Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label NSA. Show all posts
protection protect personal data
advice online privacy Cyber Security cybersecurity best practices cybersecurity tips phishing prevention NSA protection protect personal data

NSA’s Common-Sense Phishing and Cybersecurity Tips to Protect Your Personal Data Online

 

Websites frequently conceal the extent to which they share our personal data, employing tactics to obscure their practices and prevent consumers from making fully informed decisions about their privacy. This lack of transparency has prompted governmental responses, such as the European Union's GDPR and California's CCPA, which require websites to seek permission before tracking user activity.

Despite these regulations, many users remain unaware of how their data is shared and manipulated. A recent study delves into the strategies employed by websites to hide the extent of data sharing and the reasons behind such obfuscation.

The research, focusing on online privacy regulations in Canada, reveals that websites often employ deception to mislead users and increase the difficulty of monitoring their activities. Notably, websites dealing with sensitive information, like medical or banking sites, tend to be more transparent about data sharing due to market constraints and heightened privacy sensitivity.

During the COVID-19 pandemic, as online activity surged, instances of privacy abuses also increased. The study shows that popular websites are more likely to obscure their data-sharing practices, potentially to maximize profits by exploiting uninformed consumers.

Third-party data collection by websites is pervasive, with numerous tracking mechanisms used for advertising and other purposes. This extensive surveillance raises concerns about privacy infringement and the commodification of personal data. Dark patterns and lack of transparency further exacerbate the issue, making it difficult for users to understand and control how their information is shared.

Efforts to protect consumer privacy, such as GDPR and CCPA, have limitations, as websites continue to manipulate and profit from user data despite opt-in and opt-out regulations. Consumer responses, including the use of VPNs and behavioral obfuscation, offer some protection, but the underlying information asymmetry remains a significant challenge.
Read more »
Technology
Cloud Protection Cloud Servicing CSI Data Safety and Protection NSA Technology

CSI/NSA Joint Best Practices for Cloud Security

 

The NSA and CISA have released a set of five cybersecurity bulletins to help make cloud environments safer. These bulletins share important tips for keeping cloud systems secure, which are used a lot by businesses. 

Cloud services are popular because they let companies use servers, storage, and apps without having to worry about managing all the complicated tech stuff themselves. This has made life easier for businesses big and small, allowing them to focus on what they do best while relying on the reliability and flexibility of cloud platforms. 

What is cool is that many companies now offer both regular software you install on your own computers and cloud versions that they manage for you. This means businesses have choices and do not have to deal with all the headaches of managing software themselves. 

The partnership between NSA and CISA shows how important it is to keep cloud systems safe, especially now that more and more businesses are using them for remote work and digital upgrades. These bulletins give organizations practical advice on how to stay safe from online threats and keep their data secure. 

By sharing these joint tips, NSA and CISA want to make sure that businesses have the right tools and knowledge to protect themselves against cyber attacks as they use cloud services. It is like giving them a guidebook to navigate the sometimes tricky world of cybersecurity. 

CSI/NSA Joint Best Practices for Cloud Security 

1. Use Secure Cloud Identity and Access Management Practices 

To keep your cloud systems safe, it's crucial to manage who can access them and how they do it. Follow these tips: 

Enable Multi-Factor Authentication (MFA): Make it harder for unauthorized users to get in by requiring more than just a password. 

Securely Store Credentials: Keep your login information safe and away from prying eyes. Partition Privileges: Limit what each person can do in the cloud to minimize the risk of someone doing something they shouldn't. 

2. Use Secure Cloud Key Management Practices

When it comes to managing encryption keys in the cloud, it's important to do it right.  Here's how: 

Understand Shared Security Responsibilities: Know who is responsible for what when it comes to keeping encryption keys safe. 

Configure Key Management Solutions (KMS) Securely: Set up your encryption key systems in a way that is safe and secure. 

3. Implement Network Segmentation and Encryption in Cloud Environments 

To protect your data as it moves around in the cloud, follow these steps: 

Encrypt Data in Transit: Keep your data safe as it travels between different parts of the cloud. 

Segment Your Cloud Services: Keep different parts of your cloud separate from each other to stop them from talking when they should not. 

4. Secure Data in the Cloud 

When storing data in the cloud, make sure it stays safe with these practices: 

Encrypt Data at Rest: Keep your data safe even when it is sitting around doing nothing. 

Control Access to Data: Only let the right people get to your data,and keep everyone else out. 

Backup and Recovery Plans: Have a plan in place to get your data back if something goes wrong. 

5. Mitigate Risks from Managed Service Providers in Cloud Environments 

When working with outside companies to manage your cloud, take these steps to stay safe: 

Secure Corporate Accounts Used by MSPs: Make sure the accounts used by managed service providers are as secure as your own. 

Audit MSP Activities: Keep an eye on what the managed service providers are doing in your cloud to catch any suspicious activity. 

Negotiate Agreements Carefully: When working with MSPs, make sure your agreements include provisions for keeping your data safe. 

By following these joint best practices from CSI and NSA, you can better protect your cloud systems and keep your data safe from cyber threats.
Read more »
NSA
Cyber Security Cyberattacks CyberCrime data security FBI NSA

NSA Confession: Unlawful Surveillance on Americans Exposed

 


Despite attempts to conceal details of arrangements between United States spy agencies and private companies that track the location of Americans using their cell phones, United States officials fought to conceal the details. Normally, law enforcement and intelligence agencies require a warrant to obtain data from US phones. 

Still, they usually pay companies for that data instead, effectively circumventing the courts to obtain the data. Ron Wyden, a Democratic Senator from Oregon, claims that the US National Security Agency has confirmed that it has bought the internet browsing records of American users without a warrant. 

During the past three years, Congressman Wyden has worked tirelessly to expose the NSA's practices, including buying location data from smartphones without the need for a warrant. It was Wyden's “warrantless purchases” that included information about websites and apps used by users. 

As a result, US government agencies often acquire sensitive information about Americans from commercial marketplaces without the necessity of getting court warrants. The NSA director, Paul Nakasone, wrote to Wyden in a letter that stated that they were only purchasing Netflow data and information from electronic devices that are used in both domestic and international environments. 

It was mostly Internet communications data that was collected, but American communications content was not included in the data. In their claim that the National Security Agency is using commercially available Netflow data to conduct cybersecurity and foreign intelligence activities, to defend US military networks against foreign hackers, and to minimize the collection of U.S. personal information through technical filters, they claim that they are using commercially available Netflow data. 

There is a recent order from the Federal Trade Commission that prohibits data brokers from selling individuals' geolocation data without consumers' consent first, which the senator says the NSA violates. According to him, it is critical that the Office of the Director of National Intelligence ask intelligence agencies to conduct a broader audit of the types of data that they collect and whether the databases they use contain information that violates the FTC order. 

As a result of this most recent disclosure, it has become increasingly apparent how essential it is to improve the accountability and transparency of the intelligence community. Public disclosure should be made of the scope of data collection initiatives, the measures taken to protect against misuse, and the legal justifications for these actions. 

The absence of clear monitoring and judicial review contributes to increased public mistrust and concerns about possible abuse of power. As a key force in influencing clarification from the NSA and passing legislation designed to limit the NSA's appetite for data collection, Congress must play a key role in pressing for clarification. 

To control an intelligence agency that appears more and more concerned about mass surveillance rather than targeted investigation, it is critical to strengthen privacy rights, create independent judicial scrutiny, and develop robust oversight procedures. 

A large amount of information has been obtained by the National Security Agency (NSA) from American citizens in the past. Several reports have surfaced that have revealed similar actions taken by the FBI and other intelligence organizations that are comparable to those taken by the FBI. 

The expansion of the market for personal information gives rise to more general concerns surrounding the possible emergence of a dark sector in which people's privacy may be exploited and commodified for the benefit of the government, thus creating a society in which privacy is exploited and commodified. 

Internet privacy goes beyond simply opposing the NSA's practices of buying data to fight back against the practices of selling data. The call for accountability, transparency, and respect for the individual rights of citizens has been accompanied by a comprehensive approach that takes the data-driven surveillance apparatus as a whole into consideration. As soon as users achieve a balance between the benefits of freedom and the risks of national security, they will be well-positioned to successfully navigate the hazy seas of national security.
Read more »
User Priavcy
AI Chatbot AI Tool CIA CISA & FBI Cyber Security NSA Open Source Software Spies US-China USA officials User Priavcy

CIA's AI Chatbot: A New Tool for Intelligence Gathering

The Central Intelligence Agency (CIA) is building its own AI chatbot, similar to ChatGPT. The program, which is still under development, is designed to help US spies more easily sift through ever-growing troves of information.

The chatbot will be trained on publicly available data, including news articles, social media posts, and government documents. It will then be able to answer questions from analysts, providing them with summaries of information and sources to support its claims.

According to Randy Nixon, the director of the CIA's Open Source Enterprise division, the chatbot will be a 'powerful tool' for intelligence gathering. "It will allow us to quickly and easily identify patterns and trends in the data that we collect," he said. "This will help us to better understand the world around us and to identify potential threats."

The CIA's AI chatbot is part of a broader trend of intelligence agencies using AI to improve their operations. Other agencies, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), are also developing AI tools to help them with tasks such as data analysis and threat detection.

The use of AI by intelligence agencies raises several concerns, including the potential for bias and abuse. However, proponents of AI argue that it can help agencies to be more efficient and effective in their work.

"AI is a powerful tool that can be used for good or for bad," said James Lewis, a senior fellow at the Center for Strategic and International Studies. "It's important for intelligence agencies to use AI responsibly and to be transparent about how they are using it."

Here are some specific ways that the CIA's AI chatbot could be used:

  • To identify and verify information: The chatbot could be used to scan through large amounts of data to identify potential threats or intelligence leads. It could also be used to verify the accuracy of information that is already known.
  • To generate insights from data: The chatbot could be used to identify patterns and trends in data that may not be apparent to human analysts. This could help analysts to better understand the world around them and to identify potential threats.
  • To automate tasks: The chatbot could be used to automate tasks such as data collection, analysis, and reporting. This could free up analysts to focus on more complex and strategic work.

The CIA's AI chatbot is still in its early stages of development, but it has the potential to revolutionize the way that intelligence agencies operate. If successful, the chatbot could help agencies to be more efficient, effective, and responsive to emerging threats.

However, it is important to note that the use of AI by intelligence agencies also raises several concerns. For example, there is a risk that AI systems could be biased or inaccurate. Additionally, there is a concern that AI could be used to violate people's privacy or to develop autonomous weapons systems.

It is important for intelligence agencies to be transparent about how they are using AI and to take steps to mitigate the risks associated with its use. The CIA has said that its AI chatbot will follow US privacy laws and that it will not be used to develop autonomous weapons systems.

The CIA's AI chatbot is a remarkable advancement that might have a substantial effect on how intelligence services conduct their business. To make sure that intelligence services are using AI properly and ethically, it is crucial to closely monitor its use.

Read more »
NSA
Cyber Attacks CyberCrime Network Security NSA

How to Avoid Cyberattacks on Your Home Network

 


As remote working can offer employees several benefits, it also poses the possibility of creating the additional threat of cyber-attacks in the future because employees work outside of their company's internal network.  

There is also the possibility that if hackers compromise the computers of remote employees by stealing their corporate credentials or if they are infected with malware, it becomes a costly threat to the organization's network security.   

There are many cybersecurity risks that organizations face if they cannot identify and protect their remote workers from cyberattacks such as data breaches, phishing campaigns, ransomware attacks, and business email compromises (BECs).  

The NSA has released cybersecurity tips to help remote workers protect themselves and their networks against cyberattacks and hackers. This is to prevent this from happening in the first place. The NSA has outlined these tips to help remote workers prevent this.  

NSA cybersecurity technical director Neal Ziring said in a world where telework is common cybercriminals can use their home network as a platform for stealing sensitive information and protecting their identities due to its use as part of the home network access point. Cybercrime risk is reduced by securing devices and networks and being online safely.  

As a result of the NSA's recommendations, there are several ways to ensure remote network and data security. The recommendations were based on those made by the agencies. 

Stay Up-to-Date With Modern Operating Systems, Apps, and Browsers   

It is one of the most effective methods of protecting your device from cyberattacks if you use the latest operating system. You should keep it updated with the latest security patches.  

As a rule of thumb, use the latest operating system version. Old versions of operating systems, which are no longer receiving updates, may eventually cease to receive updates across the board - this could result in no security patches if vulnerabilities are discovered after the cut-off, which could be exploited by attackers.  

Your screen usually prompts you for these updates. This prompt will prompt you to restart your computer. Therefore, you need to do that as soon as possible before the update is installed. 

In the same way, you should use the latest applications, software, and browsers. This is because they will offer you the latest security updates. This will make it more difficult for cybercriminals to exploit known vulnerabilities in software to attack you.  

Keep Your Router Secure and Up to Date  

Your internet service provider (ISP) provides you with a router to connect to the internet. Many people do not think about this device much, leaving it hidden in a corner after installation. 

But your router is a crucial part of your networking set-up, providing a gateway into and out of your home network -- something that can be exploited by cyber attackers if it is not secured properly.  

Keeping your router up-to-date with the latest security patches is like keeping every other internet-connected device updated with the latest security patches and you can set your router up to download and install them automatically as soon as they are available.  

A router should be replaced with a newer model if it reaches end-of-life and will not receive updates from the ISP if it is not supported long-term by the company.  

Set up a Wireless Network Segmentation System

It is a wise idea to separate your Wi-Fi connections so that there are separate Wi-Fi networks for your work and home devices so that you can better secure your work and home devices. 

A basic recommendation from the US National Security Agency (NSA) is that you should segment your wireless network into three main types, namely primary wireless, guest wireless, and IoT wireless. It is through this segmentation that you can prevent your less secure devices from directly communicating with your more secure devices.  

Use Password Managers to Protect Your Passwords

To guarantee the safety of your passwords, especially those you use to access corporate cloud environments, you need to secure them. To prevent attackers from guessing your passwords, you need uniqueness and complexity. 

The problem of remembering multiple passwords will always remain. However, using a password manager, this obstacle can be avoided by using a strong, unique password that will help you keep track of all passwords.  

Additionally, you should not store passwords on your device in plain text so they cannot be stolen or lost. If your device is lost or stolen, your accounts will be protected from unauthorized access.  

Accounts Should be Multi-Factor Authenticated 

Whenever possible, you should use multi-factor authentication (MFA), or two-factor authentication (2FA) to protect your accounts. 

To link your corporate account with your employer's, it is ideal if your employer provides you with an authenticatorMulti-factor authentication (MFA) can also improve your personal accounts' security. One of the most effective methods of protecting data is to use security keys based on applications or hardware. If that is not possible, SMS-based multifactor authentication can be an effective alternative. 

Secure Your Computer  

In the case of remote workers, you should make sure that you use a piece of software that protects your computer from viruses, which your employer probably provides you with. You can also install antivirus software on your personal computers to keep you and your family safe. You do not have to spend a lot of money on this software, so look for a free one online.   

To keep your computer safe, antivirus software alerts you when malicious attachments, websites, or other potential threats are detected. 

Public Wi-Fi Should be Used Cautiously  

Remote working has an advantage unlike anything else available right now. Working from anywhere is just one of the reasons people prefer coffee shops over home offices.  

While there is an internet connection on the device, do you know whether or not it is secure? A report by the National Security Agency shows that public hotspots are more likely to be targets of malicious software, so it is highly recommended to treat public Wi-Fi with extra caution, or if the situation can be avoided, avoid using it altogether. 

Unlike Wi-Fi hotspots, you are better off using a cellular network for Internet connection, such as mobile Wi-Fi or even devices with 4G or 5G capabilities, as an alternative Wi-Fi hotspot. The NSA recommends using a VPN provider to protect your connection when connected to public Wi-Fi. This is to avoid malicious activity and protect you from spying. 
Read more »
Software
Cyber Attacks Cyber Systems NSA Remote Code Execution RMM Software Software

Using Legitimate Remote Management Systems, Hackers Infiltrate Federal Agencies

 


Last summer, several Federal Civilian Executive Branch (FCEB) agencies were breached across several states of the US through a clever hacking operation that employed two off-the-shelf remote monitoring and management systems (RMMs). 

A joint advisory was released on Jan. 25, 2013, by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC). This joint advisory shed light on the attacks in detail. It also warned the cybersecurity community of the misuse of commercial RMM software. It also provided mitigation strategies as well as indicators of potential compromise. 

To monitor and manage client networks and endpoints remotely, IT service providers use Remote Monitoring and Management tools (RMMs). According to the US government, hackers can bypass typical software control policies on victim computers using the same software to evade authorization requirements. 

Hackers Used RMMs to Breach the Government's Security 

As part of its retrospective analysis of Einstein, a system CISA deploys across its FCEB agencies that detects intrusions, CISA conducted this scenario last October. There may have been more to the research than the researchers had expected. 

There was a phishing email sent to the government email address of an employee of FCEB in mid-June last year by hackers. The email provided a phone number that needed to be called in response to the email. They were instructed to visit the website www.myhelpcare.online when calling the number, it prompted them to visit a malicious website. 

By visiting this domain, an executable was downloaded, which was then used to connect to a second domain through Internet Protocol (IP), where two Remote Management Managers (RMMs) - AnyDesk and ScreenConnect (now ConnectWise Control) - got involved. In the case of the second domain, NoneDesk and ScreenConnect were not installed on the target computer. 

Compared to the number of standalone programs that were downloaded, a much higher proportion were downloaded as self-contained, portable executables which were configured to connect back to the servers of the threat actors, rather than downloadable as standalone files. 

Why is this significant? What are the implications of this? It is pertinent to note that the authoring organizations have explained that portable executables do not require administrator privileges, so they can be used in settings where a risk management control may be in place to audit or block the installation of an unapproved program on a network even if the program has not been approved by the corporate IT department. 

By taking advantage of the compromised software controls and admin privileges, the threat actors would have a chance to take advantage of other vulnerable machines within the local intranet or use the executable to establish long-term persistent access as a local user service. 

The June compromise, however, appears to have just been the tip of the iceberg when it comes to issues of the future. There was further analysis of the traffic between a different FCEB network, "my help is .cc," and a similar domain - "my help is cc," which three months later led to another FCEB network being observed and the authors recall that further analysis revealed related activity involving other FCEB networks as well. 

There is no doubt that the attackers were motivated financially, although they targeted government employees. Using RMM software, the attackers connected to targets' computers and enticed victims to log into their bank accounts to monitor their balances. The authors exploited their access to modify the summaries of the recipient's bank accounts through RMM software. The actors then instructed the recipient to 'refund' this excess amount to the scam operator by returning it to the bank account summary. This showed that the recipient had mistakenly refunded an excess amount of money.
Read more »
NSA
5G Network 5G Slicing CISA Cyber Security NSA

NSA, CISA Concerns Over Security Risks Against 5G Network Slicing


The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released new guidelines regarding cybersecurity threats pertaining to 5G network slicing. 

The document illustrates how a network slice is “an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs.” 

While numerous network slices operate on a single physical network, the guidelines clarify that each network slice user is only authenticated for one specific network region, allowing for data and security isolation. 

“This type of architecture heavily relies on a Network-as-a-Service (NaaS) model, combining Infrastructure-as-a-Service with network and security services, which enhances the operational efficiency and resiliency of the 5G infrastructure […] Within a 5G architecture, the plan is to deliver the whole NaaS so that different customer segments can be efficiently supported,” reads the guideline.

According to the report, "network slicing enables operators to incorporate various network characteristics or components, possibly from different operators, to offer particular applications or services for 5G consumers. Although effective for delivering services, 5G network slicing throws a wide net of threats, including possible weak points in standards and regulations, the supply chain, and other areas."

"Although network slicing is not solely unique to 5G, it is a critical component because 5G specifications call for network slicing as a fundamental component and therefore require network operators to adopt security practices that can mitigate threats like those described in this paper, DoS, MitM attacks, and configuration attacks," the report states. 

Due to these cyber threats, the NSA and CISA have stated that maintaining and monitoring a network slice is essential for identifying and thwarting cyberattacks. 

“For more robust security, network operators should consider techniques, as referenced in this paper, such as zero trust, multi-layer security, cross-domain solutions, post-quantum cryptography, and isolation,” both agencies concluded. 

The NSA, along with CISA, has appointed members and experts from public and private sectors in order to address security concerns pertaining to 5G slicing. This resulting 5G network slicing cybersecurity report looks forward to its architecture, how it will aid in emerging technologies, such as autonomous vehicles, and guidelines on how to secure it.  

Read more »
User Privacy
Cyber Crime NCSC NSA Software Supply Chain Attack User Privacy

UK Issued New Cybersecurity Guidelines on Emerging Supply Chain Attacks

A surge in the number of instances has prompted cyber security experts to issue a fresh warning about the danger of supply chain hacks. Businesses have been advised by the UK's cybersecurity agency to take additional precautions against supply chain assaults. In response to what it claims to be a recent increase in supply chain threats, the National Cyber Security Center (NCSC) has produced fresh advice for enterprises.

Although the advice is applicable to businesses in all industries, it was released in collaboration with the Cross-Market Operational Resilience Group (CMORG), which promotes the enhancement of the operational resilience of the financial sector. The advice, which is intended to assist medium-sized and larger enterprises, evaluates the cyber risks of collaborating with suppliers and provides confirmation that mitigation techniques are in effect for vulnerabilities related to doing business with suppliers.

The 2020 hack on SolarWinds' software build system, the 2021 ransomware attack on Kaseya clients, and the 2017 NotPetya attack via a Ukraine accounting program are a few notable recent incidents. President Joe Biden of the United States issued an executive order to improve cybersecurity in response to SolarWinds.

In a document titled 'Defending the Pipeline' published by NCSC in February, the agency recommended businesses and programmers use continuous integration and delivery (CI/CD) to automate software development. The CEO of NCSC ranked ransomware as the top cyber danger in October of last year, while also warning that supply chain concerns will persist for years.

The new guidance is assisted medium and bigger enterprises in "evaluating the cyber risks of collaborating with suppliers and gaining assurance that mitigations are in place," according to NCSC in an announcement.

According to the UK government's report on security breaches in 2022, more than half of companies, big and small, contract out their IT and cybersecurity needs to outside companies. However,  s evaluated the dangers posed by immediate suppliers. These respondents claimed that the importance of cybersecurity in procurement was low.

According to Ian McCormack, NCSC deputy director for government cyber resilience, supply chain attacks represents a significant cyber danger to organizations and incidents can have a significant, ongoing effect on companies and customers.

The advice is broken down into five stages that address why businesses should care about supply chain cybersecurity, how to identify and protect one's private data when developing an approach, how to apply the approach to new suppliers, how to apply it to contracts with current suppliers, and continuous improvement.

The US intelligence agency, NSA, released its software supply chain recommendations last month with a focus on developers. New standards for the purchase of software were also released in the same month by the US Office of Management and Budget.
Read more »
Vulnerability and Exploits
APT actors C&C Chinese Actors CISA & FBI CVE vulnerability NSA SQL Vulnerabilities and Exploits Vulnerability and Exploits

China's Attacks on Telecom Providers Were Exposed by US

 

Since 2020, US cybersecurity and intelligence agencies have cautioned about state-sponsored cyber attackers located in China using network vulnerabilities to target public and private sector enterprises.

Chinese hacking gangs have used publicly known vulnerabilities to infiltrate everything from unpatched small office/home office (SOHO) routers to moderate and even big enterprise networks, according to a joint cybersecurity alert released on Tuesday by the NSA, CISA, and the FBI. 

Several servers are used by China-linked APTs to create new email accounts, host command and control (C&C) domains, and connect with target networks, using hop points as an obfuscation strategy to mask its true location."Once within a telecommunications organization or network service provider, PRC state-sponsored cyber actors identified essential users and infrastructure, including systems critical to ensuring the stability of authentication, authorization, and accounting," as per the report. 

These threat actors are continually altering their techniques to avoid detection, according to US authorities, including watching network defenders' actions and adjusting current attacks to remain undiscovered. 

They were also seen changing the infrastructure and tools when the campaigns were made public. After stealing credentials to access underlying SQL databases, the attackers utilized SQL commands to discard user and admin credentials from key Remote Authentication Dial-In User Service (RADIUS) servers. The three US agencies have revealed that Chinese threat actors primarily exploit vulnerabilities in: 
  • Cisco (CVE-2018-0171, CVE-2019-15271, and CVE-2019-1652)
  • Citrix (CVE-2019-19781) 
  • DrayTek (CVE-2020-8515) 
  • D-Link (CVE-2019-16920) 
  • Fortinet (CVE-2018-13382) 
  • MikroTik (CVE-2018-14847) 
  • Netgear (CVE-2017-6862) 
  • Pulse ( (CVE-2020-29583) 

Open-source tools such as RouterSploit and RouterScan (vulnerability scanning framework) are used by threat actors to scan for vulnerabilities and conduct reconnaissance, allowing them to identify brands, models, and known problems that can be attacked. 

"Once within a network service provider, PRC state-sponsored cyber actors identified essential users and infrastructure, particularly systems critical to maintaining the security of authentication, authorization, and accounting," as per the joint advisory.

Lastly, the attackers altered or deleted local log files to eliminate proof of its presence and avoid discovery. Security updates should be applied as quickly as feasible, unneeded ports and protocols should be disabled to reduce the attack surface, and end-of-life network infrastructure which no longer receives security patches should be replaced, according to federal agencies.

Segmenting networks to prevent lateral movement and enabling robust monitoring on internet-exposed services to discover attack attempts as soon as possible are also recommended.
Read more »
USA
Cyber defense Data Breach data security NSA USA

NSA Employee Indicted for 'Leaking Top Secret Info' To a Woman

 

Recently, the United States Department of Justice (DoJ) has claimed that an NSA employee has been sharing highly sensitive data of national security with an individual who allegedly is a private sector employee. 

According to a DoJ announcement and the indictment, an NSA staffer named Mark Unkenholz "held a TOP SECRET/Sensitive Compartmented Information (SCI) clearance and had lawful access to classified information relating to the national defense." 

The indictment has been unleashed on Thursday in U.S. District Court in Baltimore, which has accused Mark Unkenholz, 60 years old employee of the NSA office that engages with private industry, sent 13 unauthorized emails to the woman who was referred to as “RF” from February 2018 to June 2020, each email was containing top secret information relating to national defense. 

Following the incident, the court said that "reason to believe [the info] could be used to the injury of the United States or to the advantage of any foreign nation." Further, the justice departs reported that the RF also had a TOP SECRET/SCI clearance from April 2016 until approximately June 2019 through the company she was working for which was named Company 1, however when she switched the company 1 to company 2 her clearance lapsed. 

According to the indictment's timeline, Unkenholz sent the files to RF when she was working at Company 1 and at Company 2. It shows that RF's clearance was not sufficient for these sensitive materials. 
 
Also, Unkenholz used his personal email address for this act and according to the regulations, the personal email address is not considered as an authorized storage location for sensitive data. In this case, Unkenholz has been charged with 13 counts of willful retention of national defense information on top of the 13 counts of “willful transmission.” Each charge approves 10 years in federal prison.
Read more »
Vulnerability and Exploits
CVE vulnerability Linux Kernel Malicious Code NSA QNAP Vulnerabilities and Exploits Vulnerability and Exploits

Several QNAP NAS Devices are Vulnerable by Dirty Pipe Linux Bug

 

The "Dirty Pipe" Linux kernel weakness – a high-severity vulnerability that offers root access to unprivileged users with local access in all major distros – affects a majority of QNAP's network-attached storage (NAS) appliances, the Taiwanese company stated. 

The Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x, according to QNAP, is affected by Dirty Pipe, a recently revealed local privilege-escalation vulnerability. A local user with no access can get admin privileges and insert malicious code if this vulnerability is exploited. 

The flaw was identified and reported eight days ago by Max Kellermann of CM4all, a security researcher. The vulnerability, which has been identified as CVE-2022-0847, has been present in the Linux kernel since version 5.8. Fortunately, Linux kernels 5.10.102, 5.15.25, and 5.16.11 have been updated to address the issue. 

However, as Linux news site Linuxiac points out, Dirty Pipe is just not simply a threat to Linux machines: because Android is built on the Linux kernel, any device running version 5.8 or later is vulnerable, putting a large number of people at risk. For example, Linuxiac cited the Google Pixel 6 and Samsung Galaxy S22: the widely used phones run on Linux kernel 5.10.43, making them susceptible.

"QNAP will hopefully deliver a kernel update for the vulnerability soon," Mike Parkin, a highly experienced engineer at Vulcan Cyber. "This is the storage device vendor's second recent incident," Parkin further pointed out in an email.

NAS devices that allow authorized users and customers to store and retrieve data from a single location boost productivity by providing cloud computing capabilities inside networks, according to Schless. Dirty Pipe has been compared to Dirty Cow by some; an older privilege escalation flaw (CVE-2016-5195) which has been in Linux for nine years — since 2007 – before it was publicly exploited in 2016 against web-facing Linux servers.

Dirty Pipe is a lot like Dirty Cow, except it's a lot worse as it's easy to take advantage of. According to Parkin, the vulnerability's mitigating element is whether it requires local access, which reduces the danger marginally. The Dirty Pipe flaw has also been fixed in the newest Linux kernel code. Furthermore, patches for the major distributions are expected to be available soon.
Read more »
Trojan Attacks
Backdoor Cyber Attacks NSA Pegasus Spyware Trojan Attacks

New Trojan Attack Campaign Prompted by Pegasus Spyware

 

An unexplored Sarwent Trojan is being distributed by a threat organization via a bogus Amnesty International website that claims to protect customers from the Pegasus smartphone spyware. 

The operation is intended towards those who feel they have been attacked by the NSO Group's Pegasus spyware and thus are tied to nation-state action, according to Cisco Talos security analysts, but Talos is yet to identify the exact threat actor. 

Pegasus is a piece of spyware created by the Israeli cyber arms firm NSO Group which can be loaded secretly on smartphones (and other devices) running most versions of iOS and Android. According to the disclosures from Project Pegasus 2021, the existing Pegasus program can attack all recent iOS versions up to iOS 14.6. Pegasus could intercept text messages, track calls, gather passwords, monitor position, access the target device's camera and microphone, and collect data from apps as of 2016. 

Despite the claims regarding authorized utilization, Pegasus - a contentious surveillance software technology has been allegedly used by tyrannical governments in operations targeting journalists, human rights activists, as well as other opponents of the state. 

Soon after the release of a comprehensive Amnesty International report on Pegasus in July of this year, as well as Apple's dissemination of updates for the ForcedEntry zero-day exploit, several users started exploring ways of protecting themselves from the spyware that was exploited by adversaries. 

On a bogus website that I identical to Amnesty International, the malicious actors claim to be delivering "Amnesty Anti Pegasus," an anti-virus tool that can allegedly guard against NSO Group's malware. 

Alternatively, customers are given the Sarwent remote access tool (RAT), which allows attackers to easily upload and run payloads on compromised PCs, as well as extract relevant and sensitive data. 

Despite its low intensity, the attack has struck individuals in the United States, the United Kingdom, Colombia, the Czech Republic, India, Romania, Russia, and Ukraine, as per Cisco Talos. 

“Given the current information, we are unsure of the actor’s objectives. The use of Amnesty International’s name, a group whose work frequently puts it at odds with governments around the world, as well as the Pegasus brand, malware that has been used to target dissidents and journalists on behalf of governments, raises questions about who is being targeted and why,” according to Cisco Talo. 

The campaign's adversary seems to be a Russian speaker who has been using Sarwent to target patients from different walks of life all across the globe since at least January 2021. The malicious actors have been using the Trojan and one with a comparable backdoor since 2014, according to security experts.
Read more »
Technology
Cryptographically Relevant Quantum Computer NSA Quantum computing quantum cryptography Technology

NSA Issues FAQs on Quantum Computing and Post-Quantum Cryptography

 

As concerns regarding quantum computing and post-quantum cryptography are overtaking the forefront of cryptographic discussions, especially in areas associated with national defense, the National Security Agency (NSA) has published a document comprising of the most frequently asked questions about Quantum Computing and Post-Quantum Cryptography, in which the agency studied the probable ramifications for national security in the event of the introduction of a "brave new world" far beyond the traditional computing domain. 

This 8-page report provides a summary of quantum computing, its connection with cryptography, the Commercial National Security Algorithm Suite, Commercial Solutions for Classified (CSfC), and the National Information Assurance Partnership (NIAP), as well as forthcoming techniques and cryptography. 

With the advancements the competition for quantum computing also heats up, with a slew of players vying for quantum dominance via diverse, eccentric scientific inquiry avenues, the NSA document examines the possible security risks raised by the establishment of a “Cryptographically Relevant Quantum Computer” (CRQC). 

"NSA does not know when or even if a quantum computer of sufficient size and power to exploit public key cryptography (a CRQC) will exist," it stated. 

A CRQC is the emergence of a quantum-based supercomputer strong and sophisticated enough to bypass conventional encryption techniques developed for classical computing. Whereas these strategies are practically uncrackable with existing or even prospective supercomputers, a quantum computer does not abide by the same rules given the nature of the beast, as well as the superposition, asserts readily accessible to its computing unit, the qubit. 

Considering that governments and labs are striving to develop crypto-busting quantum computers, the NSA stated it was developing “quantum-resistant public key” algorithms for private suppliers to the US government to employ, as part of its Post-Quantum Standardization Effort, which has been in operation since 2016. 

The world depends on public cryptography for strong encryption, such as TLS and SSL, which underpins the HTTPS protocol and help to safeguard user browsing data against third-party spying. 

Eric Trexler, VP of global governments at security shop Forcepoint, told The Register: "Progress on quantum computers has been steadily made over the past few years, and while they may not ever replace our standard, classical computing, they are very effective at solving certain problems. This includes public-key asymmetric cryptography, one of the two different types of cryptosystems in use today." 

Consequently, an agency such as the NSA, which guarantees the security of the United States' technological infrastructure, must cope up with both current and future risks - as one would assume, updating organizations as large as an entire country's key government systems requires an incredible amount of time. 

The NSA wrote, in theory, quantum computers can perform some mathematical calculations tenfold quicker than traditional computers. Quantum computers use “qubits” instead of regular bits, which react and interact as per the laws of quantum mechanics. This quantum-physics-based characteristic might allow a reasonably large quantum computer to do precise mathematical calculations that would have been impossible for any conventional computer to execute. 

According to the NSA, "New cryptography can take 20 years or more to be fully deployed to all National Security Systems (NSS)". And as the agency writes in its document, "(...) a CRQC would be capable of undermining the widely deployed public key algorithms used for asymmetric key exchanges and digital signatures. National Security Systems (NSS) — systems that carry classified or otherwise sensitive military or intelligence information — use public-key cryptography as a critical component to protect the confidentiality, integrity, and authenticity of national security information. Without effective mitigation, the impact of adversarial use of a quantum computer could be devastating to NSS and our nation, especially in cases where such information needs to be protected for many decades." 

In its document, the NSA rests the decision of which post-quantum cryptography would be deployed by the United States' national infrastructure solely on the shoulders of the National Institute of Standards and Technologies (NIST), which is "in the process of standardizing quantum-resistant public key in their Post-Quantum Standardization Effort, which started in 2016. This multi-year effort is analyzing a large variety of confidentiality and authentication algorithms for inclusion in future standards," the NSA says.
Read more »
WiFi
Cyber Security NSA Public Network WiFi

NSA Issues Warning Concerning Public Wi-Fi Networks

 

National Security Agency cautioned public servants against hackers that can benefit from public Wi-Fi in coffee shops, airports, and hotel rooms. 

NSA stated, “The Biden administration would like you to get a vaccine and wear a mask. Oh, and one more thing: It has just proclaimed that it’s time for government employees and contractors to get off public Wi-Fi, where they can pick up another kind of virus.” 

The National Security Agency released a strangely specific warning late last week cautioning that logging in for public Wi-Fi Network “may be convenient to catch up on work or check email,” in a notification to every federal employee, leading defense companies and the 3.4 million uniformed, civil and reserves personnel serving on the military. In an eight-page report, the agency describes how the click on the local coffee shop's network caused problems in a year highlighted by ransomware attacks on pipelines, meatpackers, and even police forces in Washington, DC. 

“Avoid connecting to public Wi-Fi, when possible,” the warning read, stating that even Bluetooth connections can be compromised. 

Officials affirmed that they are completely aware that it is as likely that individuals will listen to the advice as they can be fully veiled outside in a baseball game. However, the message marks a turning moment, with the nation's primary signal intelligence agency aiming to throw on the brakes after a decade in which every restaurant, hotel, or airline has experienced competing for pressures to enhance its free Wi-Fi. 

This risk is not theoretical but is openly recognized and used for various malevolent approaches. The caution lies with readers on videos showing how easy is the use of an unsecured Wi-Fi network, which demands no passwords, yet the password collecting, and mobile phone content is for hackers which they can easily take access of. 

The alert by NSA, without mentioning specific occurrences, includes a warning that criminals or foreign intelligence agencies can generate open Wi-Fi infrastructures that look like they are from a hotel or a coffee house, but certainly are “an evil twin, to mimic the nearby expected public Wi-Fi.” 

Although the sudden surge in a crime or national adversaries exploiting public internet to rob data or to orchestrate hacks did not trigger the National Security Agency's cautions, Officials said. It instead seemed to be part of a much-increased US government's efforts in recent months to make people aware of a variety of technological vulnerabilities. 

Lately, President Biden had signed an Executive Order establishing several Cybersecurity criteria for software firms that sell to the federal government. Federal agencies must implement two-factor authentication as customers receive a text message, with a code, from their bank before entering their account details.
Read more »
United States
Amazon CISA Cyber Security Google Microsoft NSA United States

CISA Partners with Leading Technology Providers for New Cybersecurity Initiative

 

As part of a new campaign aimed at improving the country's cyber defences, the US government has announced partnerships with Amazon, Microsoft, Google, and other major corporations. According to CISA Director Jen Easterly, the Joint Cyber Defense Collaborative, or JCDC, would strive to take a proactive approach to cyber defense in the wake of multiple high-profile breaches that damaged the federal government and the general public. 

The JCDC would initially focus on battling ransomware and other cyberattacks against cloud computing providers, according to a Wall Street Journal report, in order to avoid situations like the recent Kaseya supply-chain ransomware incident that occurred earlier this summer. 

“The industry partners that have agreed to work side-by-side with CISA and our interagency teammates share the same commitment to defending our country’s national critical functions from cyber intrusions, and the imagination to spark new solutions,” Easterly said in the statement. 

CISA will be able to integrate unique cyber capabilities across numerous federal departments, state and local governments, and private sector firms to achieve shared objectives due to the establishment of the JCDC. The new programme will also enable the public and commercial sectors to share information, coordinate defensive cyber operations, and participate in joint exercises to improve cyber defense operations in the United States. 

 Aside from AWS, Microsoft, and Google Cloud, the JCDC will collaborate with AT&T, Crowdstrike, FireEye Mandiant, Lumen, Palo Alto Networks, and Verizon. Meanwhile, the Department of Defense (DoD), US Cyber Command, the National Security Agency (NSA), the Department of Justice (DoJ), the FBI, and the Office of the Director of National Intelligence are among the government's partners. 

 Rep. Jim Langevin, D-RI, is a member of the Cyberspace Solarium Commission and a senior member of the House Committee on Homeland Security, said the JCDC is “exactly the kind of aggressive, forward-thinking we need to combat the ever-growing cyber threats that face our nation.” In a statement, Langevin said the JCDC “brings together our [Cyberspace Solarium Commission] recommendations about planning, intelligence fusion and cybersecurity operations in a visionary way.” 

 According to a Langevin aide, the Joint Cyber Defense Collaborative will house the Joint Planning Office, which Congress has authorised, as well as the Joint Collaborative Environment, if passed this year as politicians like Langevin hope.
Read more »
Russia
Brute Force Attacks Cyber Attacks FBI Microsoft Microsoft 365 NSA Russia

NSA and FBI Blame Russia for Massive ‘Brute Force’ Attacks on Microsoft 365

 

American intelligence and law enforcement agencies have accused a Kremlin-backed hacking group for a two-year campaign to breach into Microsoft Office 365 accounts. 

In a joint report with British intelligence, the NSA, FBI, and DHS blamed Fancy Bear for the broad "brute force" attacks. Fancy Bear is most known for hacking the Democratic National Committee in the run-up to the 2016 Presidential Elections. 

Fancy Bear, according to the agencies, was actually the 85th Main Special Service Center (GTsSS), a group within the Russian General Staff Main Intelligence Directorate (GRU), and that it had been carrying out its brute force attacks on a variety of sectors, which include government and military departments, defense contractors, political parties, energy companies, and media outlets. The majority of the targets were based in the United States and Europe. 

The joint statement stated, “These efforts are almost certainly still ongoing. This brute force capability allows the 85th GTsSS actors to access protected data, including email, and identify valid account credentials. Those credentials may then be used for a variety of purposes, including initial access, persistence, privilege escalation, and defense evasion.” 

“This lengthy brute force campaign to collect and exfiltrate data, access credentials, and more is likely ongoing, on a global scale,” said Rob Joyce, the NSA's director of cybersecurity. 

At the time of writing, neither Microsoft nor the Russian embassy in London had replied to requests for comment. Fancy Bear used a technique known as "password spraying," in which computers attempt as many login attempts as feasible on a particular system as possible. The devices' traffic is routed through virtual private networks or the Tor network, both conceal a system's actual IP address by routing it through a variety of servers. 

According to the US report, they did it by utilizing Kubernetes, an open-source platform built by Silicon Valley tech giant Google for managing computer processes. Users of Microsoft 365 and other targeted cloud products should utilize multi-factor authentication, which requires a one-time code in addition to the login and password to get access to an account. It also suggests that if a user makes many unsuccessful tries to log into an account, the user should be locked out or put on a waiting list before trying again. 

The allegations follow President Biden's meeting with Russian President Vladimir Putin, during which the US leader urged his Russian counterpart to assist America in stopping the flow of destructive cyberattacks plaguing organizations throughout the world. 

In recent months, ransomware attacks on gas company Colonial Pipeline and meat supplier JBS, as well as thefts of US federal agency emails via a breach of IT supplier SolarWinds, have prompted concern. 

The current attacks look to be one of Fancy Bear's "classic military intel mission that is their major emphasis," according to John Hultquist, vice president of intelligence analysis at cybersecurity firm FireEye. 

Hultquist added that their bread and butter is good old-fashioned spy vs. spy activity that has been carried over into the cyber arena. He expressed concern that the organization may target the next Olympic Games in Japan, citing Russia's prior involvement in assaults on the 2018 Winter Olympics in South Korea.
Read more »
U.S.
Cyber Security NSA Private Sectors Spy Agency U.S.

Cyber Threat U.S. Spy Agency Collaborates with Private Sector to Counter Threat

 

The U.S. National Security Agency, which is renowned globally for its secrecy, on Tuesday opened its arms to the private sector with the aim of strengthening relations and learning about hacking campaigns from the U.S. firms that are repeatedly targeted by hacking groups. 

"I think it is really important for NSA to take a stance where we are engaging and figuring out how to make the environment more secure and everyone is learning from the lessons of the past," he said at a media roundtable,” said NSA Director of Cybersecurity Rob Joyce.

The U.S. law denies NSA from accessing American computer networks, so the agency hopes that increasing partnerships with defense, technology, and telecommunications companies will provide insights the agency can’t get on its own, he further added. However, he denied disclosing the name of the companies the NSA is working with and didn’t expand on what information private companies would share with the agency. 

The NSA’s publicity tour comes after a series of high-profile hacks over the last year, including a massive cyberattack that penetrated numerous federal agencies and another that crippled a major U.S. gas pipeline. 

The center, which started in January 2020, is unique in the NSA's history because it is located in a nondescript office park in suburban Maryland next to defense contractors, including Northrop Grumman Corp., Raytheon Technologies Corp., and General Dynamics Corp., and is across the street from NSA headquarters. But the center doesn’t have the same barbed wire fencing and armed guards as the NSA. 

U.S. officials admitted the lack of total visibility on the cyber threat due to legal restrictions that prevent the NSA and other federal spy agencies from collecting data on domestic computer networks. Foreign hackers know about the controls, former U.S. officials say, so they often stage attacks on U.S. based servers. 

"U.S. companies will also be benefitted from the NSA's vast experience and analytical capability. Cybersecurity is a team sport and NSA is really just stepping up to play its position. Providing services to the defense industrial base and national security systems and a large U.S. market share is what we focus on from a selection criteria," said Morgan Adamski, chief of the center.
Read more »
USA
CISA Cyber Security New Guidance NSA Protective Domain Name System USA

NSA and CISA Jointly Issued Guidance On Protective DNS Services


America’s chief security departments The National Security Agency (NSA) and Cybersecurity and Infrastructure Agency (CISA) have released a joint information sheet on Thursday which provides information regarding the positive outcomes of using a Protective Domain Name System (PDNS).
 
How Protective Domain Name System (PDNS) works? 

Its (PDNS) service uses present Domain Name System (DNS) protocols and its structure to analyze DNS queries and mitigate threats. It leverages many open sources, such as non-profit organizations, and various governmental threat feeds to categorize domain information and block queries to identified hackers' domains. 

According to The National Security Agency (NSA) and the Cybersecurity and Infrastructure Agency (CISA), the service (PDNS) presents threat prevention measures against network exploitation, includes various kind of online threats such as addressing phishing attacks, malware distribution, domain generation algorithms, command and control, and content filtering. 

Additionally, a PDNS can log in and save suspicious data and can give a blocked response to the malicious activities into a system– such as ransomware locking victim files – while letting institutions using those logged DNS information data. 

The information sheet gave a list of providers, but NSA and CISA explicitly stated, “We, the federal agencies do not endorse one provider over another”. The listed six companies are BlueCat, Akamai, Cisco, EfficientIP, Nominet, and Neustar. 

How NSA and CISA made their recommendations? 

The recommendations are based on the learned lessons from an NSA PDNS pilot. The NSA partnered with the Defense Cyber Crime Center (DDCCC) department to offer PDNS-as-a-service to its members of the defense industrial base. Alongside, the PDNS studied over 4 billion DNS queries and participating networks, and successfully blocked millions of connections identified as malicious domains. 

Oliver Tavakoli, chief technology officer at Vectra stated, “Like other preventive approaches, they are useful in protecting organizations from known bads, but ultimately fall short in blocking the early stages of a new attack or more sophisticated attacks...”

“...So it makes sense to implement PDNS to reduce the attack surface, however, it should not be thought of as a preventive silver bullet that obviates the need to detect attackers who know how to bypass these protections.” She added. 

Ray Kelly, a principal security engineer at WhiteHat Security, added that “DNS exploitations are still incredibly rampant and require some attention because they are such an effective technique used by malicious actors”.
Read more »
NSA
Check Point Chinese Hackers Cyber Crime Jian NSA

Chinese Hackers Cloned Exploit Tool Belonging to NSA

 

A Chinese hacking group allegedly "cloned" and deployed a zero-day exploit created by the U.S. National Security Agency's Equation Group before Microsoft fixed the Windows vulnerability that was being misused in 2017, as indicated by an analysis published on Monday by Check Point Research. For quite a long while, researchers had presumed the Chinese hacking group known as APT31 or Zirconium had built up an exploit tool to take advantage of a vulnerability tracked as CVE-2017-0005 and found in more seasoned renditions of Windows, like Windows 7 and Windows 8, as indicated by the report. 

The report brings up additional questions about how some of the NSA's most valued cyberweapons have been found or stolen by nation-state hacking groups and then turned on their developers over the years. In May 2019, Symantec published a similar report that found another group of hackers had taken and exploited cyber tools developed by the NSA. Both the Symantec and Check Point research show that the burglary of NSA Equation Group devices by these groups seems to have occurred before the hacking group known as the Shadow Brokers first began publishing the agency's exploits in 2016. 

Security research previously noted that a zero-day exploit was created for CVE-2017-0005, called "Jian," in 2014 and initially deployed it in 2015. The exploit was utilized for a very long time before Microsoft at last issued a patch for it in 2017. Whenever exploited, this bug could permit an attacker to escalate privileges inside an undermined device and afterward acquire full control, the researchers note. Microsoft published its fix for CVE-2017-0005 in March 2017, when the company was forced to issue multiple fixes for the exploits related to the Shadow Brokers "Lost in Translation" leak, Check Point notes. 

A further investigation by Check Point found that Jian was not an original creation, but rather a clone of a zero-day exploit for more seasoned renditions of Windows created by the NSA Equation Group in 2013 and initially called "EpMe" by the agency, as per the new report. 

 In another case documented by Symantec in 2019, APT3 "Buckeye" was connected to assaults utilizing Equation Group tools in 2016, before the Shadow Brokers leak.
Read more »
SMS Bandits
Cyber Crime NSA phishing Phishing messages SMS Bandits

National Crime Agency Detained the Operator of SMS Bandits for Phishing Message Services

 

The National Crime Agency of the United Kingdom has announced the arrest of the Service 'SMS Bandits' operator. However NCA did not disclose the suspected fraudster's identity, the cybercrime department of the Metropolitan Police has announced the detention of a Birmingham citizen who is linked to the company offering illicit phishing services. The aforementioned platform was used to send large amounts of phishing SMS. The fraudster had sent out a humungous number of fake messages by spoofing organizations like PayPal, some telecom providers, COVID-19 pandemic relief organizations, etc. 

SMS Bandits, including the man detained, got access to account credentials from numerous popular web pages, offered on dark web platforms that they controlled by sending fake SMSs by millions. Among other pseudonyms, Bamit9, Gmuni, and Uncle Munis are also used by the fraudulent service providers on the dark web. For mass transmission of texts intended to collect account credentials on various common websites and to steal personal and financial information, SMS bandits supplied an SMS phishing service for the mass transmission of text messages. 

Angus, a researcher at the Scylla Intel, a cyber intelligence firm, stated that the SMS Bandits sent phish lures that always made it possible to detect a fake message uncommonly, well done, and clean of syntax or orthographer's errors. “Just by virtue of these guys being native English speakers, the quality of their phishing kits and lures were considerably better than most,” Angus further added. 

According to Scylla Intel, the SMS Bandits made a variety of organizational security errors that made it relatively easy to figure out who they are in actuality. Scylla Intel further collected evidence against the SMS Bandits' and figured out that the SMS Bandits used the email addresses and passwords stolen from its services to validate the credentials. 

According to the sources, the SMS Bandits are also related to a dark web criminal program named, “OTP Agency”, a service that is designed to intercept the one- time- password which is required while logging into various websites. The modus operandi involves the customer entering the target’s phone number and name, and then the OTP Agency initiating an automated phone call to the target that alerts them about unauthorized activity on their account. 

SMS Bandits has also offered its patented "bulletproof hosting," which has been marketed as a "freedom of communications" portal, where clients can "host any content without restrictions." The content inevitably shapes the sites on which users of different web platforms are entitled to phish credentials.

According to a new survey, the amount of SMS phishing grew by over 328% in 2020. As a consequence of this, we do not see any feeling of terror among the fraudsters.
Read more »
Subscribe to: Posts (Atom)