Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Nevada. Show all posts

Cuban Ransomware Gang Hacked Devices via Microsoft Drivers

Multiple accounts which signed malicious drivers for the Cuba ransomware organization to deactivate endpoint security solutions have been suspended by Microsoft from its hardware developer program.

Cuba attempted to disable vulnerability scanning programs and alter settings using these cryptographically signed 'drivers' after infiltrating a target's systems. The intention of the activity was to go unnoticed, however, monitoring software from the security company Sophos alerted to it.

Additionally, In October, Microsoft received information from the Google-owned Mandiant, SentinelOne, and Sophos that many cybercrime groups were utilizing malicious third-party kernel-mode hardware drivers which were signed by Microsoft to transmit ransomware. 

According to Microsoft's counsel, "In these attacks, the attacker had already gained administrative rights on compromised systems prior to using the drivers, the company's investigation has revealed that several developer's accounts for the Microsoft Partner Center had been engaged in submitting malicious drivers to acquire a Microsoft signature."

The Cuba ransomware group employed the driver as part of its post-exploitation operations together with a malicious loader application, which was most likely used to end the processes of security products before the ransomware was activated. Mandiant named this malicious utility BURNTCIGAR back in February after it had previously been seen. It was installed using a faulty driver that was connected to the Avast antivirus software at the time.

Sophos' Christopher Budd, director of threat research, stated, "We've discovered a total of 10 malicious drivers, all of which are variations of the original discovery. Starting at least in July of last year, these drivers exhibit a concentrated effort to advance through the trust chain. It is tough to write a malicious driver from scratch and get it approved by a reputable body. Nevertheless, it's highly efficient because the driver can virtually complete any task without hesitation."

Since Windows 10, Microsoft has demanded that kernel-mode drivers be signed by the Windows Hardware Developer Program. Researchers at Sophos Andreas Klopsch and Andrew Brandt claim that the signature denotes trust. In 2022, the use of reputable third-party device drivers has increased for the purpose of killing security tools.

According to a U.S. government alert, the Cuba ransomware group has profited an additional $60 million through operations against 100 companies worldwide. The report warned that the ransomware organization, active since 2019, continues to target American entities with critical infrastructure.


Cyber-Attack on Dotty’s Exposed Personal Data of Customers

 

Customers' personal data was revealed as a result of a cyber-attack on Dotty's, a fast food and gaming franchise in the United States, according to the company. Dotty's has around 300,000 players in its database and runs 120 gambling locations in Nevada. Nevada Restaurant Services (NRS) owns and operates Dotty's, a fast-food franchise with 175 locations that offers gaming services. On January 16, 2021, malware was detected on "some computer systems." 

The investigation found that “an unauthorized person accessed certain systems” on the NRS network, according to the firm. Furthermore, the company admitted that an unauthorized person copied data from those systems on or before January 16 of this year. The NRS discovered that certain users' data may have been impacted after further examination and analysis. 

NRS examined the impacted data thoroughly to establish what sorts of information were implicated and to whom it was linked. Individuals' names, dates of birth, Social Security numbers, driver's license numbers or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, and taxpayer identification numbers are just some of the data elements that could be involved. 

NRS sent notice letters to those who had proper mailing addresses and had been recognized as possibly affected. Users have told Vital Vegas that they received a letter from Dotty's regarding the breach, but that they just learned about it lately — months after the alleged assault. 

NRS has put in place security measures to secure its systems and the information it holds, and it has worked to improve its environment's technical protections. Following the event, NRS took urgent steps to protect its systems and undertake a thorough investigation into the issue's entire nature and scope. In addition, the firm provided free access to its “credit monitoring and identity theft restoration services, through IDX.” 

According to NRS, this will give an additional layer of protection for consumers who want to utilize it. With that in mind, the NRS emphasized that customers who wish to engage must do it themselves since the business is unable to do so on their behalf. Finally, the NRS expressed regret for any inconvenience or worry that the data breach event may have caused.

FBI Arrests Russian Hacker, Who Tried To Convince An Employee to Hack His Nevada Company


A hacker from Russia went to America and asked an employee of a Nevada company to install a malware in their company network. 

In a recent incident, the U.S Department of Justice declared charges against a Russian hacker today. The Russian national had traveled all the way to America to ask an American employee if he could set up malware, offering him $1,000,000 for the job. As per the court's reports today, the culprit, a 27-year-old hacker from Russia, named Egor Igorevich Kriuchkov, is found as a criminal member of an infamous Russian hacking group. The purpose of the attack was to gain internal access to the company's network and hack confidential information, later to be used as extortion for ransom purposes.


According to the company employee, Igor told him that to prevent the company from knowing about the primary attack, his team of hackers would launch DDoS attacks as a decoy to distract the corporate."The purpose of the conspiracy was to recruit an employee of a company to surreptitiously transmit malware provided by the coconspirators into the company's computer system, exfiltrate data from the company's network, and threaten to disclose the data online unless the company paid the coconspirators' ransom demand," says the court document.

However, Igor's heist plan failed when the employee who was contacted reported this incident to the FBI. The FBI kept a watch on Igor for the first few days, observing his every move. When it finally had all the evidence for the prosecution, the FBI arrested Igor last Saturday.

Timeline of Igor's visit to his arrest- 
  • Igor contacts employee CHSI (identified by the court) via WhatsApp and briefs him about the attack. Both used to be friends two years ago. 
  • Igor arrives in the U.S, meets with CHSI at a bar. 
  • On Igor's last day of the trip, he gives CHS1 all the details about the 'special project.' 
  • In the later events, the FBI contacts Igor, who tries to flee the country at that moment and is finally arrested.