Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Online data Theft. Show all posts

How Leaked Twitter API Keys Can be Used to Build a Bot Army

CloudSEK’s Attack Surface Monitoring Platform recently found a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of the keys are being utilized to gain illegal commands on Twitter handles associated with them. 

CloudSEK reported that the takeover is made possible because of the leak of legitimate Consumer Key and Consumer Secret information Singapore-based cybersecurity firm.  

Additionally, cloudsek Attack Surface Monitoring Platform discovered that 3207 apps were leaking valid Consumer Key and Consumer Secret. 230 apps, some of which are unicorns, were leaking all 4 Auth Creds and can be used to fully take over their Twitter Accounts to perform critical/sensitive actions such as: 

• Read Direct Messages 
• Retweet 
• Like 
• Delete 
• Remove followers 
• Follow any account 
• Get account settings 
• Change display picture 

"Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any critical/sensitive actions," the researchers said. 

To get access to the Twitter API, hackers have to generate secret keys and access tokens, which act as the usernames and passwords for the apps as well as the users on whose behalf the API requests will be made. Further, the researchers said, this can range from reading direct messages to carrying out arbitrary actions including retweeting, liking, and deleting tweets, removing followers, following any account, accessing account settings, and even changing the account profile picture. 

With access to this information, malicious actors can create a Twitter bot army that could compromise to spread misinformation on the social media platform. 

“The Twitter bot army that we will try to create can fight any war for you. But perhaps the most dangerous one is the misinformation war, on the internet, powered by bots. Time Berners-Lee, the founding father of the internet said that it is too easy for misinformation to propagate because most people get their news from a small set of social media sites and search engines that make money from people clicking on links. These sites’ algorithms often prioritize content based on what people are likely to engage with, which means fake news can “spread like wildfire”, CloudSEK reported.

No Backup: Why the Government in Brazil is at High Risk of Cyberattacks

 

According to a new report by the Brazilian Federal Audit Court (TCU), several federal government agencies in Brazil are at a high risk of cyberattacks. Federal government agencies need to reassess their approach to handling cybersecurity threats, the report reads. 

Report points out the number of areas at high risk but one of the biggest problems in the cybercrime section that the report has uncovered is the lack of backups while dealing with cyberattacks. 

A group of 29 areas that represent a high risk in terms of vulnerability, mismanagement, abuse of power, or need for drastic changes was discovered. 

Backups are very important and help against various forms of attack, as well as mistakes and mishaps. The most obvious one of those would be ransomware attacks. 
When systems are hacked and are locked up, a data backup could be the respite you’re looking for to restore the data stored on your devices. 

Additionally, the report cited the data

 • 74.6% of organizations (306 out of 410) do not have a formally approved backup policy—a basic document, negotiated between the business areas (“owners” of the data/systems) and the organization’s IT, with a view to disciplining issues and procedures related to the execution of backups. 

• 71.2% of organizations that host their systems on their own servers/machines (265 out of 372) do not have a specific backup plan for their main system. 

• 60.2% of organizations (247 out of 410) do not keep their copies in at least one non-remotely accessible destination, which carries a risk that, in a cyberattack, the backup files themselves end up being corrupted, deleted, and/or encrypted by the attacker or malware, rendering the organization’s backup/restore process equally ineffective. 

 • 66.6% of organizations that claim to perform backups (254 out of 385), despite implementing physical access control mechanisms to the storage location of these files, do not store them encrypted, which carries a risk of data leakage from the organization, which can cause enormous losses, especially if it involves sensitive and/or confidential information. 

Further, the researchers said that the federal government cannot respond to and treat cybersecurity attacks adequately. Also, there are several vulnerabilities in both information security and cybersecurity across most central bodies.

Top-Ranking Banking Trojan Ramnit Stealing Payment Card Data

 


Online Shopping has become increasingly popular these days, and it has accelerated since the COVID-19 pandemic the trend eventually exacerbated the cybersecurity threat. Online shopping has undeniable advantages, but still, it makes negative headlines every day. 

According to the sources, online sales increased 9% during the 2021 holiday season to a record $204.5 billion. Mastercard said that the shopping rose up to 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. 

IBM X-Force researchers said that the threat actors are not missing pandemic trends opportunities primarily the Ramnit Trojan. Recently a study has discovered that the Ramnit Trojan is brutally taking over people’s online accounts and stealing their payment card data. 

The Ramnit malware has targeted a long list of popular brands and online retailers such as travel and lodging platforms. The IBM X-Force researchers further said that they have noticed a diverse collection of Ramnit configuration files over the years. Not only was Ramnit at the top of the list of active banking Trojan in 2021, but the malware has also been a cybercrime tool for over a decade. 

The group continues to victimize the people and service providers, primarily, when it is the holiday season. Once it makes its way to an infected device, it monitors browsing to target websites and goes into information stealing mode. It typically steals login data, but its web injections can also trick users into providing payment card credentials or other sensitive information. 

Between 2011 and 2014, the Ramnit Trojan gained momentum in the cybercrime arena, ranking in the top 10 list of the most prevalent financial Trojan. The malware is active since 2010. Ramnit is designed to leverage removable drives and network shares, user credentials, and deploys in session web injections. This malware infection was rampant in North America, Europe, and Australia.