Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Check Point. Show all posts
Rhadamanthys malware
Check Point Cyber Attacks data security Gmail Gmail Hack Gmail-Accounts Personal Data Phishing scam Rhadamanthys malware

Gmail Alert: Massive Phishing Campaign Spreads Rhadamanthys Malware

 

Cybersecurity experts have issued a new warning about a large-scale phishing attack targeting Gmail users worldwide. Researchers at Check Point have uncovered the threat, which uses fake Gmail accounts to send emails impersonating well-known companies. These fraudulent messages claim recipients have violated copyright laws on their social media accounts, urging them to take immediate action. 

The goal of these emails is to trick victims into downloading attachments laced with the Rhadamanthys Stealer malware. Once installed, this malware infiltrates systems to steal sensitive personal data. The attackers’ strategy is both sophisticated and alarming. They create convincing fake Gmail accounts and customize emails to appear as if they are from legitimate organizations. Victims are informed of supposed copyright violations and pressured to resolve the issue by downloading attached files. 

However, clicking on these files triggers the malware’s installation, granting hackers access to a victim’s computer. The malware operates silently, collecting private information such as login credentials and other sensitive data without the user’s knowledge. The phishing campaign has already reached a global audience, targeting users in Europe, Asia, and the United States. Check Point highlights the staggering scale of the operation, noting that nearly 70% of the impersonated companies belong to the entertainment, media, technology, and software industries. This wide range of targets makes the attack more challenging to detect and stop. 

The campaign leverages people’s trust in established companies and creates urgency, making victims more likely to fall for the scam. One of the most concerning aspects of the attack is the advanced capabilities of the Rhadamanthys Stealer malware. This sophisticated program is specifically designed to evade detection by traditional security measures. Once installed, it can extract a variety of data from the infected system, including passwords, financial information, and personal files. The malware’s ability to operate covertly increases the risk for users who are unaware that their devices have been compromised. 

Experts stress the importance of vigilance in protecting against this type of phishing attack. Email users should carefully verify the sender’s identity and be cautious of messages that create a sense of urgency or demand immediate action. Legitimate organizations rarely use generic Gmail accounts to contact users, and they typically do not send unsolicited attachments or links. Users should also avoid downloading files or clicking on links from unknown sources, as these actions can initiate malware installation. 

Keeping antivirus software up to date is another critical step in preventing infections. Modern security programs are designed to detect and block malicious files like those associated with Rhadamanthys Stealer. Additionally, users are encouraged to report any suspicious emails to their email providers, which can help prevent further spread of such attacks. By staying informed and adopting safe online practices, individuals can reduce their vulnerability to these increasingly sophisticated phishing campaigns.
Read more »
Security research
AI AI bots Artificial Intelligence ChatGPT Check Point Cyber Security Google Bard keylogger Law Enforcement Phishing emails Security flaw Security research

Forget ChatGPT, Google Bard may Possess Some Serious Security Flaws


A latest research claims that Google’s AI chatbot, Google Bard may let its users to use it for creating phishing emails and other malicious content, unlike ChatGPT.

At one such instances, cybersecurity researchers Check Point were able to produce phishing emails, keyloggers, and some basic ransomware code, by using the Redmond giant’s AI tool.

Using the AI tool of the Redmond behemoth, cybersecurity researchers Check Point were able to produce phishing emails, keyloggers, and some basic ransomware code.

The researchers' report further noted how they set out to compare Bard's security to that of ChatGPT. From both sites, they attempted to obtain three things: phishing emails, malicious keyloggers, and some simple ransomware code.

The researchers described that simply asking the AI bots to create phishing emails yielded no results, however asking the Bard to provide ‘examples’ of the same provided them with plentiful phishing mails. ChatGPT, on the other hand, refused to comply, claiming that doing so would amount to engaging in fraudulent activity, which is illegal.

The researchers further create malware like keyloggers, to which the bots performed somewhat better. Here too, a direct question did not provide any result, but a tricky question as well yielded nothing since both the AI bots declined. However, answers for being asked to create keyloggers differed in both the platforms. While Bard simply said, “I’m not able to help with that, I’m only a language model,” ChatGPT gave a much detailed explanation.

Later, on being asked to provide a keylogger to log their keys, both ChatGPT and Bard ended up generating a malicious code. However, ChatGPT did provide a disclaimer before doing the aforementioned.

The researchers finally proceeded to asking Bard to run a basic ransomware script. While this was much trickier than getting the AI bot to generate phishing emails or keylogger, they finally managed to get Bard into the game.

“Bard’s anti-abuse restrictors in the realm of cybersecurity are significantly lower compared to those of ChatGPT[…]Consequently, it is much easier to generate malicious content using Bard’s capabilities,” they concluded.

Why Does it Matter? 

The reason, in simpler terms is: Malicious use of any new technology is inevitable.

Here, one can conclude that these issues with the emerging generative AI technologies are much expected. AI, as an extremely developed tool has the potential to alter an entire cybersecurity script.

Cybersecurity experts and law enforcements have already been concerned for the same and have been warning against the AI technology for it can be well used in increasing the ongoing innovation in cybercrime tactics like convincing phishing emails, malware, and more. The development in technologies have made it accessible to users in such a way that now a cybercriminal can deploy a sophisticated cyberattack by only having minimal hand in coding.

While regulators and law enforcement are doing their best to impose limits on technology and ensure that it is utilized ethically, developers are working to do their bit by educating platforms to reject being used for criminal activity.

While generative AI market is decentralized, big companies will always be under the watch of regulatory bodies and law enforcements. However, smaller companies will remain in the radar of a potential cyberattack, especially the ones that are incapable to fight against or prevent the abuse.

Researchers and security experts suggests that the only way to improve the cybersecurity posture is to fight with full strength. Even though AI is already being used to identify suspicious network activity and other criminal conduct, it cannot be utilized to make entrance barriers as high as they once were. There is no closing the door ever again.

Read more »
ThreatCloud AI
Check Point Cyber Attacks Cyber space Hacktivism Russia-Ukraine War ThreatCloud AI

'Cyber Battlefield' Map Shows Attacks Being Played in Real Time


A live map is all set to monitor cyberattacks around the globe as the conflict in Ukraine fuels a 'significant surge' in hostile activity.

Apparently, the technology utilizes intelligence gathered from a high-end AI-powered system – ThreatCloud AI.

The maps shows countries and companies that are particularly targeted with cyber incidents like malware attacks, phishing or exploitation.

How are Cyber Activities Impacted by the War According to a US-Israeli cyber security firm, Check Point, cyber activities have increased at an alarming rate in the past 17 months, reason being the Ukraine war.

Over the previous six months, the UK was attacked 854 times on average every week. As of May 2023, ransomware attacks have a negative effect on one out of every 77 organizations in the country.

According to Muhammad Yahya Patel, lead security engineer and evangelist for Check Point, “The threat landscape has continued to evolve in sync with the digital world as we are more connected to the internet than ever before. This has led to multi-vector cyberattacks and well thought out campaigns by criminals who want to cause maximum damage to organizations[…]Sometimes they use advanced tools and methods, while other times it’s a simple method like getting someone to click a link in an email."

Moreover, the UK has been suffering an online conflict as a group of hackers, have targeted prominent British organizations, frequently with links to the Kremlin that are either verified or rumored.

“Hacktivism has played a much bigger role globally with several state-sponsored groups and cyber criminals actively fighting a war in cyberspace[…]We had the Ukrainian government taking an unprecedented step by using a Telegram channel to call for international volunteers to help fight the cyber war by joining the “IT Army of Ukraine,” Patel said.

In regards to the Russia based group Killnet, Patel says, ”This is a properly established group with organizational structure and hierarchy. As an organised operation this group have been carrying out disruptive attacks to gain more attention and have recently targeted NATO.”

ThreadCloud AI

The ThreatCloud AI system continuously scans the environment and develops defenses against the numerous and diverse kinds of assaults. The creators provide customers with what they call a "comprehensive prevention-first architecture," which is appropriate for various devices, networks, and systems.

This live ‘battleground’ was presented at the Midland Fraud Forum’s annual conference in Birmingham last week as a segment informing audience regarding the various threats and methods to prevent them.

The multinational company based in Tel Aviv found that the ransomware operators have become more ruthless with their tactics to profit from victims.

One of the recent cases was when the University of Manchester suffered a cyber attack last month, where allegedly the students’ confidential data was compromised. In response, the university claimed that a ‘small proportion of data’ was copied and that ‘it had written directly to those individuals who may have been affected.’

Looking at the current scenarios, universities in the UK seems to have found themselves in the frontline of the ever developing threat landscape at a level greater than any other country.

In regards to this, Patel comments, ”The attacks against the education and research sector are highly concerning because this is higher than what we are seeing globally in this industry[…]It raises questions about what the UK is doing specifically for this sector to help it have a better cyber security baseline as I like to call it.”  

Read more »
Spear Phishing Mails
APT-C-36 BlackBerry research Blind Eagle Check Point Cyber Attacks DNS service Hackers Spear Phishing Spear Phishing Mails

Blind Eagle: Hackers Targets Prominent Industries in Columbia


BlackBerry has recently published a report on a malicious actor, Blind Eagle. It is a cyberespionage campaign based in South America that has been targeting systems in Ecuador, Chile, Spain, and Colombia since the year 2019. 

The most recent threat activities conducted were primarily targeted at organizations in Colombia, involving sectors like “health, finance, law enforcement, immigration, and an agency in charge of peace negotiation in the country.” 

Check Point researchers, who recently examined the Blind Eagle, also known as APT-C-36, noted the adversary and its advanced toolset that includes Meterpreter payloads, distributes through spear-phishing emails. 

How Does APT-C-36 Operate? 

Blind Eagle’s phishing emails lure its victims over the false impression of fear and urgency. The email notifies its recipients that they have "obligaciones pendentes," or "outstanding obligations," with some letters informing them that their tax payments are forty-five days overdue. 

The cleverly-crafted emails are being provided with a link, navigating users to a PDF file that appears to be hosted on DIAN’s website but actually installs malware to the targeted systems, effectively launching the infection cycle. 

The BlackBerry researchers explain it further: 

"The fake DIAN website page contains a button that encourages the victim to download a PDF to view what the site claims to be pending tax invoices," says the BlackBerry researchers. "Clicking the blue button initiates the download of a malicious file from the Discord content delivery network (CDN), which the attackers are abusing in this phishing scam." 

"A malicious [remote access trojan] installed on a victim's machine enables the threat actor to connect to the infected endpoint any time they like, and to perform any operations they desire," they further add. 

The researchers also noted that the threat actors utilize dynamic DNS services such as DuckDNS in order to take control of the compromised hosts. 

Blind Eagle’s Operators are Supposedly Spanish 

Owing to the use of Spanish in its spear-phishing emails, Blind Eagle is believed to be a group of Spanish-speaking hackers. However, the headquarters from where the attacks are conducted and whether the attacks are carried out for espionage or financial gain are both currently undetermined. 

"The modus operandi used has mostly stayed the same as the group's previous efforts – it is very simple, which may mean that this group is comfortable with its way of launching campaigns via phishing emails, and feels confident in using them because they continue to work," BlackBerry said.  

Read more »
Palo Alto Networks
Check Point CSP Cyber Crime DevSecOps JavaScript Log4Shell Palo Alto Networks

Challenges With Software Supply Chain & CNAPP


In 2021, sales of CNAPP exceeded $1.7 billion, an increase of roughly 49% over 2020, according to a recent Frost & Sullivan analysis. According to Frost & Sullivan, CNAPP revenue growth will average over 26% annually between 2021 and 2026.

Anh Tien Vu, industry principal for international cybersecurity and the author of the report, projects that by 2026, revenues will surpass $5.4 billion "due to the increasing demand for a unified cloud security platform that strengthens cloud infrastructure security and protects applications and data throughout their life cycle."

How Does CNAPPs Function?

CNAPP platforms combine many security technologies and features to cut down on complexity and expense, offering:
  • The capabilities of the CSPM, CIEM, and CWPP tools are combined across the development life cycle, correlation of vulnerabilities, context, and linkages.
  • Identifying high-risk situations with detailed context.
  • Automatic and guided cleanup to address flaws and configuration errors.
  • Barriers to stopping unauthorized alterations to the architecture.
  • Simple interaction with SecOps ecosystems to quickly deliver notifications.
Security teams must transition from guarding infrastructure to guarding workload-running applications in order to maximize cloud security and compliance, enable DevOps, and reduce friction. That entails, at the very least, protecting the security of the production environment and cloud service configurations, with runtime protection serving as an important extra layer of security.

Attackers are focusing more and more on cloud-native targets in an effort to find vulnerabilities that may be used to compromise the software supply chain. The widespread effect that a vulnerability of this kind can have on the application environment was demonstrated by the Log4Shell flaw in the widely used Log4j Java runtime library last year.

Melinda Marks, a senior analyst at Enterprise Strategy Group, claims that while CNAPP helps businesses to set up DevSecOps processes where software engineers take the initiative to find potential bugs in code before delivering application runtimes into production, it also goes beyond. Before you release your applications to the cloud, this is crucial for preventing security risks since once you do, hackers can access them.

The scanning of development artifacts like containers and infrastructure as code (IaC), cloud infrastructure management (CIEM), runtime cloud workload protection platforms, and cloud security posture management (CSPM) are just a few of the siloed capabilities that CNAPPs combine. Together with a more uniform approach and improved awareness of the risk associated with cloud-native computing environments, CNAPP offers standard controls to reduce vulnerabilities.

Significantly, CNAPP also promotes communication between teams working on application development, cybersecurity, and IT infrastructure, opening the door to finding and fixing flaws before apps are put into use. CNAPP features are being added to security platforms by security manufacturers like Check Point and Palo Alto Networks. Marks cautions against the common misunderstanding that shifting security left is all about putting security first during the software development and build process.





Read more »
User Privacy
Access Tokens Backdoor Check Point Crypto Crypto Exchange Cyber Crime Investors User Privacy

Dingo Token Charging 99% Fee is a Scam

A major cryptocurrency scam by Dingo Token, as per researchers who discovered backdoor features intended to steal users' money.

Check Point analysts observed this fraudulent charge modification 47 times before issuing the alert. The Dingo Smart Contract's purchase and sell fees are adjustable by up to 99% using a backdoor method called 'setTaxFeePercent,' according to Check Point Research (CPR), which examined the code for the contract. Despite the fact that the project's whitepaper claims that only a 10% fee for each transaction, this is the case. 

According to the cyber security software company, one customer purchased 427 million Dingo Tokens for $26.89 but received 4.27 million, or $0.27 value of Dingo Tokens. Dingo Token had a current market valuation of $223,992 and was rated 1915 on CoinMarketCap.  Recent complaints about the Dingo Token have also been made by users of CoinMarketCap and Twitter. Crypto dealer IncredibleJoker stated in a post on February 5 they could not sell their assets.

According to Check Point's head of product vulnerabilities research, Oded Vanunu, what his group uncovered at Dingo Token is becoming more regular, "this is a popular method that locks users' funds until the scammers gradually withdraw the entire sum. A growing number of scammers are lured to cryptocurrencies. They can remain unidentified. It moves quickly. It's profitable." 

Users are worried that once the creators determine that the value has peaked, they will turn on the backdoor to steal 99% of all users' coins. Investors in cryptocurrencies should be upfront about their questions in order to hear what other people have to say about a project. Whether you are new to trading, it is advised to diversify your money over several different coins and only utilize reliable exchange providers.

DingoToken: What is it?

DingoToken enables users to quickly deposit ANY tokens, including BEP-20 tokens, into an NFT. Now, a rare NFT can be turned into a basket containing a variety of different tokens. An entirely new NFT world is made possible by the DingoToken platform, a new protocol layer. The decentralized app (DApp) built on top of the DingoToken Protocol and targeted at art/collectible NFTs will also be made available for our public launch.

The DApp enables users to Mint / Generate an NFT, deposit their preferred asset into it, and then create their own NFTs. Only NFTs produced with the Dingo NFT Minting Station are supported in our v1 online application. To protect platform users' safety, steps are being taken by the firm. The option to mint one's own NFTs or buy those produced by Dingo Token platform users is available to users.


Read more »
Technology
AI AI tools AI-backed systems Artificial Intelligence ChatGPT Check Point Malicious Campaigns Malicious Code OpenAI Technology

ChatGPT: When Cybercrime Meets the Emerging Technologies


The immense capability of ChatGPT has left the entire globe abuzz. Indeed, it solves both practical and abstract problems, writes and debugs code, and even has the potential to aid with Alzheimer's disease screening. The OpenAI AI-powered chatbot, however, is at high risk of abuse, as is the case with many new technologies. 

How Can ChatGPT be Used Maliciously? 

Recently, researchers from Check Point Software discovered that ChatGPT could be utilized to create phishing emails. When combined with Codex, a natural language-to-code system by OpenAI, ChatGPT can develop and disseminate malicious code. 

According to Sergey Shykevich, threat intelligence group manager at Check Point Software, “Our researchers built a full malware infection chain starting from a phishing email to an Excel document that has malicious VBA [Visual Basic for Application] code. We can compile the whole malware to an executable file and run it in a machine.” 

He adds that ChatGPT primarily produces “much better and more convincing phishing and impersonation emails than real phishing emails we see in the wild now.” 

In regards to the same, Lorrie Faith Cranor, director and Bosch Distinguished Professor of the CyLab Security and Privacy Institute and FORE Systems Professor of computer science and of engineering and public policy at Carnegie Mellon University says, “I haven’t tried using ChatGPT to generate code, but I’ve seen some examples from others who have. It generates code that is not all that sophisticated, but some of it is actually runnable code[…]There are other AI tools out there for generating code, and they are all getting better every day. ChatGPT is probably better right now at generating text for humans, and may be particularly well suited for generating things like realistic spoofed emails.” 

Moreover, the researchers have also discovered hackers that create malicious tools like info-stealers and dark web markets using ChatGPT. 

What AI Tools are More Worrisome? 

Cranor says “I think to use these [AI] tools successfully today requires some technical knowledge, but I expect over time it will become easier to take the output from these tools and launch an attack[…]So while it is not clear that what the tools can do today is much more worrisome than human-developed tools that are widely distributed online, it won’t be long before these tools are developing more sophisticated attacks, with the ability to quickly generate large numbers of variants.” 

Furthermore, complications could as well arise from the inability to detect whether the code was created by utilizing ChatGPT. “There is no good way to pinpoint that a specific software, malware, or even phishing email was written by ChatGPT because there is no signature,” says Shykevich. 

What Could be the Solution? 

One of the methods OpenAI is opting for is to “watermark” the output of GPT models, which could later be used to determine whether they are created by AI or humans. 

In order to safeguard companies and individuals from these AI-generated threats, Shykevich advises using appropriate cybersecurity measures. While the current safeguards are still in effect, it is critical to keep upgrading and bolstering their application. 

“Researchers are also working on ways to use AI to discover code vulnerabilities and detect attacks[…]Hopefully, advances on the defensive side will be able to keep up with advances on the attacker side, but that remains to be seen,” says Cranor. 

While ChatGPT and other AI-backed systems have the potential to fundamentally alter how individuals interact with technology, they also carry some risk, particularly when used in dangerous ways. 

“ChatGPT is a great technology and has the potential to democratize AI,” adds Shykevich. “AI was kind of a buzzy feature that only computer science or algorithmic specialists understood. Now, people who aren’t tech-savvy are starting to understand what AI is and trying to adopt it in their day-to-day. But the biggest question, is how would you use it—and for what purposes?”  

Read more »
Telegram
Check Point Cyber Crime DDOS Attacks Japan Cyber Security Killnet Russian Hackers Telegram

Killnet Targets Japanese Government Websites

According to investigation sources on Wednesday, the Tokyo Metropolitan Police Department intends to look into the recent website outages of the Japanese government and other websites that may have been brought on by cyberattacks by a Russian hacker organization.  

As per Chief Cabinet Secretary Hirokazu Matsuno, the government is apparently investigating if issues with the aforementioned sites were brought on by a denial-of-service (DDoS) attack. 

As per experts, access to the government's e-Gov portal website, which provides a wealth of administrative information, temporarily proved challenging on Tuesday.  

The pro-Russian hacker collective Killnet claimed responsibility for the attack and alleged it had attacked the electronic system of the tax authority and Japan's online public services in a post on the messaging app Telegram. Furthermore, it appeared that the hacker collective wrote that it was an uprising over Japan's 'militarism' and that it kicked the samurai. 
 
However, as per Sergey Shykevich, manager of Check Point Software's threat intelligence group, Killnet was likely responsible for these attacks.  

Killnet's justification for these strikes, according to Shykevich, "is owing to Japan's support of Ukraine in the ongoing Russia-Ukraine war, as well as a decades-long dispute over the Kuril Islands, which both sides claim control over."

As per the sources, the MPD will look into the cases by gathering specific data from the affected businesses and government bodies. The National Police Agency will assess whether the hack on the e-Gov website qualified as a disruption that materially impairs the operation of the government's primary information system as defined by the police statute, which was updated in April.

The cybersecurity expert added that firms in nations under attack by Killnet should be aware of the risks because the group employs a variety of tactics, such as data theft and disruptive attacks, to achieve its objectives. 

Following a recent large-scale attack by Killnet on websites in Italy, Lithuania, Estonia, Poland, and Norway, there have been allegations of attacks targeting Japanese government websites.





Read more »
Subscribe to: Posts (Atom)