During the NZX assault, Minister for Intelligence Agencies Andrew Little expressed the government's advice: Don't pay the ransom.
Read more »
Subscribe to: Posts (Atom)