Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber space. Show all posts
Ransomeware
CISA & FBI Cyber Security Cyber space Data Theft Ransomeware

FBI and Allies Dismantle Dispossessor Ransomware Network

 

The FBI announced on Monday that it has taken down the servers and websites used by the Radar/Dispossessor ransomware group. This action was part of a global investigation involving the U.K.'s National Crime Agency, the Bamberg Public Prosecutor's Office, and the Bavarian State Criminal Police Office (BLKA). Law enforcement agencies seized several servers and websites, including three in the U.S., three in the U.K., 18 in Germany, and nine domains, some of which included radar[.]tld, dispossessor[.]com, and cybertube[.]video. These sites were used by the group to carry out their attacks. 

Since August 2023, the Dispossessor group, led by a hacker known as "Brain," has been targeting small to mid-sized businesses around the world. The FBI identified 43 victims across various countries, including the U.S., Argentina, Australia, India, and Germany. 

The ransomware gang gained access to company networks by exploiting security weaknesses like outdated software, weak passwords, and a lack of multi-factor authentication. Once inside, they stole data and then used ransomware to lock the companies out of their own systems by encrypting their files. 
If the companies didn’t contact them, the criminals would reach out to other people in the company to pressure them into paying, sometimes sharing stolen files through fake video platforms. The FBI is urging past victims or those targeted by this group to share any information they have by contacting the Internet Crime Complaint Center or calling 1-800-CALL-FBI. 

When Dispossessor first appeared, they acted as an extortion group, reposting old data stolen during previous ransomware attacks by a group called LockBit. They claimed to be affiliates of LockBit and even tried to sell stolen data on hacking forums. 

As of June 2024, Dispossessor began using a ransomware tool leaked from LockBit 3.0 to carry out their own attacks. In the past year, law enforcement has been actively cracking down on various cybercrimes, including cryptocurrency scams, malware development, phishing attacks, and other ransomware operations. They have also targeted and disrupted other ransomware groups like ALPHV/Blackcat, LockerGoga, MegaCortex, and Hive.
Read more »
Technology
CERT-In Cyber Fraud Cyber space India Technology

India Cybersecurity: Key Government Initiatives for Cybersecurity

India Cybersecurity: Key Government Initiatives for Cybersecurity

Indian Government to Enforce Robust Cybersecurity Measures

The Indian Government has done it again, reinforcing its main strategies to improve cyber defenses and protect its citizens in the digital space.

In April 2024, the Indian government released a report claiming India had a record 936.16 million internet subscriptions by December 2023, changing India into one of the largest connected nations globally. 

The Indians are now 'Digital Nagriks,' integrating the internet into their daily routine, using it for vital needs like education, financial activities, business transactions, and accessing government services.

The government has recognized the need for a safe digital space, therefore implementing strong policies. These measures are aimed at protecting against the growing threat of cyber attacks.

What is CERT-IN: Backbone of India's Cybersecurity

The Indian Computer Emergency Response Team (CERT-IN) is a national agency for incident response that plays an important role in protecting India's cyber landscape. Working 24x7, CERT-IN ensures quick responses to cybersecurity incidents.

CERT-IN's Fight Against Cybercrime

CERT-IN partners with Law Enforcement Agencies (LEAs), regulators, and service providers to track and bust phishing websites and investigate fraud activities. According to Cyber Express:
  • CERT-In releases advice to ministries outlining steps to improve cyber security for organizations that handle digital personal data and susceptible information.
  • CERT-In publishes advice through the Reserve Bank of India, the country's central bank, regarding audits and the adoption of security policies by firms issuing prepaid payment instruments.
  • CERT-In runs an automated cyber threat exchange platform that distributes targeted notifications across sectors.
  • CERT-In manages the Cyber Swachhta Kendra, which detects and removes dangerous applications and offers security advice.
  • The platform has developed a Cyber Crisis Management Plan to combat cyberattacks in government and essential sectors.
  • CERT-In conducts cybersecurity simulated drills to assess organizational readiness; 92 drills were conducted with involvement from a variety of sectors.

India's Measure Towards Cybersecurity Awareness

Cyber Crime Coordination Centre

The Centre works towards enhancing the coordinated response of LEAs to cybercrimes. The initiative aims to offer a robust framework for addressing digital threats. Currently, the National Cyber Crime Reporting Portal has been launched, allowing the public to directly report cybercrimes.

Citizen Financial Cyber Fraud Reporting and Management System

The program allows immediate reporting of financial fraud and avoids siphoning of funds by scammers. A toll-free helpline number '1930,' is set up to help in registering online cyber complaints, allowing swift response and assistance for victims of cyber fraud.

Read more »
Vulnerability
Cyber Attacks Cyber space Cyberattack Intel CPU Vulnerability

New Intel CPU Vulnerability 'Indirector' Found

Researchers from the University of California, San Diego, have discovered a new vulnerability in modern Intel processors, specifically the Raptor Lake and Alder Lake generations. This vulnerability, named 'Indirector,' can be used to steal sensitive information from the CPU. 

The problem lies in two components of the CPU: the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB). These components help the CPU make quick decisions, but they have flaws that attackers can exploit. The researchers identified three main techniques used in Indirector attacks: 

1. iBranch Locator: A tool that helps attackers find specific parts of the CPU's decision-making process by identifying the indices and tags of victim branches. 

2. IBP/BTB Injections: Tricks to manipulate the CPU's predictions, causing it to run unauthorized code through targeted injections. 

3. ASLR Bypass: A method to break security measures that protect the memory layout, making it easier to predict and control the CPU. 

By using these techniques, attackers can trick the CPU into running their own code and accessing sensitive data like passwords or encryption keys. This is accomplished by combining the speculative execution achieved through targeted injections with cache side-channel techniques, such as measuring access times, to infer the accessed data. 

To protect against Indirector attacks, the researchers suggest two main defenses: 

1. Use IBPB More: The Indirect Branch Predictor Barrier (IBPB) can prevent certain types of speculative execution, but it can slow down the CPU by up to 50%. 

2. Improve CPU Design: Making the CPU's prediction systems more complex and secure by adding encryption and randomization, which could involve incorporating more complex tags. 

Intel was informed about the Indirector vulnerability in February 2024 and has shared the information with other affected companies. Intel reviewed the findings and believes that existing protections, such as IBRS, eIBRS, and BHI, are effective against this new attack, so no new mitigations or guidance are required. 

The researchers will present their full findings at the USENIX Security Symposium in August 2024. They have also published more detailed information, proof-of-concept code, and tools related to Indirector on GitHub for further study and understanding. 

These publications provide a deeper dive into the attack methodologies, potential data leak mechanisms, and suggested mitigations. Modern CPUs from Intel are vital for many applications, and discovering such vulnerabilities highlights the importance of continually improving hardware security. 

By addressing these flaws and implementing the recommended defenses, the problem security of these processors can be significantly enhanced, protecting users from potential data leaks and other malicious activities.
Read more »
Threat Landscape
Cyber space DDOS Attack Security Framework Technology Threat Landscape

Here's Why Robust Space Security Framework is Need of the Hour

 

Satellite systems are critical for communication, weather monitoring, navigation, Internet access, and numerous other purposes. These systems, however, suffer multiple challenges that jeopardise their security and integrity. To tackle these challenges, we must establish a strong cybersecurity framework to safeguard satellite operations.

Cyber threats to satellites 

Satellite systems suffer a wide range of threats, including denial-of-service (DoS) attacks and malware infiltration, as well as unauthorised access and damage triggered by other objects in their orbit that hinder digital communications. 

For satellite systems, these major threats can distort sensor systems, resulting in harmful actions based on inaccurate data. For example, a faulty sensor system could cause a satellite's orbit path to collide with another satellite or natural space object. If a sensor system fails, it may result in the failure of other space and terrestrial systems that rely on it. Jamming or sending unauthorised satellite guidance and control commands has the potential to destroy other orbiting space spacecraft.

DoS attacks can lead satellites to become unresponsive or, worse, shut down. Satellite debris fallout could pose a physical safety risk and damage to other countries' space vehicles or the earth. Malware installed within systems via insufficiently secured access points may have an influence on the satellite and spread to other systems with which it communicates. 

Many of the 45,000 satellites have been in service for years and have minimal (if any) built-in cybersecurity protection. Consider the Vanguard 1 (1958 Beta 2), a small, solar-powered satellite that orbits Earth. It was launched by the United States on March 17, 1958, and is the oldest satellite still orbiting the earth.

Given potential risks that satellites face, a comprehensive cybersecurity strategy is required to mitigate such risks. Engineering universities and tech organisations must also work with government agencies and other entities that design and build satellites to develop and execute a comprehensive cybersecurity, privacy, and resilience framework to regulate industries that are expanding their use of space vehicles. 

Cybersecurity framework

The NIST Cybersecurity Framework (CSF) outlines five critical processes for mitigating common threats, including those related with satellite systems: identify, protect, detect, respond, and recover.

Identify

First, identify the satellite data, individuals, personnel, systems, and facilities that support the satellite's uses goals, and objectives. Document the location of each satellite, as well as the links between each satellite component and other systems. Knowing which data is involved and how it is encrypted can help with contingency, continuity, and disaster recovery planning. Finally, understand your risk landscape and any elements that may affect the mission so that you can plan for and avoid potential incidents. This information will aid in the successful management of cybersecurity risk for satellite systems and its associated components, assets, data, and capabilities. 

Protect

Using the recently identified data, choose, develop, and implement the satellite's security ecosystem to best protect all of its components and associated services. Be aware that traditional space operations and vehicles typically rely on proprietary software and hardware that were not intended for a highly networked satellite, cyber, and data environment. As a result, legacy components may lack certain security measures. As a result, create, design, and use verification procedures to prevent loss of assurance or functionality in satellite systems' physical, logical, and ground parts, as well as to allow for response to and recovery from cybersecurity incidents. To protect satellite systems, physical and logical components must be secured, access limits monitored, and cybersecurity training made available.

Detect 

Create and implement relevant actions to monitor satellite systems, connections, and physical components for unforeseen incidents and alert users and applications of their detection. Use monitoring to spot anomalies within space components, and put in place a strategy for dealing with them. Use many sensors and sources to correlate events, monitor satellite information systems, and maintain access to ground segment facilities in order to detect potential security breaches. 

Respond

Take appropriate actions to mitigate the impact of a cybersecurity attack or unusual incident on a satellite system, ground network, or digital ecosystem. Cybersecurity teams should inform key stakeholders regarding the incident and its implications. They should also put in place systems for responding to and mitigating new, known, and anticipated threats or vulnerabilities, as well as continuously improving these processes based on lessons learned. 

Recover 

Create and implement necessary activities to preserve cybersecurity and resilience, as well as to restore any capabilities or services that have been impaired as a result of a cybersecurity event. The objectives are to quickly restore satellite systems and associated components to normal functioning, return the organisation to its appropriate operational state, and prevent the same type of incident from recurring.

As our world continues to rely on satellite technology, cyber threats will emerge and adapt. It is critical to safeguard these systems by developing a comprehensive cybersecurity framework that outlines the way to design, create, and operate them. Such a structure enables organisations to respond effectively to incidents, recover swiftly from interruptions, and remain ahead of potential threats.
Read more »
ThreatCloud AI
Check Point Cyber Attacks Cyber space Hacktivism Russia-Ukraine War ThreatCloud AI

'Cyber Battlefield' Map Shows Attacks Being Played in Real Time


A live map is all set to monitor cyberattacks around the globe as the conflict in Ukraine fuels a 'significant surge' in hostile activity.

Apparently, the technology utilizes intelligence gathered from a high-end AI-powered system – ThreatCloud AI.

The maps shows countries and companies that are particularly targeted with cyber incidents like malware attacks, phishing or exploitation.

How are Cyber Activities Impacted by the War According to a US-Israeli cyber security firm, Check Point, cyber activities have increased at an alarming rate in the past 17 months, reason being the Ukraine war.

Over the previous six months, the UK was attacked 854 times on average every week. As of May 2023, ransomware attacks have a negative effect on one out of every 77 organizations in the country.

According to Muhammad Yahya Patel, lead security engineer and evangelist for Check Point, “The threat landscape has continued to evolve in sync with the digital world as we are more connected to the internet than ever before. This has led to multi-vector cyberattacks and well thought out campaigns by criminals who want to cause maximum damage to organizations[…]Sometimes they use advanced tools and methods, while other times it’s a simple method like getting someone to click a link in an email."

Moreover, the UK has been suffering an online conflict as a group of hackers, have targeted prominent British organizations, frequently with links to the Kremlin that are either verified or rumored.

“Hacktivism has played a much bigger role globally with several state-sponsored groups and cyber criminals actively fighting a war in cyberspace[…]We had the Ukrainian government taking an unprecedented step by using a Telegram channel to call for international volunteers to help fight the cyber war by joining the “IT Army of Ukraine,” Patel said.

In regards to the Russia based group Killnet, Patel says, ”This is a properly established group with organizational structure and hierarchy. As an organised operation this group have been carrying out disruptive attacks to gain more attention and have recently targeted NATO.”

ThreadCloud AI

The ThreatCloud AI system continuously scans the environment and develops defenses against the numerous and diverse kinds of assaults. The creators provide customers with what they call a "comprehensive prevention-first architecture," which is appropriate for various devices, networks, and systems.

This live ‘battleground’ was presented at the Midland Fraud Forum’s annual conference in Birmingham last week as a segment informing audience regarding the various threats and methods to prevent them.

The multinational company based in Tel Aviv found that the ransomware operators have become more ruthless with their tactics to profit from victims.

One of the recent cases was when the University of Manchester suffered a cyber attack last month, where allegedly the students’ confidential data was compromised. In response, the university claimed that a ‘small proportion of data’ was copied and that ‘it had written directly to those individuals who may have been affected.’

Looking at the current scenarios, universities in the UK seems to have found themselves in the frontline of the ever developing threat landscape at a level greater than any other country.

In regards to this, Patel comments, ”The attacks against the education and research sector are highly concerning because this is higher than what we are seeing globally in this industry[…]It raises questions about what the UK is doing specifically for this sector to help it have a better cyber security baseline as I like to call it.”  

Read more »
TikTok
Americal Civil Liberties Apple's Store Cyber space Cyberattacks Cyberfrauds FBI Google Play Privacy TikTok

The Montana Legislature Banned TikTok

 


A bill introduced in Montana would prevent apps like TikTok from being listed for download on app stores such as Google Play and Apple's App Store. The bill is forwarded to Republican Governor Gianforte for signature. 

TikTok, owned by Chinese investors, continues to be the target of fierce battles. As part of their efforts to address short-form video apps, Montana lawmakers voted on Friday to ban the most popular app from the state. 

Reuters writes that a bill would prevent applications like TikTok from being listed on apps stores, like Google Play or Apple's App Store in Montana. A 54-43 vote in the Montana House of Representatives approved the bill, SB419. Upon signing the bill, Gianforte will ensure it comes into effect in January. Despite the potential for substantial legal challenges, the legislation may still pass. 

However, there is nothing in the bill that makes it illegal for people who already use the app. This is regardless of the enacted law. The bill's original version forced internet providers to block TikTok. However, that particular language was removed, and it is not part of the amended bill. 

A state government has taken the first step in restricting TikTok in response to perceived security concerns since the legislation was passed. A national ban on TikTok seems to be on the cards after some federal lawmakers have called for an end to the app. 

A bill has been introduced targeting TikTok. It outlines the potential penalties imposed on the company if it violates the law daily. In addition to app stores that violate the law, penalties would also apply. As a result, users who access TikTok as part of their routine will not be penalized for doing so. 

As a result of allegations that TikTok's Chinese owner, ByteDance, places US users' personal information at risk for marketing purposes, the app has come under significant scrutiny from US legislators in recent months. Several congressmen have called for American data sharing with the Chinese government at the federal and state level. Last month, a congressional committee grilled TikTok CEO Shou Zi Chew on the issues widely held by the general public on social media.  

Numerous claims are being made against TikTok, including accusations of data theft, data mining, piracy, and data collection. However, TikTok has repeatedly denied these claims. To gain respect among US legislators, TikTok poured more than $1 billion into establishing a database where American users' data would be archived exclusively on Oracle's servers.

As acknowledged by its champions, the bill's supporters have no practical plans for operationalizing this attempt to censor American voices and therefore have no chance of succeeding. It has also been confirmed by TikTok's spokesperson Brooke Oberwetter that a court will decide whether the bill's constitutionality can stand up in court. Brooke hopes that the government of Montana will continue to abuse the First Amendment to keep TikTok users and creators in Montana from earning a living and protecting their rights under the First Amendment. 

Currently, the bill is being sent to the governor to be signed into law. There is a high probability that Republican governor Greg Gianforte will sign it. In Montana, TikTok has been banned from government devices because he previously banned it. Similar executive orders have been enacted by other states to ban the use of the app on devices and networks owned and operated by the government. 

Data safety concerns, surveillance by the Chinese government, and the involvement of minors in "dangerous activities" resulting from TikTok use were cited in the bill, which included a claim that minors were cooking chicken in NyQuil and climbing milk crates as dangerous activities. Critics of the app say that these activities were part of a set of challenges that had become popular. 

As a result of the links that TikTok's parent company, ByteDance, has with TikTok's parent company, the Chinese government has been widely expressed as having a potential risk of accessing user data from TikTok. 

In addition, they worry that this kind of information could be used by Chinese intelligence agencies or propaganda campaigns for their benefit. It is unclear whether the Chinese government has accessed or used any data related to TikTok's US users to influence them, and there has been no public evidence of this. According to Christopher Wray, Director of the FBI, the FBI does not believe many signs would be at first glance if this were to happen if it did happen. 

To make TikTok safer and more sustainable, the US government has called on its Chinese owners to spin off TikTok. In the context of its Project Texas initiative, TikTok says it can address national security concerns by installing a "firewall" around US users' data covering a wide area of cyberspace. 

Despite the uncertainty surrounding Montana's legislation's future, there is still hope for it. TikTok is a member of an industry group called NetChoice, which also has other technology companies in its membership. The group declared Friday that SB419 violates the US Constitution by trying to punish a person without a trial, or so-called "bills of attainment." 

It has been alleged by other civil society organizations that SB419 violates Montanans' rights to free expression as well as their access to information under the First Amendment. Earlier this week, the American Civil Liberties Union sent a letter to members of state legislatures in which the organization made the argument that government restrictions on freedom of speech must meet a high constitutional standard. 

As a result of SB 419, Montanans would be better off without a platform where they could speak out freely and exchange ideas daily; this would be censorship. 

According to the letter, if this becomes a law, it will set a dangerous precedent that government bodies will hold excessive control over Montanans’ access to the internet. According to Lynn Greenky, a First Amendment scholar and associate professor of Communication Studies at Syracuse University, the legislation also refers to "dangerous content" and "dangerous challenges" to TikTok phrases, raising an immediate "red flag" that will trigger a more thorough review of the bill. 

The bill sponsor, Shelley Vance, did not respond to a request for comment immediately after receiving it. In response to a question about Gianforte's comments, Gianforte's spokesperson failed to respond immediately. If the law is passed, the app ban will be implemented before 2024 begins. Several Congressmen are expressing concerns about the app as security concerns rise due to Chinese owners. As part of the Biden administration's warning issued last month, TikTok's parent company ByteDance, based in China, was told to divest ownership of the service or face a ban by the federal government.
Read more »
Subscribe to: Posts (Atom)