Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Phishing emails. Show all posts
Ransomware attack
Cyber Attacks data security Hacking Attack Internet Services Library Phishing emails Public Networks Ransomware attack

Delaware Libraries Hit by Ransomware Attack, Internet Services Disrupted

 

Last week, Delaware’s public libraries faced a cyberattack, causing widespread disruption to computer and internet access. Signs posted at libraries informed visitors that Wi-Fi and PCs were out of service, with officials confirming a ransomware attack took down all internet services. Despite the inconvenience, visitors can still check out books and use other library services. Ransomware attacks like this often start with phishing emails or social engineering, where users are tricked into actions that allow hackers access. 

Matt Barnett, CEO of cybersecurity firm Sevn-X, explained that attackers typically cast a wide net with phishing emails, waiting for a target to take the bait. He speculated that the hackers responsible for this attack are likely from Russia or Eastern Europe, suggesting they targeted Delaware not out of malice but simply because it was an easy opportunity. Hackers look for low-hanging fruit, making any vulnerable entity a potential target. Ransomware attacks usually demand payment in exchange for returning access to the compromised systems. 

In this instance, Delaware state officials have not confirmed if any personal information was stolen. However, the situation serves as a stark reminder of the importance of cybersecurity, even for community services like public libraries. Cybersecurity experts stress the need for vigilance and proactive measures to protect against such threats. Organizations should implement strong email security protocols, train employees to recognize phishing attempts, and regularly update software to patch vulnerabilities. Regular data backups are also essential, ensuring that in the event of an attack, systems can be restored without paying a ransom. 

While this attack has disrupted library services, it is also a learning opportunity. Public institutions, often seen as “soft targets,” must prioritize cybersecurity to protect their networks, systems, and the personal data of their users. By investing in robust cybersecurity measures, conducting employee training, and implementing multi-factor authentication, public services can better defend themselves against future attacks. 

This incident serves as a reminder that cyber threats are ever-present, and even seemingly small targets like public libraries are not immune. As ransomware attacks continue to rise, organizations of all sizes must take active steps to fortify their defenses and educate themselves about potential risks.
Read more »
User Security
Cyber Security Data Privacy Email Spoofing Phishing emails User Security

Google Strengthens Gmail Security, Blocks Spoofed Emails to Combat Phishing

 

Google has begun automatically blocking emails sent by bulk senders who do not satisfy tighter spam criteria and authenticating their messages in line with new requirements to strengthen defences against spam and phishing attacks. 

As announced in October, users who send more than 5,000 messages per day to Gmail accounts must now configure SPF/DKIM and DMARC email authentication for their domains. 

The updated regulations also mandate that bulk email senders refrain from delivering unsolicited or unwanted messages, offer a one-click unsubscribe option, and react to requests to unsubscribe within two working days. 

Additionally, spam rates must be kept at 0.3%, and "From" headers cannot act like to be from Gmail. Email delivery issues, such as emails being rejected or automatically directed to recipients' spam folders, may arise from noncompliance. 

"Bulk senders who don't meet our sender requirements will start getting temporary errors with error codes on a small portion of messages that don't meet the requirements," Google stated. "These temporary errors help senders identify email that doesn't meet our guidelines so senders can resolve issues that prevent compliance.” 

In April 2024, we will start rejecting non-compliant traffic. Rejection will be gradual, affecting solely non-compliant traffic. We strongly recommend senders to utilise the temporary failure enforcement period to make any necessary changes to become compliant, Google added. 

The company also intends to implement these regulations beginning in June, with an expedited timeline for domains used to send bulk emails starting January 1, 2024.

As Google said when the new guidelines were first released, its AI-powered defences can successfully filter roughly 15 billion unwelcome emails per day, avoiding more than 99.9% of spam, phishing attempts, and malware from reaching users' inboxes. 

"You shouldn't need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email's source," noted Neil Kumaran, Group Product Manager for Gmail Security & Trust in October. "Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.”
Read more »
US infrastructure
AsyncRAT command-and-control infrastructure Cybersecurity domain generation algorithm malware open-source trojan Phishing emails Threat Group US infrastructure

This Malware is Assaulting Critical US Infrastructure for Almost a Year

 

Over the course of the last 11 months, a threat group has actively engaged in a phishing campaign targeting employees across various companies, distributing an open-source trojan program named AsyncRAT. The victims of this campaign notably include companies responsible for managing critical infrastructure in the United States.

The cybersecurity division of AT&T, known as Alien Labs, has reported that the attackers employ a domain generation algorithm (DGA) within their command-and-control (C&C) infrastructure. This technique helps them rotate through a large number of domains, making it challenging to block traffic. In an effort to evade detection, the threat actors continually generate new samples of the malicious tool. Researchers have identified over 300 samples and 100 domains associated with this particular campaign.

AsyncRAT, an open-source remote access tool released in 2019 and still available on GitHub, serves as the attackers' weapon of choice. As a remote access trojan (RAT), AsyncRAT offers features such as keylogging, exfiltration techniques, and initial access staging for delivering the final payload.

It's not uncommon for even sophisticated threat actors to utilize open-source malware frameworks, providing advantages such as low development costs and plausible deniability. Interestingly, AsyncRAT had been previously employed in 2022 by an APT group known as Earth Berberoka or GamblingPuppet, as tracked by security firm Trend Micro.

The phishing emails, scrutinized by Alien Labs and other researchers, employ a thread hijacking technique to direct users to a phishing page, eventually dropping a JavaScript (.js) file on users' computers. This script, when opened in Notepad, contains numerous randomly commented-out English words, while variants using Sanskrit characters have also been reported in previous campaigns. The highly obfuscated script aims to download the second-stage payload from a URL encoded using a custom cipher and decimal values.

The second-stage payload is another encoded script in PowerShell, executed directly in memory without being saved to disk. The PowerShell script communicates with a rotating C&C server domain, sending information such as computer hostname and a variable indicating the likelihood of the computer being a virtual machine or sandbox.

If deemed a valid target, the C&C server deploys AsyncRAT. In the case of a potential virtual machine or sandbox, the server redirects the request to Google or launches a different PowerShell script that downloads and initiates a decoy RAT, designed to distract researchers investigating the campaign.

To further complicate detection, the attackers regularly randomize the script code and malware samples, and they rotate C&C domains weekly. Despite these efforts, Alien Lab researchers managed to reverse-engineer the domain generation algorithm, providing insights into historical samples and enabling the development of detection signatures for future infrastructure identification. The AT&T Alien Labs report includes detection signatures for the Suricata intrusion detection system and a list of indicators of compromise (IOC) for building detections on other systems.
Read more »
Phishing emails
Banks Cyber Security Data Breaches Phishing Attack Phishing Education Phishing emails

Tips for Banks to Prevent Data Breaches Through Phishing Education


Despite the roaring advancement in the field of technology, phishing remains one of the most common cybersecurity hazards. According to recent studies, phishing losses in the US alone were $52 million.

The lack of proper awareness in regards to cybersecurity could be one of the reasons why phishing attacks are escalating at a concerning rate. While many finance institutions are aware of the importance to cybersecurity, they fail to educate their employees of the same. 

Here, we are mentioning some ideas which might help banks to thwart phishing efforts and safeguard the information of their customers and employees:

Focus on Behavioral Change

The majority of banks use a similar approach for their cybersecurity training programs: they put all of their non-technical staff in a room, have their security team show a lecture with a few slides showing breach numbers, and attempt to scared them into acting accordingly.

It goes without saying that this strategy is ineffective. It is time for banks to start seeing their staff as a bulwark against phishing attempts rather than as a risk.

One way to do this is for banks to change their employees’ behaviors under stress, rather than threatening them by making them aware of the stressful situations. For example, instead of showing them the malicious emails, they must be educated on the right measure they must follow to identify such emails. 

A bank can also do this by running simulations of the situations, where an employee will be free to make mistakes and learn from those mistakes. This way, an employee can as well make judgements on their actions and even receive instant feedbacks in a safe environment. By doing so, an actual breach will not be the only time the employee is dealing with a feedback. 

Employees can view learning paths and review progress on simulation platforms. The skills of a technological employee will differ greatly from those of a non-technical person. The way forward is to provide positive feedback throughout and to customize learning routes.

Install Security as a Founding Principle

For most banks, the importance of security is communicated with a negative attitude. They draw attention to the possibility of a breach, the harm to the bank's reputation, and the possible consequences for an employee's career should they fall prey to phishing scams.

When a worker receives a phony email from someone posing as their manager, these intimidation techniques are ineffective. Because they trust the manager's persona, employees are unlikely to refuse a request from that organization. Rather, banks ought to embrace a proactive stance and integrate security into their overall brand.

For example, inducing fear among the employees into not clicking the malicious links, banks should instead introduce policies when an employee could quickly determine whether an email is a phishing attempt, rather than attempting to scare them into not clicking on harmful links. Giving them access to an automated tool or having a security guard on duty are excellent choices.

Policies like shredding and discarding important documents in secure bins to cybersecurity practices is essential. Employees must be reminded that the work they do is in fact critical and their actions do matter.

Set Communication Templates

Bank personnel utilize emails, which are rich in data, to communicate with a variety of stakeholders. This is used by malicious actors, who impersonate a different individual and deceive workers into downloading malware.

Informing staff members of appropriate communication styles and methods is one way to avoid situations like this one. Establishing a communication template, for example, will enable staff members to quickly spot emails that depart from the standard.

External actors are unlikely to be familiar with internal communications templates, thus they will likely send emails in a manner that is easily recognized by staff as being out of compliance. Although putting in place such a procedure may sound oppressive, it is the most effective technique to assist staff in overcoming the appearance of a false identity.

For instance, the majority of staff members will click on an email from the bank's CEO right away. They will overlook the fact that the email was sent by the CEO persona, though, if they see that the communication format is incorrect. With their minds thus occupied, kids are less likely to click on a link that could be harmful.

These templates are ingrained in the company's culture, and how banks convey their significance will determine a lot. Once more, a fear-based strategy rarely succeeds. Banks need to consider effective ways to enforce them.  

Read more »
Phishing emails
AI Threat AI-powered tool Artificial Intelligence ChatGPT Cyber Defender Data Breach Digital Age IBM X-Force OpenAI Phishing Attacks Phishing emails

AI-Generated Phishing Emails: A Growing Threat

The effectiveness of phishing emails created by artificial intelligence (AI) is quickly catching up to that of emails created by humans, according to disturbing new research. With artificial intelligence advancing so quickly, there is concern that there may be a rise in cyber dangers. One example of this is OpenAI's ChatGPT.

IBM's X-Force recently conducted a comprehensive study, pitting ChatGPT against human experts in the realm of phishing attacks. The results were eye-opening, demonstrating that ChatGPT was able to craft deceptive emails that were nearly indistinguishable from those composed by humans. This marks a significant milestone in the evolution of cyber threats, as AI now poses a formidable challenge to conventional cybersecurity measures.

One of the critical findings of the study was the sheer volume of phishing emails that ChatGPT was able to generate in a short span of time. This capability greatly amplifies the potential reach and impact of such attacks, as cybercriminals can now deploy a massive wave of convincing emails with unprecedented efficiency.

Furthermore, the study highlighted the adaptability of AI-powered phishing. ChatGPT demonstrated the ability to adjust its tactics in response to recipient interactions, enabling it to refine its approach and increase its chances of success. This level of sophistication raises concerns about the evolving nature of cyber threats and the need for adaptive cybersecurity strategies.

While AI-generated phishing is on the rise, it's important to note that human social engineers still maintain an edge in certain nuanced scenarios. Human intuition, emotional intelligence, and contextual understanding remain formidable obstacles for AI to completely overcome. However, as AI continues to advance, it's crucial for cybersecurity professionals to stay vigilant and proactive in their efforts to detect and mitigate evolving threats.

Cybersecurity measures need to be reevaluated in light of the growing competition between AI-generated phishing emails and human-crafted attacks. Defenders must adjust to this new reality as the landscape changes. Staying ahead of cyber threats in this quickly evolving digital age will require combining the strengths of human experience with cutting-edge technologies.

Read more »
VIPRE Security Group
AI Detection Chat-GPT Cloud Services cloud storage services generative AI tools hacker tactics malspam malware delivery Phishing emails phishing threats Spam Technology VIPRE Security Group

Rising Email Security Threats: Here’s All You Need to Know

 

A recent study highlights the heightened threat posed by spam and phishing emails due to the proliferation of generative artificial intelligence (AI) tools such as Chat-GPT and the growing popularity of cloud services.

According to a fresh report from VIPRE Security Group, the surge in cloud usage has correlated with an uptick in hacker activity. In this quarter, 58% of malicious emails were found to be delivering malware through links, while the remaining 42% relied on attachments.

Furthermore, cloud storage services have emerged as a prominent method for delivering malicious spam (malspam), accounting for 67% of such delivery in the quarter, as per VIPRE's findings. The remaining 33% utilized legitimate yet manipulated websites.

The integration of generative AI tools has made it significantly harder to detect spam and phishing emails. Traditionally, grammatical errors, misspellings, or unusual formatting were red flags that tipped off potential victims to the phishing attempt, enabling them to avoid downloading attachments or clicking on links.

However, with the advent of AI tools like Chat-GPT, hackers are now able to craft well-structured, linguistically sophisticated messages that are virtually indistinguishable from benign correspondence. This necessitates victims to adopt additional precautions to thwart the threat.

In the third quarter of this year alone, VIPRE's tools identified a staggering 233.9 million malicious emails. Among these, 110 million contained malicious content, while 118 million carried malicious attachments. Moreover, 150,000 emails displayed "previously unknown behaviors," indicating that hackers are continually innovating their strategies to optimize performance.

Phishing and spam persist as favored attack methods in the arsenal of every hacker. They are cost-effective to produce and deploy, and with a stroke of luck, can reach a wide audience of potential victims. Companies are advised to educate their staff about the risks associated with phishing and to meticulously scrutinize every incoming email, regardless of the sender's apparent legitimacy.
Read more »
Security research
AI AI bots Artificial Intelligence ChatGPT Check Point Cyber Security Google Bard keylogger Law Enforcement Phishing emails Security flaw Security research

Forget ChatGPT, Google Bard may Possess Some Serious Security Flaws


A latest research claims that Google’s AI chatbot, Google Bard may let its users to use it for creating phishing emails and other malicious content, unlike ChatGPT.

At one such instances, cybersecurity researchers Check Point were able to produce phishing emails, keyloggers, and some basic ransomware code, by using the Redmond giant’s AI tool.

Using the AI tool of the Redmond behemoth, cybersecurity researchers Check Point were able to produce phishing emails, keyloggers, and some basic ransomware code.

The researchers' report further noted how they set out to compare Bard's security to that of ChatGPT. From both sites, they attempted to obtain three things: phishing emails, malicious keyloggers, and some simple ransomware code.

The researchers described that simply asking the AI bots to create phishing emails yielded no results, however asking the Bard to provide ‘examples’ of the same provided them with plentiful phishing mails. ChatGPT, on the other hand, refused to comply, claiming that doing so would amount to engaging in fraudulent activity, which is illegal.

The researchers further create malware like keyloggers, to which the bots performed somewhat better. Here too, a direct question did not provide any result, but a tricky question as well yielded nothing since both the AI bots declined. However, answers for being asked to create keyloggers differed in both the platforms. While Bard simply said, “I’m not able to help with that, I’m only a language model,” ChatGPT gave a much detailed explanation.

Later, on being asked to provide a keylogger to log their keys, both ChatGPT and Bard ended up generating a malicious code. However, ChatGPT did provide a disclaimer before doing the aforementioned.

The researchers finally proceeded to asking Bard to run a basic ransomware script. While this was much trickier than getting the AI bot to generate phishing emails or keylogger, they finally managed to get Bard into the game.

“Bard’s anti-abuse restrictors in the realm of cybersecurity are significantly lower compared to those of ChatGPT[…]Consequently, it is much easier to generate malicious content using Bard’s capabilities,” they concluded.

Why Does it Matter? 

The reason, in simpler terms is: Malicious use of any new technology is inevitable.

Here, one can conclude that these issues with the emerging generative AI technologies are much expected. AI, as an extremely developed tool has the potential to alter an entire cybersecurity script.

Cybersecurity experts and law enforcements have already been concerned for the same and have been warning against the AI technology for it can be well used in increasing the ongoing innovation in cybercrime tactics like convincing phishing emails, malware, and more. The development in technologies have made it accessible to users in such a way that now a cybercriminal can deploy a sophisticated cyberattack by only having minimal hand in coding.

While regulators and law enforcement are doing their best to impose limits on technology and ensure that it is utilized ethically, developers are working to do their bit by educating platforms to reject being used for criminal activity.

While generative AI market is decentralized, big companies will always be under the watch of regulatory bodies and law enforcements. However, smaller companies will remain in the radar of a potential cyberattack, especially the ones that are incapable to fight against or prevent the abuse.

Researchers and security experts suggests that the only way to improve the cybersecurity posture is to fight with full strength. Even though AI is already being used to identify suspicious network activity and other criminal conduct, it cannot be utilized to make entrance barriers as high as they once were. There is no closing the door ever again.

Read more »
System Hack
Alert System Bluefield University Cyberattacks malware Phishing emails Ransomware System Hack

The Ransomware Gang Targets University Alert Systems

 


"RamAlert," an emergency broadcast system used by Bluefield University to communicate with its students and staff, has been hijacked by the Avos ransomware gang. The gang sent SMS texts and emails informing them that their data had been stolen and was in the process of being released. With more than 900 students and a small campus in Bluefield, Virginia, Bluefield is a private university.

In a recent announcement, a university in the Virginia area advises students to be cautious of texts received via the school's mass alert system. This was in response to a ransomware group alerting the entire campus that a cyberattack is taking place. 

It was announced on Sunday that Bluefield University, a private Baptist school in Bluefield, Virginia that serves approximately 1,000 students, had shut down its systems for an unknown period as a result of a recent cyber-attack and that their systems would remain down for an unknown period. 

According to hacker messages posted on Bluefield University's RamAlert, an app that sends text and email messages to students and faculty during school emergencies, hackers send a series of messages urging them to go over to the university's president and state their concerns. 

Students and faculty members of Bluefield University were informed of a cyberattack that took place on April 30. This attack affected their IT systems and personal information. Faculty and staff had access to most university apps and websites before the incident. As a result, no evidence of identity theft or financial fraud had been reported to the University at that time. 

Avos ransomware gang hijacked the university's emergency broadcast system, RamAlert, on May 1 in an attempted takeover of the system that is used for emergency broadcasts. It was done to inform students and faculty of data theft using texts and emails.  

Bluefield University filed a police report on Tuesday alleging that a ransomware group had used the RamAlert system used by the university to send threatening messages to all students and staff members.

If the university's president refused to pay the ransom demanded by the ransomware group, the ransomware group threatened to continue disrupting the university. 

Brett Callow shared the news on Twitter revealing that the hacker has approximately 1.2 TB of Bluefield's data. This is according to a message sent to Bluefield's student body and staff. Bluefield's president received an email alert from the hackers informing him to pay the full ransom demanded by them. The hackers instructed students and staff to pressure him to do so.  

In addition, Avos Ransomware Gang's final message, or AvosLocker, implored the recipients of this malware to share the information they obtained with news outlets. This was to protect their data from exposure to the dark web. There was also an additional message which read, "Call President David Olive and tell him to pay us as soon as possible otherwise, prepare for attacks." 

It is worthwhile to remember, however, that the group's goal is to leak samples of stolen data. In addition, it provides a link where users can find stolen data. 

The school announced on Tuesday acknowledging that the RamAlert system had been hacked. However, it warns students not to click on any links provided by hackers and urges them not to click on emails. 

Due to the sudden change in time and the school's inability to hold final exams on Monday, they were postponed and pushed back one day. They were held on Tuesday, Wednesday, and Thursday rather than Monday. School systems, including email, remain unavailable at this time. 

Bluefield School officials have sent an email to all students and staff advising them not to open or transmit any links to their school accounts. These links have been sent to them. Several school systems in the area were still unavailable until a couple of days before the university's final exams, which were held in May. 

It is not clear whether or not the university will consider paying the hackers, according to the spokesperson for the university.   

From double extortion to triple extortion, ransomware groups have used a variety of methods to raise the stakes of their attacks on their victims. The school can accomplish this by emailing its customers, calling its partners, contacting the competition, and setting up portals with a search feature on them. This will enable it to discover data leaks. 

Bluefield University was attacked by the ransomware gang known as AvosLocker, which is known for speaking Russian on underground forums. In forums such as these, a user called "Avos" has been seen recruiting hackers regularly, many of whom end up working on behalf of the organization. 

A leak site maintained by the group has a list of victims from around the world that had been attacked by the group for several years. There has been an advisory published by the Federal Bureau of Investigation in the United States regarding the threat of AvosLocker. In addition to details about how the group operated in the past, recommendations on how to mitigate attacks are also included in the report.
Read more »
Subscribe to: Posts (Atom)