Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Hacking. Show all posts
Wi-fi
Cyber Hacking Cyberattacks CyberCrime Cybersecurity Cyberthrears Passwords Privacy Routers Wi-fi

The Hidden Dangers of Compromised Wi-Fi Routers

 


Cybercriminals who attack routers are swift and precise, spending countless hours studying network vulnerabilities to compromise sensitive data and then taking advantage of those vulnerabilities to compromise the router. The term "router hacking" refers to taking control of a user's router without their consent by a cybercriminals.

The Wi-Fi hacker, like other types of hackers, relies on security measures that a user may have implemented to protect themselves against the hack - often the administrator password for their router or an unpatched vulnerability in their system. The hacker has a variety of tricks that he can use if he wants to hack into a router successfully. 

There is a risk that a hacker will be able to gain access to a router in minutes if the user has not set a strong password for their router. The hacker can take control of users' router after they have gained access, and even change the settings or install malicious software on users' router after they have gained control. These are all signature signs that users have been hit by a black-hat hacker, as opposed to their more altruistic white-hat cousins. 

Approximately one in 16 internet-connected home Wi-Fi routers can be remotely accessed by attackers using the manufacturer's default admin password. Getting continually kicked off users' home networks can be super annoying, but that's what some hackers will do. A hacker may use a de-authentication attack to target network devices. To do so, a hacker does not even need administrative access to the user router; they only need to find the router and device users' using. They can do this by using a tool such as Aircrack-ng. After doing so, they craft a command that uses the users' router's authentication protocol to deauthenticate users, thus kicking them off the network. 

A Forbes study found that 86% of users never change their default credentials. As default credentials are easily found online, all hackers must do a perfunctory Google search to find the information they need to log into users' routers. If they do, they can change things like the password and SSID. Changing the password will kick users off their network, and changing the SSID will change their network name. They could also hide users' networks entirely after kicking them off and changing the name, making it difficult to get back online. Scammers employ various methods to hack into Wi-Fi networks, exploiting vulnerabilities and poor security practices.

One common technique is brute-forcing Wi-Fi passwords, where hackers systematically attempt numerous password combinations to gain access. Once successful, they can lock users out by changing the password and taking control of the router. Another method involves using the router’s default credentials, often left unchanged by users. Cybercriminals can exploit these factory-set admin passwords to alter router settings, emphasizing the importance of creating a unique password and SSID (wireless network name) for enhanced security. 

Unpatched firmware vulnerabilities also present significant risks. Attackers can exploit outdated software to infiltrate a router's internal systems. For instance, in June 2023, Asus issued critical firmware updates to protect against remote code execution attacks. One of the most severe vulnerabilities, CVE-2018-1160, dating back to 2018, carried a high severity rating of 9.8 on the Common Vulnerability Scoring System (CVSS). 

Furthermore, cybercriminals can execute Domain Name Server (DNS) hijacking by altering a router’s DNS settings and redirecting users to malicious phishing websites. These examples underscore the importance of updating router firmware regularly, using strong passwords, and proactively securing Wi-Fi networks. Understanding the signs of a hacked router is essential for safeguarding users' networks. Altered DNS settings are a major indicator of a breach, as hackers may manipulate these settings to redirect users' internet traffic without their knowledge, potentially launching devastating pharming attacks. 

Users can check their router’s DNS settings in the admin menu to ensure they have not been tampered with. Another red flag is an inability to access the router using the user's admin password. If the credentials no longer work, it could mean a hacker has changed them. In such cases, perform a factory reset immediately and create a new, strong password. Unexpectedly slow internet can also hint at a router hack, especially when accompanied by other suspicious activities. Hackers may exploit users' bandwidth, causing noticeable performance drops. Additionally, strange software or malware on users' devices can result from a router breach, as hackers often use this method to infiltrate connected devices. While malware can spread through various means, its presence alongside other signs of hacking is a cause for concern. 

Monitoring users' networks for unrecognized devices is another critical security measure. Tools like AVG AntiVirus FREE can detect when unfamiliar devices join users' Wi-Fi, issuing alerts that prompt further investigation. While unauthorized devices don’t always indicate a router hack, their presence could lead to one, emphasizing the need for continuous network monitoring. Using reliable security software is vital to protecting users' devices and networks. AVG AntiVirus FREE offers comprehensive cybersecurity features, including real-time malware detection, phishing defence, ransomware protection, and tools to secure users' Wi-Fi networks from potential router hackers. Staying vigilant and equipped with robust security measures ensures a safe online experience.

Hackers can easily carry out this kind of attack even if they do not have administrative access to the user's router; they only need to identify the router and the device that users use to do so. An aircraft-ng tool, which is available online, can be used to accomplish this task. As a result, they craft a command that uses the authentication protocol of the users' router to deauthenticate them, which means they are kicked off of the network once more. The study by Forbes found that 86% of users do not change their default credentials despite being notified about it. 

The default credentials for routers can readily be found online, so it is only a matter of a quick Google search before hackers can discover the credentials they need to access the routers of their targeted victims. In that case, they can change things such as the password and the SSID of the network. By changing a user's password, they will be kicked off their network, and by changing their SSID, their network name will be changed. It's possible that they could also hide the users' networks entirely after they have been kicked off and changed their names, which would make it difficult for them to return to the network. Using a variety of methods, scammers can hack into Wi-Fi networks by exploiting the vulnerabilities and unfavourable security practices that exist. 

There is no doubt that the most common method of hacking Wi-Fi passwords in today's world is through brute-force attacks, which involve scanning many different combinations of passwords too to discover someone's password by scanning all of the combinations simultaneously. When they are successful in taking control of the router, they can lock users out of their accounts by changing their passwords. A second method involves the use of the router's default credentials, often left unchanged by users when they set up the router. These factory-provided admin passwords can be vulnerable to abuse by cybercriminals, highlighting the importance of using a unique password and SSID (wireless network name) for enhanced security when setting up users' routers. 

As a result of firmware vulnerabilities that remain unpatched, there are significant risks involved. There are several ways in which attackers can compromise the internal operating systems of a router by exploiting outdated software. Asus's most recent firmware upgrade for its laptops was released in June 2023, preventing remote code execution attacks against the device. On the Common Vulnerability Scoring System (CVSS), which calculates the severity of vulnerabilities based on their association with security incidents and their impact, CVE-2018-1160, dated back to 2018, had a severity rating of 9.8. A further method of executing Domain Name Server (DNS) hijacking is to alter a router's DNS settings, redirecting the user to malicious phishing sites by altering the DNS settings of a router. 

As a result of these examples, router firmware must be updated regularly, strong passwords are used, and wi-fi networks are carefully secured proactively. Recognizing the signs of a hacked router is crucial for protecting users' networks. Altered DNS settings often indicate a breach, as hackers can manipulate these to redirect users' internet traffic and launch phishing or pharming attacks. Regularly reviewing users' routers' DNS settings in the admin menu can help prevent such risks. Similarly, being unable to access the router with their admin password may mean hackers have taken control. In such cases, a factory reset followed by setting a strong new password is essential. 

A sudden drop in internet speed, especially when combined with other suspicious activity, could point to unauthorized bandwidth usage by hackers. Additionally, unexpected malware or unfamiliar software on users' devices might result from a router breach. Monitoring for unrecognized devices on users' networks is equally important, as these can indicate unauthorized access and potential hacking attempts. 

Investing in robust security tools is a key step in safeguarding users' digital environments. Comprehensive solutions like AVG AntiVirus FREE provide 24/7 protection against malware, phishing, ransomware, and other threats while keeping users' network secure from unauthorized access. Staying proactive with these measures is the best defense for ensuing their online safety.
Read more »
Security Flaws
Black hat Cyber Hacking Cyber Security Data Leak data security Ransomware attack Security Flaws

Researcher Saves Six Companies from Ransomware by Exploiting Security Flaws in Ransomware Gangs’ Infrastructure

 

A security researcher has revealed that six companies were saved from potentially paying significant ransom demands due to security flaws found in the web infrastructure of the ransomware gangs targeting them. In a rare win for the victim organizations, two companies received decryption keys that allowed them to restore their data without paying a ransom, while four hacked cryptocurrency companies were alerted before the ransomware gang could begin encrypting their files.  

Stykas, a security researcher and chief technology officer at Atropos.ai, conducted a research project aimed at identifying the command and control servers behind more than 100 ransomware and extortion-focused groups and their data leak sites. His goal was to find vulnerabilities that could expose information about these gangs, including details about their victims. Stykas disclosed his findings to TechCrunch ahead of his presentation at the Black Hat security conference in Las Vegas. He identified several rookie security flaws in the web dashboards used by at least three ransomware gangs, which were sufficient to compromise the inner workings of their operations. 

Ransomware gangs typically conceal their identities and activities on the dark web, an anonymous section of the internet accessible through the Tor browser. This anonymity makes it difficult to trace the real-world servers used for cyberattacks and the storage of stolen data. However, coding errors and security vulnerabilities in the leak sites used by these gangs to extort victims by publishing stolen files allowed Stykas to access information about their operations without needing to log in. In some cases, the bugs exposed the IP addresses of the leak site’s servers, providing a way to trace their real-world locations. For instance, Stykas discovered that the Everest ransomware gang was using a default password to access its back-end SQL databases, exposing its file directories. 

Additionally, exposed API endpoints revealed the targets of the BlackCat ransomware gang’s attacks while they were still in progress. Stykas also identified an insecure direct object reference (IDOR) vulnerability, which he used to access and cycle through the chat messages of a Mallox ransomware administrator. Through this, he discovered two decryption keys that he shared with the affected companies. The researcher informed TechCrunch that the victims included two small businesses and four cryptocurrency companies, two of which were unicorns—startups with valuations exceeding $1 billion. However, he declined to name the companies involved. He also noted that none of the companies he notified have publicly disclosed the security incidents, though he did not rule out revealing their names in the future. 

The FBI and other government authorities have long advised victims of ransomware not to pay ransoms, as doing so only incentivizes cybercriminals. However, this advice often leaves companies with few options to regain access to their data or resume operations. Law enforcement agencies have occasionally succeeded in compromising ransomware gangs to obtain decryption keys and cut off their illegal revenue streams, though these efforts have had mixed results. 

Stykas’ research underscores that ransomware gangs can be vulnerable to the same basic security flaws that affect large companies. This presents a potential opportunity for law enforcement to target these criminal hackers, even when they operate outside of traditional jurisdictional reach.
Read more »
Password Security
Cyber Hacking Cyber Security data security Hacker attack Password Password Hacking Password Security

The Race Against Time: How Long Does It Take to Crack Your Password in 2024?

In the ever-evolving landscape of cybersecurity, the battle between hackers and defenders rages on. One of the fundamental elements of this battle is the strength of passwords. As technology advances, so too do the methods and tools available to hackers to crack passwords. 

In 2024, the time it takes to crack a password depends on various factors, including its length, complexity, and the resources available to the hacker. Gone are the days when a simple six-character password could provide adequate protection. With the increasing computational power of modern machines and the prevalence of sophisticated hacking techniques, such passwords can be cracked in mere seconds. In 2024, the gold standard for password security lies in lengthy, complex combinations of letters, numbers, and symbols. 

So, how long does it take for a hacker to crack a password in 2024? The answer is not straightforward. It depends on the strength of the password and the methods employed by the hacker. For instance, a short, simple password consisting of only lowercase letters can be cracked almost instantly using a brute-force attack, where the hacker systematically tries every possible combination until the correct one is found.  

However, longer and more complex passwords present a significantly greater challenge. In 2024, state-of-the-art hacking tools utilize advanced algorithms and techniques such as dictionary attacks, where common words and phrases are systematically tested, and rainbow tables, which are precomputed tables used to crack password hashes. These methods can significantly reduce the time it takes to crack a password, but they are still thwarted by sufficiently strong passwords. 

The concept of password entropy plays a crucial role in determining its strength against cracking attempts. Password entropy measures the randomness or unpredictability of a password. A password with high entropy is more resistant to cracking because it is less susceptible to brute-force and dictionary attacks. In 2024, experts recommend using passwords with high entropy, achieved through a combination of length, complexity, and randomness. 

To put things into perspective, let's consider an example. A randomly generated 12-character password consisting of uppercase and lowercase letters, numbers, and symbols has an extremely high entropy. Even with the most advanced cracking techniques available in 2024, it could take billions or even trillions of years to crack such a password using brute-force methods. 

However, the human factor remains a significant vulnerability in password security. Despite the availability of password managers and education on password best practices, many people still choose weak passwords or reuse them across multiple accounts. This behavior provides hackers with ample opportunities to exploit security vulnerabilities and gain unauthorized access to sensitive information. 

The time it takes for a hacker to crack a password in 2024 varies depending on factors such as password strength, hacking techniques, and computational resources. While advances in technology have empowered hackers with increasingly sophisticated tools, the key to effective password security lies in employing strong, unique passwords with high entropy. By staying vigilant and adopting best practices, individuals and organizations can fortify their defenses against malicious cyber threats in the digital age.

Read more »
Mobile Security
Android Cyber Hacking Cyber Security MaaS Malware Attack Mobile Cyber Attacks Mobile Security

Unveiling the MaaS Campaign: Safeguarding Android Users in India

 

In the vast landscape of cybersecurity threats, a new campaign has emerged, targeting Android users in India. Dubbed as the "MaaS Campaign," this nefarious operation has caught the attention of security experts worldwide due to its sophisticated nature and potential for widespread damage. Let's delve into the intricacies of this campaign, understanding its modus operandi and the measures users can take to protect themselves. 

The MaaS Campaign, short for Malware-as-a-Service, represents a significant evolution in cybercrime tactics. Unlike traditional cyberattacks that require substantial technical expertise, the MaaS Campaign allows even novice hackers to deploy sophisticated malware with minimal effort. This democratization of cybercrime poses a severe threat to users, particularly in regions like India, where Android devices dominate the market. 

At the heart of the MaaS Campaign lies the exploitation of Android's vulnerabilities. Android, being an open-source platform, offers a fertile ground for cybercriminals to exploit security loopholes. Through various means, including malicious apps, phishing emails, and compromised websites, hackers lure unsuspecting users into downloading malware onto their devices. Once the malware infiltrates a device, it operates stealthily, often evading detection by traditional antivirus software. One of the primary objectives of the MaaS Campaign is to steal sensitive information, including personal data, financial credentials, and login credentials for various online accounts. 

This information is then used for a range of malicious activities, including identity theft, financial fraud, and espionage. What makes the MaaS Campaign particularly concerning is its targeted approach towards Android users in India. With India's burgeoning smartphone market and increasing reliance on digital services, the country has become a lucrative target for cybercriminals. 

Moreover, the diversity of Android devices and the prevalence of outdated software versions exacerbate the security risks, leaving millions of users vulnerable to exploitation. To mitigate the risks associated with the MaaS Campaign and similar cyber threats, users must adopt a proactive approach to cybersecurity. Firstly, maintaining vigilance while downloading apps or clicking on links is crucial. Users should only download apps from trusted sources such as the Google Play Store and avoid clicking on suspicious links or email attachments. 

Additionally, keeping software and operating systems up-to-date is paramount. Developers frequently release security patches to address known vulnerabilities, and failing to update exposes devices to exploitation. Users should enable automatic updates wherever possible and regularly check for updates manually. 

Furthermore, investing in robust cybersecurity solutions can provide an added layer of defense against malware and other cyber threats. Antivirus software, firewalls, and anti-malware tools can help detect and neutralize malicious activity, safeguarding users' devices and data. Education also plays a pivotal role in combating cyber threats. Users should familiarize themselves with common phishing tactics, malware warning signs, and best practices for online security. By staying informed and vigilant, users can avoid falling victim to cyberattacks and protect their digital identities. 

In conclusion, the MaaS Campaign represents a significant threat to Android users in India and underscores the importance of robust cybersecurity measures. By understanding the tactics employed by cybercriminals and adopting proactive security practices, users can minimize the risk of falling victim to such campaigns. Ultimately, safeguarding against cyber threats requires a collective effort involving users, cybersecurity professionals, and technology companies to create a safer digital environment for all.
Read more »
WordPress Plugin
Cyber Attacks Cyber Hacking Pop-ups Website Website Hack WordPress hacks WordPress Plugin

Hackers Exploit Vulnerability in Popup Builder Plugin for WordPress

 

In a concerning development for website owners and administrators, hackers have been exploiting a vulnerability in the popular Popup Builder plugin for WordPress, resulting in the infection of over 3,300 websites worldwide. This security flaw, officially tracked as CVE-2023-6000, allows malicious actors to execute cross-site scripting (XSS) attacks on websites that are using outdated versions of the Popup Builder plugin, specifically versions 4.2.3 and older. 

The vulnerability was initially disclosed in November 2023, raising alarm bells in the cybersecurity community. Despite this disclosure, many site administrators failed to promptly update their systems, leaving them vulnerable to exploitation by hackers. Now, the consequences of this oversight are becoming apparent, with Sucuri, a prominent cybersecurity firm, reporting a recent surge in attacks targeting WordPress sites through this vulnerability. 

At the core of the exploit is the injection of malicious code into the Custom JavaScript or Custom CSS sections of the WordPress admin interface. This injected code is then stored within the 'wp_postmeta' database table, allowing hackers to manipulate the behavior of the Popup Builder plugin. By leveraging event handlers within the plugin, such as popup open or close events, hackers can execute various malicious actions, including redirecting unsuspecting visitors to phishing pages or malware-dropping sites. Sucuri's analysis has revealed that the attacks originate from domains such as "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com." 

As a proactive measure, site owners are advised to block access to these domains to mitigate the risk of infection. However, blocking domains alone may not be sufficient to fully protect websites from exploitation. To effectively safeguard against this threat, website owners must update to the latest version of the Popup Builder plugin, currently version 4.2.7. 

This updated version addresses CVE-2023-6000 and other security vulnerabilities, providing enhanced protection against malicious attacks. Despite the availability of patches, WordPress statistics indicate that a significant number of active sites continue to use outdated versions of the plugin, leaving them vulnerable to exploitation. 

In the unfortunate event of a website being infected, swift action is necessary to mitigate further damage. Site administrators should immediately remove any malicious entries injected into the Popup Builder's custom sections and conduct thorough scans to detect and eliminate any hidden backdoors that could facilitate reinfection. The prevalence of this vulnerability underscores the importance of maintaining robust cybersecurity practices for WordPress sites. 

By staying vigilant, promptly applying software updates, and implementing proactive security measures, website owners can better protect their sites and mitigate the risk of falling victim to malicious attacks. As the threat landscape continues to evolve, proactive security measures are essential to safeguarding the integrity and security of WordPress websites.
Read more »
User Security
Cyber Hacking Data Breach Epic Games Ransomware User Security

Epic Games Faces Alleged Ransomware Attack

 


Recently, Epic Games, the renowned publisher of Fortnite, is reportedly under threat from a hacking group named Mogilevich. However, the legitimacy of this ransomware attack is yet to be confirmed. Epic Games has stated that they are actively investigating the situation but have found zero evidence supporting the claims made by Mogilevich.

The hacking group asserts that it has nearly 200GB of sensitive data, including emails, passwords, full names, payment information, and source code. This information is claimed to be up for sale on the dark web, raising concerns about a potential security threat for many individuals. Mogilevich has set a deadline of March 4th for purchasing the data, but as of now, there is no concrete proof that they possess the stated information.

Epic Games, responsible for the popular Fortnite game, holds substantial payment data due to its Games Store and the sheer size of its user base. If the claims by Mogilevich turn out to be true, it could pose a significant risk to user privacy and security.

As of the latest update, Epic Games has not officially commented on the situation. It is crucial for users to stay informed about developments in this case.


Security Measures for Epic Games Account Holders

Taking a proactive approach, it is advisable for all Epic Games account holders to secure their accounts. Regardless of the validity of the alleged attack, changing passwords and enabling two-factor authentication (2FA) is a prudent step towards enhancing account security. Using unique passwords for different online platforms is stressed, as it mitigates risks associated with potential data breaches.


Background on Mogilevich

Mogilevich, identified as a relatively new threat by cybersecurity sources, is reportedly responsible for a limited number of attacks. Prior to the alleged targeting of Epic Games, the group targeted Infiniti USA, a subsidiary of Nissan, just over a week ago. Their tactics involve leveraging dark web platforms to sell stolen data, making it imperative for users to take precautions.

In a Tweet, Mogilevich hinted at a demand for $15,000 and 'proof of funds' to release the purported data, adding an additional layer of complexity to the situation.

The situation with Epic Games and Mogilevich highlights the increasing importance of cybersecurity in the gaming industry. While the hack remains unverified, users are encouraged to stay vigilant, update their passwords, and implement 2FA. The potential impact on users and the gaming community is substantial, emphasising the need for urgent and transparent communication from Epic Games as they navigate this security challenge.

This ongoing situation forces the broader issue of cybersecurity threats faced by prominent entities, and how imperative it is to adopt robust protective measures and user awareness in a world drowning in technology. As more information unfolds, it will be crucial for users to stay informed and take necessary actions to safeguard their online accounts.



Read more »
Phishing Attack
Cyber Attacks Cyber Hacking DNS Investment Scam Phishing Attack

Savvy Seahorse: The DNS-based Traffic Distribution System Undermining Cybersecurity

 

In the vast landscape of cyber threats, a new player named Savvy Seahorse has emerged, showcasing a distinctive modus operandi that sets it apart from its counterparts. While the investment scam it orchestrates is unfortunately commonplace, it's the intricate infrastructure supporting it that demands attention. 

Savvy Seahorse employs a sophisticated Traffic Distribution System (TDS), capitalizing on the Domain Name System (DNS) to perpetually alter its malicious domains, making takedowns a formidable challenge. This TDS, as detailed in a recent report by Infoblox, leverages Canonical Name (CNAME) records to maintain a fluid network of thousands of diverse domains. 

Traditionally associated with HTTP-based TDS networks, the use of DNS in this context is a novel approach that poses unique challenges for cybersecurity professionals. Renée Burton, Head of Threat Intelligence at Infoblox, emphasizes that DNS-based TDSs are often overlooked, with a prevailing focus on HTTP-based systems. 

However, Savvy Seahorse has been operational since at least August 2021, operating in the shadows and evading conventional detection methods. The key to Savvy Seahorse's success lies in its exploitation of CNAME records. In the DNS realm, CNAME allows multiple domains to map to a single base (canonical) domain. This seemingly innocuous feature is manipulated by Savvy Seahorse to rapidly scale and relocate its operations. 

When one phishing site is shut down, the threat actor effortlessly shifts to a new one, relying on CNAME as a map to mirror sites. CNAME not only applies to domains but extends to IP addresses. In the event of a hosting infrastructure shutdown, Savvy Seahorse can swiftly redirect its CNAME to a different address, ensuring resilience and evading detection. 

The attacker's ability to advertise any subdomain for a brief period further complicates tracking and takedown efforts. Crucially, CNAME serves as both Savvy Seahorse's strength and vulnerability. While the threat actor has cunningly utilized 30 domain registrars and 21 ISPs to host 4,200 domains, they all trace back to a single base domain: b36cname[.]site. This centralized link becomes Savvy Seahorse's Achilles' heel, presenting a unique opportunity for defenders. 

From a threat intelligence perspective, countering Savvy Seahorse involves a relatively straightforward approach – blocking the one base domain to which the CNAME points. Renée Burton notes that despite the existence of thousands of malicious domains, there's only one malicious CNAME. This single point of failure provides defenders with a potent strategy, allowing them to neutralize the entire threat with one decisive action. 
 
While attackers theoretically have the option to build malicious networks using multiple CNAMEs, Burton highlights a trend among cybercriminals to aggregate towards a smaller set of CNAMEs. This strategic choice, possibly driven by a desire to avoid detection, simplifies the task for defenders, who can focus efforts on a limited number of CNAMEs associated with the threat. 

Savvy Seahorse's exploitation of DNS-based TDS with CNAME records presents a new frontier in cyber threats. The intricate dance between attackers and defenders highlights the importance of understanding and adapting to evolving tactics. As defenders fortify their strategies, the hope is to stay one step ahead of sophisticated threat actors like Savvy Seahorse, ensuring a safer digital landscape for individuals and organizations alike.
Read more »
Digital healthcare system
Consumer Data Cyber Attacks Cyber Hacking Data Theft Digital healthcare system

Nation-State Cyber Attacks Cause Pharmacy Delays: A Critical Healthcare Concern

 

In recent weeks, pharmacies across the United States have experienced significant delays, leaving patients waiting for essential medications. The cause of these delays is now being attributed to a wave of cyber attacks orchestrated by nation-state hackers, raising serious concerns about the intersection of healthcare and cybersecurity. 

Reports suggest that multiple pharmacy chains have fallen victim to sophisticated cyber campaigns, disrupting their operations and causing delays in prescription fulfillment. The attacks have targeted not only large pharmacy conglomerates but also smaller, independent pharmacies, highlighting the broad scope and indiscriminate nature of these cyber threats. 

The nation-state hackers responsible for the attacks are believed to be employing advanced tactics to compromise pharmacy systems, gaining unauthorized access to sensitive patient data and disrupting the pharmaceutical supply chain. The motives behind these attacks remain unclear, but the potential impacts on patient health and the healthcare system at large are alarming. 

The attacks on pharmacies come at a time when the healthcare sector is already grappling with various cybersecurity challenges. The COVID-19 pandemic has accelerated the adoption of digital health technologies, making the industry more susceptible to cyber threats. Pharmacies, in particular, have become attractive targets due to the wealth of sensitive information they handle, including patient prescriptions, personal details, and healthcare records. 

One of the primary concerns arising from these cyber attacks is the potential compromise of patient privacy. Nation-state hackers with access to pharmacy systems could harvest valuable personal information, creating opportunities for identity theft, financial fraud, or even targeted phishing attacks. The compromised data could also be used for more extensive espionage or to gain insights into the health conditions of specific individuals. 

Beyond privacy concerns, the disruptions caused by these cyber attacks pose a direct threat to public health. Patients relying on timely medication refills may face life-threatening consequences if supply chains are disrupted for an extended period. The interconnected nature of the healthcare ecosystem means that disruptions at pharmacies can have cascading effects on hospitals, clinics, and other healthcare providers. The evolving tactics of nation-state hackers in targeting critical infrastructure and essential services underscore the need for heightened cybersecurity measures across the healthcare sector. 

Pharmacies, in particular, must prioritize robust cybersecurity protocols to safeguard patient information and ensure the continuity of healthcare services. Healthcare organizations should invest in advanced threat detection systems, employee training on cybersecurity best practices, and regular security audits to identify and mitigate vulnerabilities. Collaborative efforts between the public and private sectors are essential to share threat intelligence, enhance cybersecurity awareness, and develop proactive strategies to counter the evolving tactics of nation-state hackers. 

In response to the recent wave of attacks, federal agencies and cybersecurity experts are urging pharmacies to enhance their cybersecurity posture. The Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued guidelines to help healthcare organizations strengthen their defenses against cyber threats. 

The pharmacy delays across the United States attributed to nation-state hackers serve as a stark reminder of the vulnerabilities inherent in the healthcare sector's increasing reliance on digital technologies. As the industry continues to evolve, addressing these cybersecurity challenges becomes imperative to safeguard patient well-being, protect sensitive medical data, and ensure the resilience of essential healthcare services in the face of evolving cyber threats.
Read more »
Remote Access Software
cyber attack Cyber Attacks Cyber Hacking Cybersecurity Breach data security Remote Access Software

Security Breach at AnyDesk: Production Servers Hacked, Password Reset

 

AnyDesk, a widely used remote desktop application, is currently grappling with a significant security breach that has raised alarm among its user base. The company recently disclosed that malicious actors successfully infiltrated its production servers, gaining unauthorized access to sensitive information and triggering a large-scale password reset for its users. 

AnyDesk functions as a remote desktop solution, allowing users to access and control their computers from anywhere in the world. Renowned for its user-friendly interface, high performance, and cross-platform compatibility, AnyDesk has become a popular choice for both personal and professional remote connectivity. 

However, the recent security incident sheds light on the inherent vulnerabilities in remote desktop software, particularly in ensuring robust security measures. Despite encryption and authentication protocols in place, hackers often exploit weaknesses in these systems to gain unauthorized access. The breach of AnyDesk's production servers indicates a potential lapse in the platform's security infrastructure. 

The extensive user base of AnyDesk, consisting of millions relying on the platform for remote work and other activities, makes it an attractive target for cybercriminals. The breach not only allowed unauthorized access to user accounts but also led to a mass password reset, creating additional challenges for users and emphasizing the significant impact of such security compromises. 

In response to the breach, AnyDesk promptly acknowledged the incident and urged users to reset their passwords immediately. The company is actively investigating the extent of the compromise and is committed to enhancing its security measures to prevent future breaches. AnyDesk reassures its users that measures are being taken to safeguard the integrity of the platform. 

The forced password reset has left AnyDesk users facing potential disruptions to their remote work and personal activities. As a precautionary measure, users are advised to regularly update their passwords, enable two-factor authentication where available, and remain vigilant for any suspicious activities on their accounts. 

The AnyDesk security breach underscores the ongoing challenges faced by remote desktop software providers in maintaining the security of user data. In an era where remote connectivity has become the norm, ensuring the safety of personal and professional information must be a top priority. Users are encouraged to adopt best cybersecurity practices, stay informed about security updates, and take proactive measures to enhance their overall online security.
Read more »
Social Engineering
Click Bait Cyber Attacks Cyber Hacking CyberCriminal Email Scams Password Social Engineering

Guarding Your Finances: The Art of Phishing Attacks and Social Engineering

 


Malware, hacking techniques, botnets, and other types of technologies are becoming increasingly sophisticated as cyber crimes become more sophisticated. Nevertheless, online criminality exploits tactics that have been refined over decades by criminals long before the internet existed. 

A cybercriminal knows how to control a human tendency for trust as well as trickery, coercion, and the movement of humans to use their faith in them to achieve their criminal goals. "Social engineering" is a term referring to a method of gaining confidence online that is most often used in confidence scams.   

Cybercriminals can glean a nuanced understanding of users by exploiting social media sites, professional profiles, blogs, websites, or local news reports. Using data harvested from these sources over weeks or months will allow them to gain a nuanced understanding of users and even their families. 

It is a collective term for a range of scams or scams that rely on social engineering to seek money directly from a victim or to gain confidential information to enable the perpetrator to commit further crimes after the victim has fallen victim to the scam. The preferred channel for contact is now social media. However, if you want to make contact by phone or in person, it is not uncommon to do that too. 

An individual who uses social engineering to gain access to a company's computer system or information about a client, or to compromise an organization's data, is known as a social engineer. If a malicious individual attempt to pose as a new employee, technician, or researcher, it may appear unassuming and respectable, with credentials that may support the claim that he or she is a new employee, technician, or researcher.

It is still a possibility that a hacker could obtain enough information by asking questions to gain entry into an organization's network. The attacker may also contact a second source within the same organization if he or she cannot gather enough information from one source and then rely on the information gathered from the first source to build credibility in the eyes of the authorities in the organization. 

Phishing scams are responsible for the loss of tens of millions of dollars each year, and the number is increasing every year, according to the authorities. A phishing scheme differs largely from scams in the form of the now-famous "Hi Mum" scheme in the sense that no overt request is made to send money to an account as the tactic. 

To effectively persuade people to provide any personal information to the scammers, they use subterfuges, doctored websites, and carefully calibrated software scripts to get them to divulge personal information. It is a technique that has become popular as a "social engineering" technique in the cybersecurity community as this technique is based on people's typical emotions and behaviours.

Scams may appear in the form of e-mails or text messages claiming to be from an official company or organization, such as the Australian Taxation Office or Netflix, that appear to be from the real thing. Upon receiving a warning message from the company, victims will be directed to a page that resembles the one used by the company and will be asked to fix a problem with their account or to confirm their contact details as soon as possible. 

A phishing kit, which contains HTML assets and scripts that you will need to create a fake website, is available for as little as $10, but scammers will probably pay anywhere from $100 to $1,000 for one. Using this information, the scammer can access bank accounts to transfer money to themselves at any time at his convenience. Phishing has evolved into an underground industry inside Australia's cybersecurity sector, according to Craig McDonald, founder of Australian cybersecurity company MailGuard. 

Many people don't realize the fact that they have made personal information available to swindlers through the use of social engineering because they do not monitor the amount of information that they disclose. There are usually privacy controls on social media sites and forums, for instance, which may be able to help users restrict how much information about them and their lives is visible publicly to others. The problem is that a large number of users consistently ignore these filters and allow any information they post to remain visible to the public.   

Some cyber criminals spend as much time as they can on building their personas as they do building their websites. They may be able to anticipate a person’s reaction to a certain situation with a good understanding of how they would react, which would in turn allow them to act and respond in a way that establishes trust once they reach out to them - as a fellow alumnus, a school parent, or an avid sports enthusiast, to name just a few examples. 

There are many ways that scams can be perpetrated. Gifts and charitable contributions are often requested during the holidays since it is the season for giving. In some cases, criminals may send emails that contain malicious links that permit them to access a person's device, account, or data as well as their personal information. The release of a device or the release of information stolen may be subject to ransom demands.   

Social Engineering: How to Spot It   


A Message of Urgency or Threat  


In case users receive an email, text message, direct message, or any other sort of message that seems overly exciting or aggressive then it is something to be cautious about. These scare tactics are used by scammers to force users into taking action without first thinking through what is being done to them. 

Click Bait for Winning Prizes 


There is a multitude of stories that scammers will tell to pry your personal information from users. Some scammers use bogus prizes and sweepstakes to win money from unsuspecting people. To make the payments out of the winnings, scammers are given users' bank information or sometimes even their tax ID number. 

Users are never going to receive the winnings they are claiming. The scammer is interested in this information so that they can hack users' accounts and steal their identities in a wide variety of ways.  

The Message Appears to be Strange in Some Way. 


A scammer will often pose as a person user knows to get your money. It can be anyone, including friends, family members, coworkers, bosses, vendors, or clients when users are working, or any other person for that matter. The message users receive when they do does seem a bit odd at first, but users will soon get used to it.  

How Can You Prevent Being Phished in The Future? 


When phishing victims become the victim of a scam, there can be difficulties in obtaining recourse. While Australians lost an unprecedented $3.1 billion through scams last year, the big banks only compensated about $21 million in compensation to their customers, even though the banks have each developed their policies for dealing with cybercrime. 

Australian Financial Complaints Authority (AFCA) is a consumer complaints body that is responsible for investigating complaints from the general public about banks. The federal government has provided some indication that it will be reforming Australian online banking law shortly, even if consumer groups maintain that the laws are not robust enough to protect victims of scams. Deputy Treasurer Stephen Jones stated several steps are being taken by the government to impose strict new codes of conduct on the industry.
Read more »
ViLE
Blackmailing Cyber Attacks Cyber Hacking Cybercrimes Cybersecurity DEA ViLE

The DEA Portal Hack was Perpetrated by Two Cybercriminals Last Year


During the investigation into the hacking of the DEA portal in 2022, one of the young American men was accused of breaking in and stealing data from the site. The portal breach provided criminals with access to sensitive information because it was connected to 16 data repositories of federal law enforcement organizations.  

In addition to Nicholas Ceraolo, 25, also known as "Convict" or "Ominus," the suspects are Sagar Steven Singh, 19, commonly known as "Weep." According to the Justice Department, Singh and Ceraolo pretended to be police officers to gain access to Bangladeshi police officials' email accounts. 

Ceraolo is also accused of accessing Bangladeshi police officials' emails. As a result, he got his fake identity used to contact various US-based social networking platforms, claiming members were either in danger or committing crimes to get their personal information. 

In a press release issued by the Justice Department, it was noted that Ceraolo and Singh face five years in prison for conspiring to infiltrate computers. Moreover, they could be sentenced to up to 20 years in prison for conspiring to commit wire fraud, which would represent a significant punishment. 

Because the complaint only contains allegations, the defendants will always be considered innocent until proven guilty. “ViLE,” a notorious cybercrime organization, was occupying the apartment, where doxing experts kept gathering and using personal information for intimidation, harassment, or extortion. The group is infamous for providing shelter to doxing experts who specialize in gathering personal information for illegal purposes and collecting personal information from people. Currently, at large, Ceraolo could be sentenced to up to 20 years in prison for wire fraud and computer crimes for which he is facing multiple charges. He faces up to five years in prison if convicted of the charges against him, which he was charged with in Rhode Island this week. 

In this case, Singh was taken into custody due to an error by an official, which allowed authorities to connect him to the incident, wherein the suspect accessed a social media account using the same email address as the login to access the portal. According to reports, an investigator from Homeland Security verified that Singh had utilized the portal through a raid at his home. 

There is a report that the compromised DEA portal granted access to 16 different law enforcement databases which contain sensitive information on Ceraolo, Singh and their cybercriminal group called "ViLE" which they were a part of.  

Singh in one case claimed to have access to a victim's Social Security number, home address, and driver's license information by utilizing data gathered from the hack. In response, the victim complained that he had been scammed. When they refused to comply with Singh's demands, Singh told them if they did not comply he would "harm" their families. 

A Bangladeshi police officer's email account was used by Ceraolo to gain an official account on social media platforms for his social media operations. In this case, personal information was requested about one of its subscribers. A company employee claimed Ceraolo had allegedly received threats from Bangladeshi officials and had accused them of "child extortion" and blackmailing the subscriber. 

Earlier today, United States Attorney Breon Peace announced the charges against Singh and Ceraolo. The prosecutor noted that Singh and Ceraolo belonged to a group called 'Vile' because of their crime or conduct. As alleged in the complaint, the defendants shamed, intimidated, and extorted others online as a form of harassment. To protect citizens,  the  Office said that it will not tolerate those who misappropriate the public safety infrastructure by impersonating law enforcement officers.

Furthermore, Ivan J. Arvelo, a Homeland Security Investigations official, stated: “These charges highlight how serious these offenses are, and criminals who perpetrate these schemes will be held accountable for their crimes,” in response to the allegations of unauthorized access to and impersonation of a US federal law enforcement system.
Read more »
SSRF
CIA Cyber Attacks Cyber Hacking FIFA Hacking Investigation SSRF

SRF: Investigation Links Qatar to FIFA Hacking and Ex-CIA Operative’s Firm

 

Qatar reveals to have launched a large-scale and long-standing operation against FIFA officials via ex-CIA operatives. With Switzerland serving as a key operator, the highest circles of the Qatari government were as well involved in the espionage operation that was working in secret. 

With the intelligence agents involved planned on swaying the world events in the operation and hackers stealing controversial information and data, the operation was in fact funded by an anonymous client with hundreds of millions of dollars. 

The issue came to light when an investigation by Swiss media SRF’s investigative team ‘SRF Investigativ’ shared details of how the state of Qatar had officials of the world football spied on. Additionally, the investigations showed how the non-FIFA critics of the upcoming World Cup were targeted as well. 

According to the English- version of the report by Tariq Panja from The York Times, The SRF News revealed that Qatar hired an ex-CIA operative Kevin Chalker’s “Global Risk Advisors” firm for “predictive intelligence” on FIFA officials who would attempt on moving the World Cup from the country, via their predictive intelligence efforts allegedly involving computer hacking through intermediaries. 

The ultimate goal of the said efforts is to prevent Qatar from losing the World Cup bid, following the massive criticism that was raised when FIFA awarded the tournament to the authoritarian country in 2010. 

The scope of the covert activities remains considerable, since at least 66 operators were expected to be deployed over the course of one sub-operation alone for over nine years. Moreover, a budget of $387 million was allocated for the operation, with the activities spanning five continents. 

The SRF investigations dig the credentials against the ex-CIA agent Chalker. The investigation deduces that initially, before the World Cup awarding in December 2010, Chalker apparently served as an espionage operator for various bids. But as the criticism raised regarding corruption and human rights violation after the 2010 World Cup was awarded, the target was eventually changed. Now, the goal shifted to preventing FIFA, from taking the World Cup from Qatar, at all costs. 

The investigation showed that Switzerland was the most prominent factor to Qatari intelligence operation. Since, Chalker travelled to Zurich at the demand of Qatar with the intention of bugging the hotel rooms of journalists and members of the Executive Committee. One of the documents revived, included photos taken covertly as a part of surveillance operation. These photographs were reportedly taken at Zurich’s plush Baur au Lac hotel, and showed individuals connected to FIFA meeting with officials and journalists. 

Apparently, FIFA mostly remined oblivious to the spy operation. Sepp Blatter, FIFA’s former President, commented in an interview with SRF, “That there was an organized espionage affair in FIFA, that surprised me. And it's alarming.” Although, several documents indicate that Blatter was of great interest to the spies. The documents mention, for instance, that Blatter’s “plans and intentions” ought to be known in advances. 

Besides, Chalker and Global Risk Advisors are currently dealing with a civil lawsuit, in regard to connection to similar alleged activities. The lawsuit was filed by former US president Donald Trump ally Elliot Broidy. Broidy accused Chalker and his company of a hacking attack on behalf of Qatar, after Broidy’s personal data was leaked to newspapers in 2018. Although, Chalker denies all allegations. The lawsuit is still pending.
Read more »
United States
Cyber Attacks Cyber Hackers Cyber Hacking Elections Hacking United States

US Government Says Election Hacking Does Not Pose Any Threat

 

Despite the U.S. government's efforts to chill everyone out about election hacking less than a month before the midterm elections, the topic is still on many minds. 
 
According to a public service announcement, carried out on Tuesday, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA) said they are aware that, as far as they know, an election hack has never been successful in the United States, and that it's unlikely there will be one anytime soon if it strikes.  
 
As stated in the announcement, "Neither the FBI nor CISA believes there is any evidence that cyber activity has prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, and affected the accuracy of voter registration information in their investigations" (emphasis in original). Considering the extensive safeguards in place and the distributed nature of election infrastructure, the FBI and the CISA continue to assess that it would be very difficult for any attempts to manipulate votes at scale to be unwittingly carried out."  
 
There has been a persistent campaign by some pro-Trump and GOP operatives and sympathizers for the past two years, including MyPillow CEO Mike Lindell, who spread unfounded conspiracy theories and sometimes even flat-out made-up claims of vote manipulation and hacking against voting systems across the country, leading to the announcement. Election security experts believe that the FBI and CISA's announcement appears to be all set to pre-empt these types of allegations. 
 
Matt Bernhard, a research engineer at the non-profit organization Voting Works, which focuses on election cybersecurity, told Motherboard in an online chat that this feels like a pre-bunking exercise.   
 
According to Professor Dan Wallach, an expert in electronic voting systems who taught at Rice University for many years. He has studied them; electronic voting systems are the future.  
 
“If we take it for what it says, it both focuses our attention on misinformation and ‘pre-bunks’ more sophisticated hacking operations,” Dan told Motherboard via email. 
 
It is pertinent to clarify, however, that “this does not mean we can relax about these sorts of sophisticated attacks. The election administrators are, to a specific degree, implementing cyber defenses, and they are currently working on improving them," he added. “Even though it is much easier to convince people that there has been tampering with the election than to do the tampering itself.”

Although election hacks have been rare and ineffective, and are unlikely, federal and state governments are prepared for any eventuality.  
 
"At the Department of Homeland Security, we are very intensely focused on the security of the elections," Minister Mayorkas, who serves as the secretary for the Department of Homeland Security, said earlier this week. There have been past reports on potential vulnerabilities in voting machines by Motherboard as well. However, there has not been any evidence that voting machines have been breached during an actual election that has happened in the past.
Read more »
Sensitive data
China Cyber Crime Cyber Hacking NSA Equation Group Sensitive data

A U.S. Group Hacked Top Research Institutes in India, Russia and China

 

According to a new report from a Beijing-based cybersecurity firm, hackers associated with the United States National Security Agency (NSA) were discovered to have inserted "covert backdoors" that could have given them access to sensitive information in dozens of countries, including India, Russia, China, and Japan. According to the report, it is getting traction in China's media after the country was accused with cyber hacking by the US. 

China's cyber-attacks target sensitive data stored by US institutions. It has become a thorn on the side of bilateral relations between the US and China. On the other side, Indian organisations believe that China hacks into sensitive data from government agencies and institutions. 

The National Security Agency (NSA) is a United States Department of Defense national-level intelligence agency that reports to the Director of National Intelligence (DNI). The NSA is in charge of worldwide information and data monitoring, gathering, and processing for foreign and domestic intelligence and counterintelligence purposes, specialised in a field known as signals intelligence (SIGINT). The NSA is also in charge of protecting the United States' communication networks and information systems. 

Among the allegedly hijacked websites named in the report were those associated with one of India's leading microbial research labs, the Institute of Microbial Technology (IMTech) under the Council of Scientific and Industrial Research, as well as the Indian Academy of Sciences in Bengaluru. Websites associated with the Banaras Hindu University were also reported to have been hacked.

Pangu Lab, a Beijing-based cybersecurity firm, published a technical study outlining how it discovered the backdoors and linked them to "unique IDs in the operating manuals of the NSA" discovered in the 2013 leak of NSA documents by insiders. 

According to the Chinese firm, in 2013, CIA analyst Edward Snowden leaked very relevant NSA files. Because they reveal the NSA's unique IDs. The company discovered a key that unlocks a backdoor Bvp47. It is a hacking tool created in partnership with the National Security Agency by The Equation Group. It also led to the detection of a number of similar cyberattacks that used the same unique IDs as the NSA platform. 

According to the report, which outlined how the backdoor operated, this was a backdoor communication technology that has never been seen before, indicating an organisation with considerable technological capabilities behind it. “As an advanced attack tool, Bvp47 has allowed the world to see its complexity,” it said. “What is shocking is that after analysis, it has been realised that it may have existed for more than 10 years.”
Read more »
VPN
Anonymous hacktivists API Cyber Hacking Data Breach E-mail Fraud malacious RSA VPN

SEGA's Europe Security : AWS S3 Bucket Exposed Provides Steam API Access

 


During a cloud-security assessment, SEGA Europe discovered that critical data was being kept in an unsecured Amazon Web Services (AWS) S3 bucket, and it's sharing the story to encourage other companies to double-check their own systems. VPN Overview researcher Aaron Phillips collaborated with SEGA Europe to protect the leaked data. SEGA's revelation, according to Phillips, is designed to assist the broader cybersecurity community in improving their own defenses.

The unsecured S3 bucket may be used to access user data, including information on thousands of members of the Football Manager forums at community.sigames.com. The following are the issues that have been detected in SEGA Europe's Amazon cloud: 

  • Developer key for Steam 
  • RSA keys are a type of cryptography. 
  • PII and passwords that have been hashed 
  • API key for MailChimp 
  • Credentials for Amazon Web Services 

Sensitive data in hands of a malicious actor could be disastrous for any company, but as Lookout's Hank Schless explained to Threatpost, gaming companies continue to be of particular interest to attackers. To threat actors, gaming firms hold a gold mine of personal data, development information, proprietary code, and payment information. Gaming firms must ensure that their data is protected while consumers from all over the world play their games, thanks to data privacy rules like the CCPA and GDPR.

Indeed, well-known brands like Steam, Among Us, Riot Games, and others have been hacked and utilized to deceive innocent gamers. There is no evidence that malevolent third parties had previously accessed sensitive data or exploited any of the disclosed vulnerabilities, according to the security firm. Researchers were able to upload files, run scripts, edit existing web pages, and change the settings of critically susceptible SEGA domains, according to the researchers. Downloads.sega.com, cdn.sega.com, careers.sega.co.uk, sega.com, and bayonetta.com are among the affected sites. The domain authority scores of several of the afflicted domains are high. 

This cybersecurity research should serve as a wake-up call for enterprises to evaluate their cloud security procedures. The researchers are hoping that more companies follow SEGA's lead in researching and addressing known vulnerabilities before fraudsters use them. There is no evidence that malevolent third parties had previously accessed sensitive data or exploited any of the disclosed vulnerabilities, according to the security firm.
Read more »
Hacking
Angling Direct Cyber Crime Cyber Hacking Hacking

Angling Direct Hacked: Website Visitors Directed to Pornhub

 

Wrongdoers have taken over Angling Direct's computers, redirecting visitors from its websites to Pornhub, and threatened to delete its internal information. In addition to the website redirect, their Twitter account has also been hijacked, referencing a porn site and posting contact information for the attacker. 

The London Stock Exchange-listed supplier of fishing gear and equipment said it is now handling a cyber security problem after they found suspicious activity on its network late Friday, November 05.

It further told the City: "This unauthorized activity shut down the Company's websites and these remain inactive. Some of the Company's social media accounts have also been compromised. The Board has appointed external cyber security specialists whose investigations are underway to establish what happened. Work continues round the clock to bring the websites back online while our 39 retail stores across the UK have remained open and continue to trade." 

However, Angling Direct stated that it is unclear whether any personal information has been hacked - and that no payment information has been exposed. The attacker also included an email address and a promise to return "information and access" to the website. There were no public ransom requests. 

Apart from the phishing, this incident will send chills down the spines of firm executives. Indeed, this assault has all the signs of an immature adolescent hacker having a good time, but it is undoubtedly generating major issues for the victim. 

The team has further informed that indicators point to staff login credentials being taken, permitting hackers to take over the company's website and, simultaneously, its Twitter account. The motivation is clear: cybercriminals want to be compensated before relinquishing control to the company. 

In the meanwhile, the firm is losing a lot of money on prospective sales, not to mention trust and brand harm, as clients feel embarrassed or worse when they visit an explicit website by accident.

In a statement, the company said: "We are mindful of our obligations regarding data; it is too soon yet to make any determination around the impact this incident has had on personal data. Importantly, the company does not hold any customer financial data, as our website transactions are handled by third parties."
Read more »
Whatsapp Scam
Cyber Crime Cyber Hacking Fraudster Scams Whatsapp Data Whatsapp Scam

Delhi Police: Nigerian Arrested for Scamming People by Hacking Mobile Phones

 

The Intelligence Fusion and Strategic Op (IFSO) unit of Delhi Police uncovered a syndicate that was hacking into people's mobile devices and WhatsApp accounts using custom-made malware. 

According to sources, the syndicate's leader recently hacked a senior bureaucrat's WhatsApp account, prompting a full-fledged inquiry. The mastermind of the module, identified as Chimelum Emmanuel Aniwetalu alias Maurice from Nigeria, has been arrested, according to DCP (IFSO) KPS Malhotra. His associate has also been found, and operations are underway to capture him. The syndicate was operating in Delhi and Bangalore. 

DCP Malhotra stated, “The syndicate was sending malware through WhatsApp and thereby accessing call logs, SMSs and contacts and control of the targeted WhatsApp account. After hacking the account, they would pose as the original WhatsApp account holder and communicate with the contact list thereby further hacking into more contacts.” 

“We had received a complaint that a person’s mobile phone was hacked by some unknown persons. Taking over the control of the WhatsApp of the complainant, they started demanding money from the contact list of the complainant by sending various distress messages. The accused had also provided a bank account to the contacts of the complainant for transferring the money."

An FIR was filed at IFSO, and an investigation team comprised of ACP Raman Lamba and inspectors Vijay Gahlawat and Bhanu Pratap was constituted. A technical investigation including IP address analysis (IP-DR) and human intelligence resulted in the recognition of one of the accused, who was caught during a raid. He was captured with a laptop and 15 phones. 

According to the investigation of the confiscated laptop, the gang utilised apps to create and distribute multiple malicious URLs. The accused had delivered malware disguised as an application to the victim's devices. 

DCP Malhotra further stated, “The accused created a dedicated application for each victim which when downloaded and installed on the victim’s phone, sent contacts, call logs and SMSs on the accused’s server.” 

During interrogation and forensic investigation of the devices, it was discovered that the accused employed a variety of methods, the most notable of which was impersonating a girl and befriending males on numerous social media sites. Once trust was established, the gang would give a link allowing him or her to join a group of like-minded peers. 

The DCP further added, once a person clicked on that link, he or she lost control of their social media profiles. Following that, the gang used social media accounts to acquire money. 

Mastermind Maurice was discovered overstaying in the nation despite the fact that his tourist visa had expired in 2018. The investigation also showed that he was scamming individuals under the pretext of selling herbal seeds online. He also befriended elderly men by impersonating ladies from other nations. 

According to police, the man fabricated paperwork claiming to be an UN-approved asylum seeker. A separate case has been opened at the Mohan Garden police station in this matter. The house owner, who rented his property to the foreigner, has also been arrested. 

“Delhi Police appeals to people for being cautious while communicating on social media and avoid clicking on any random web link or URL sent on any social media platform,” the DCP cautioned.
Read more »
Ransom Attack
Cyber Hacking Cyber Security McAffee Ransom Attack

McAfee: Hacking Team Babuk Has Flaws In It's Business Models

 

Recently, ransomware hacking groups have been mostly focusing on Microsoft Windows OS. McAfee researched dedicated Linux and Unix based ransomware, but cross platform ransomware didn't happen. But, hackers are always on the go, McAfee experts recently discovered that from the past few months, many hackers are experimenting with the binary writings in cross-platform script Golang (Go). The worst case scenario was confirmed when Babuk on an underground platform said that it was building a cross-platform focused on ESXi or VMware and Linux/Unix systems. 

Various core backend operating systems in organizations are using the nix operating systems. Besides this, in case of virtualization, wonder about ESXi hosting virtual desktop environment or various servers. McAfee previously wrote a brief blog covering many coding mess ups that Babuk team did while building. McAfee reports "Initially, in our research the entry vector and the complete tactics, techniques and procedures (TTPs) used by the criminals behind Babuk remained unclear. However, when its affiliate recruitment advertisement came online, and given the specific underground meeting place where Babuk posts, defenders can expect similar TTPs with Babuk as with other Ransomware-as-a-Service families." 

Despite Babuk being new to the scene, the group is continuously hacking high profile targets , even though various issues related to binary leading to a stage where files can't be retrieved, even if the transaction was successful. In the end, the problems faced by Babuk developers while creating the ESXi ransomware could've led to change of business model, from extortion to encryption and data theft. To summarise it all, the built and coding of decryption softwares is poorly done, which means that if an organisation is to pay a ransom, the process of files decryption can be delayed without the guarantee that stolen files will be completely retrieved. 

"In its recruitment posting Babuk specifically asks for individuals with pentest skills, so defenders should be on the lookout for traces and behaviors that correlate to open source penetration testing tools like winPEAS, Bloodhound and SharpHound, or hacking frameworks such as CobaltStrike, Metasploit, Empire or Covenant. Also be on the lookout for abnormal behavior of non-malicious tools that have a dual use, such as those that can be used for things like enumeration and execution, (e.g., ADfind, PSExec, PowerShell, etc.) We advise everyone to read our blogs on evidence indicators for a targeted ransomware attack" said McAfee in its blog.
Read more »
Russian Hackers
Cyber Attacks Cyber Hacking DarkSide Ransomware group Russian Hackers

Toshiba Unit Hacked by DarkSide

 

The DarkSide criminal gang, which was also responsible for the assault on Colonial Pipeline, which triggered widespread gas shortages and panic buying across the Southeast, hacked a Toshiba business unit earlier this month. 

Toshiba Tec said in a statement that the cyberattack affected its European subsidiaries, and the company is investigating the extent of the damage. It stated that “some details and data could have been leaked by the criminal gang,” but it did not confirm that customer information was leaked. 

"There are around 30 groups within DarkSide that are attempting to hack companies all the time, and they succeeded this time with Toshiba," said Takashi Yoshikawa, a senior malware analyst at Mitsui Bussan Secure Directions. During pandemic lockdowns, employees accessing company computer systems from home have made businesses more susceptible to cyber-attacks, he said. 

The assault seems to have been carried out by the Russian criminal group DarkSide, according to a company representative who spoke to Reuters. The attack happened on May 4, according to a spokesperson that confirmed the same to CNBC. According to the outlet, the hackers demanded a ransom, but the company refused to pay. Colonial Pipeline, on the other hand, is said to have paid a ransom of approximately $5 million within hours of the attack last week. 

The assault, which resulted in gas shortages and panic buying at US gas stations across the Southeast, likely drew more attention to DarkSide than it had hoped for, with President Biden promising to go after the group. 

According to screenshots of DarkSide's post given by the cybersecurity company, more than 740 gigabytes of data, including passports and other personal details, was compromised. On Friday, Reuters was unable to reach DarkSide's public-facing website. DarkSide's numerous websites, according to security researchers, have become inaccessible. 

Hackers encrypt data and demand payment in cryptocurrency to decrypt it, increasing the number and size of ransomware attacks. They are gradually releasing or threatening to release stolen data unless they are paid more. 

The attack software was distributed by DarkSide, according to investigators in the US Colonial case, which involves Russian speakers and avoids hacking targets in the former Soviet Union. DarkSide allows "affiliates" to hack into targets in other countries, and then manages the ransom and data release.
Read more »
Subscribe to: Posts (Atom)