Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russian Cyber Security. Show all posts
Ukraine-Russia Conflict
ATM ATM Hacking Banking System attacked Cyber Attacks Cyber Warfare Russian Cyber Security Ukraine-Russia Conflict

Ukraine Hacks ATMs Across Russia in Massive Cyberattack



On July 23, 2024, a massive cyberattack launched by Ukrainian hackers targeted Russian financial institutions, disrupting ATM services across the country. According to a source within Ukrainian intelligence, the attack is “gaining momentum” as it continues to cripple banking services. By July 27, the fifth day of the cyberattack, customers of several prominent Russian banks found themselves unable to withdraw cash. When attempting to use ATMs, their debit and credit cards were immediately blocked, leaving them stranded without access to their funds. 

The intelligence source, who provided written comments to the Kyiv Post, indicated that the attack had affected numerous banks, including Dom.RF, VTB Bank, Alfa-Bank, Sberbank, Raiffeisen Bank, RSHB Bank, Rosbank, Gazprombank, Tinkoff Bank, and iBank. The widespread disruption has caused significant inconvenience for customers and highlighted vulnerabilities within Russia’s financial infrastructure. The source in Ukrainian intelligence mocked the situation, suggesting that the Kremlin’s long-desired “import substitution” might now include reverting to wooden abacuses, paper savings books, and cave paintings for accounting. 

This remark underscores the scale of the disruption and the potential for outdated methods to replace modern financial technologies temporarily. The cyberattack represents a significant escalation in the ongoing cyber conflict between Ukraine and Russia. While cyberattacks have been frequent on both sides, the targeting of ATM services and the subsequent blocking of debit and credit cards mark a notable shift towards directly impacting ordinary citizens’ daily lives. This attack not only disrupts financial transactions but also instills a sense of insecurity and distrust in the reliability of banking systems. 

The list of affected banks reads like a who’s who of Russia’s financial sector, including both state-owned and private institutions. The inability to withdraw cash from ATMs during the attack has put pressure on these banks to quickly resolve the issues and restore normal services to their customers. However, the continued nature of the cyberattack suggests that solutions may not be forthcoming in the immediate future. The Ukrainian hackers’ ability to sustain such a large-scale cyberattack over several days indicates a high level of coordination and technical expertise. It also raises questions about the preparedness and resilience of Russian banks’ cybersecurity measures. 

As the attack progresses, it is likely that both sides will escalate their cyber capabilities, leading to further disruptions and countermeasures. The broader implications of this cyberattack are significant. It highlights the increasingly blurred lines between cyber warfare and traditional warfare, where digital attacks can cause real-world consequences. The disruption of banking services serves as a stark reminder of how dependent modern societies are on digital infrastructure and the potential vulnerabilities that come with it. 

In response to the ongoing cyberattack, Russian banks will need to bolster their cybersecurity defenses and develop contingency plans to mitigate the impact of such attacks in the future. Additionally, international cooperation and dialogue on cybersecurity norms and regulations will be crucial in preventing and responding to similar incidents on a global scale. As the situation develops, the cyber conflict between Ukraine and Russia will likely continue to evolve, with both sides seeking to leverage their technological capabilities to gain an advantage. The ongoing cyberattack on Russian ATMs is a clear demonstration of the disruptive potential of cyber warfare and the need for robust cybersecurity measures to protect critical infrastructure.
Read more »
Ukraine-Russia Conflict
Bank Hacking Cyber Attacks data security DDoS DDOS Attacks Russian Cyber Security Ukraine-Russia Conflict

DDoS Attacks Disrupt Major Russian Banks: Ukraine Claims Responsibility

 

Several major Russian banks experienced distributed denial-of-service (DDoS) attacks, disrupting their online services and mobile apps. On Wednesday, local media reported that state-owned VTB Bank was among those affected. The bank informed the state news agency TASS that an attack “planned from abroad” caused disruptions for its clients trying to access online services. 

The Russian Agricultural Bank also reported being targeted by a DDoS attack on Tuesday. However, the bank noted that the impact was minimal due to their implementation of an enhanced system to combat such attacks. Gazprombank, the third-largest private bank in Russia, faced difficulties with its app’s transaction services due to the attack, though the issue was quickly resolved. Other banks, including Alfa Bank, Rosbank, and Post Bank, were also reportedly affected. 

On Wednesday, Ukraine’s military intelligence (HUR) claimed responsibility for the DDoS campaign targeting the Russian banking sector. An anonymous source within HUR, speaking to Ukrainian media, mentioned that the attacks also affected several Russian payment systems and large telecom operators such as Beeline, Megafon, Tele2, and Rostelecom. While this claim has not been independently verified, the HUR official stated that the attack “is still ongoing and far from over.” 

This incident is part of a series of cyberattacks by Ukrainian entities against Russian targets. In October, pro-Ukrainian hackers and Ukraine’s security service (SBU) claimed to have breached Russia’s largest private bank, Alfa-Bank. In January, data allegedly belonging to 30 million Alfa-Bank customers was released by attackers involved in the breach. Earlier this year, the hacker group Blackjack, in cooperation with the SBU, breached a Moscow internet provider in retaliation for a Russian cyberattack on Ukraine’s largest telecom company, Kyivstar. 

While not all reports from Ukrainian hackers or intelligence officials can be independently verified, the recent DDoS attacks on Russian banks had noticeable consequences, despite Russian claims of minimal impact. DDoS attacks are generally easier to mitigate, but this campaign stands out for its broad impact on multiple financial institutions and service providers. The ongoing cyber warfare between Ukraine and Russia underscores the escalating digital conflict between the two nations. Both sides have been leveraging cyber capabilities to disrupt each other’s critical infrastructure. 

The recent attacks highlight the necessity for robust cybersecurity measures and swift response strategies to minimize the impact on essential services and ensure the security of digital transactions. As cyber threats evolve, both nations will likely continue to enhance their defenses to protect against such incursions.
Read more »
Russian Cyber Security
Cyber Attacks DDoS DDOS Attack DDOS Attacks Killnet Russia Russian Cyber Security

KillNet: Pro-Russian Threat Actors Claims Responsiblity for 14 DDoS Attacks on U.S. Airports

 

On Monday, a pro-Russian hackers group ‘KillNet reportedly claimed to be behind the DDoS attacks, that temporarily took down the websites of several U.S. airports.
 
A similar case was witnessed by Atlanta International Airport. Consequently, users were unable to access the websites for a few hours during the campaign. Though, the attacks did not have any impact on flight operations.
 
The Los Angeles International Airport (LAX) authority informed about a threat on their website to the Transportation Security Administration and the FBI.
 
"The service interruption was limited to portions of the public facing FlyLAX.com website only. No internal airport systems were compromised and there were no operational disruptions," a spokesperson stated in an emailed statement. Adding to the statement, she said the airport’s IT Team has restored all services and is investigating the cause.
 
Later, the hacker group apparently posted the list of the hacked airport websites on Telegram that included 14 targeted domains, urging hackers to participate in the DDoS attack.
 
The Airport websites impacted by the group include Los Angeles International, Chicago O’Hare, Hartsfield-Jackson Atlanta International Airport, the Los Angeles International Airport (LAX), the Chicago O’Hare International Airport (ORD), the Orlando International Airport (MCO), the Denver International Airport (DIA), the Phoenix Sky Harbor International Airport (PHX), and the sites of airports in Kentucky, Mississippi, and Hawaii.
 
In a Telegram post on Monday, Killnet listed other U.S. sites that could be the next potential victims of similar DDoS attacks, such as sea terminals and logistics facilities, weather monitoring centers, health care systems, subway systems, and exchanges and online trading systems.
 
Apparently, this DDoS attack was not the first attack by KillNet as KillNet has previously targeted many other countries that were against the Russian invasion of Ukraine. These NATO countries include Italy, Romania, Estonia, Lithuania, and Norway.
 
KillNet's DDoS attacks and those urging other threat actors to carry out are an example of what security experts determine is the tendency in recent years of geopolitical tensions, to be permeated the cyber world. As per the speculations, this campaign against the US and other NATO countries, for instance, instigates days after an explosion demolished a section of a major bridge connecting Russia to the Crimean Peninsula.
Read more »
Ukraine
CERT-In Hacking Russian Cyber Security Sandworm Telecom Ukraine

Russia- Linked Sandworm Enacted Ukrainian Telecoms for Injecting Malicious Code


It was discovered that a Russian-based hacker known as Sandworm, impersonating Ukrainian telecommunications, targeted its entities and injected malware into them, leading to software infections throughout the country. 
 
The Sandworm is a group of hackers that are closely connected with the foreign military intelligence service of the Russian government called the GRU as a military unit 7445. It is an Advanced Persistent Threat (APT) group, which was responsible for several cyberattacks including on Ukrainian energy infrastructure. 
 
The recorded future was spying over the operations of government as well as private sectors. As per the report of “recorded future”, the rise in activities of Sandworm has been noticed since August 2022, tracked by the Computer emergency response team of Ukraine (CERT-UA). It is obvious from the frequency with which the Sandworm has been observed employing DNS domains for control and command infrastructure that it is a ruse to attack Ukrainian computers. 
 
Recorded Future further added in the report that, the APT group found a new infrastructure of UAC-0113, which imitates the operators such as Datagroup, and EuroTrans Telecom, which were responsible for placing DarkCrystal RAT, previously. 
 
The Recorded Future’s report entails “Identified staging infrastructure continues the trend of masquerading as telecommunication providers operating within Ukraine and delivers malicious payloads via an HTML smuggling technique that deploy Colibri Loader and Warzone RAT malware.” 
 
This new infrastructure of Advanced persistent threat group UAC-0113 distributed the commodity malicious ISO Colibri Loader and Warzone RAT by using HTML smuggling. This smuggling technique uses legalized features of HTML and JavaScript to inject malicious codes under security controls. 
 
The super-hacker team of Russia, Sandworm, is popularly known for its cyberattacks on the Ukrainian electrical grid in 2015 and 2016. In further research, it was also found responsible for the dropping of a botnet known as “Cyclops Blink”, which subjugated internet-connected firewall devices, etc from WatchGuard and ASUS. 
 
This APT group had also captured U.S. software under its cyberattacks, due to which the U.S government announced a reward of $10 million for providing the information of the hackers behind this Russian threat actor group. 
 
There are several examples of domains being used as masquerade such as the domain “datagroup[.]ddns[.]net”, tracked by CERT-UA, in June. It impersonated the data group as its online portal. Another example of deception is Kyivstar, in which the domain “kyiv-star[.]ddns[.net” was used by Sandworm against Ukrainian telecom services.
Read more »
Russian Cyber Security
Cyber Fraud Russia Russian Cyber Security

Group-IB revealed 50 fraud schemes with fake investments

Analysts of Group-IB Company which specializes in cyber-security revealed more than 50 schemes of fake investment projects and more than 8 thousand domains connected with fraudulent infrastructure.

Fraudsters offer those who want to get rich quick to invest in cryptocurrencies, buying stocks of oil and gas companies, gold, pharmaceuticals, and other assets. Such schemes have been recorded by experts since at least 2016, but they became widespread in 2018-2020. Moreover, in the last nine months, there have been 163% more domains registered for fake investment projects than in all previous years.

CERT-GIB's 24/7 Cyber Incident Response Center has identified over 50 templates of landing pages with a variety of ready-made investment scenarios about how to invest money to "get rich quick without much effort."

Scammers illegally copied the style of popular news resources, such as Russia 24, RT, and RBC, to design their websites.

According to the Group-IB report, "as soon as a novice investor takes the "bait," he is directed to a survey site from a "well-known bank." As a rule, all of them are associated with trading in "crypto", fiat currencies, precious metals, minerals, natural resources, pharmaceuticals. Almost every project promises fantastic earnings - from 300 thousand to 10 million rubles per month".

Scammers ensure that the victim leaves his contact details. After that, a "personal consultant" calls the victim back, who offers to register in the system to make a profit. But for this victim needs to make a deposit of $250 or more.

Then the "investor" is shown his personal account in the system with the profit figures and trading results. However, these figures are "drawn", it is impossible to withdraw virtual money.

The "personal consultant" also asks the victim for bank card details and allegedly sends a request to the bank for approval of the deposit. In fact, the money is simply debited from the account.

In December, Group-IB experts estimated that monthly user losses from targeted fraud through surveys and sweepstakes worldwide amounted to $80 million.

Read more »
Russian Cyber Security
Cyber Attacks Cyber Threat Intelligence Cyber Threats Russia Russian Cyber Security

Russians will face even more serious cyber threats in 2022

In particular, users should be wary of targeted ransomware attacks. Moreover, the damage will increase, not limited to the demand for ransom for encrypted data. Phishing and other types of attacks using social engineering will also remain popular with cybercriminals. In addition, attempts to hack smart devices are expected to rise.

Experts warned that business will become the most obvious target for attackers. The main blow will fall on supply chains, which are a weak link in protection due to the large number of participants in the process - contractors, contractors and business partners.

In December, it was reported that the barriers in Russian courtyards turned out to be a source of cyber threats. A vulnerability has been found in the device management system of the private company AM Video, which leads to the leakage of personal data. According to analysts, the discovered error allowed anyone to gain access to any of the company's facilities. To do this, it was necessary to log into a test account and select the identifier (ID) of cameras or barriers. The system provided access to all user data - names, addresses, phone numbers and car brands. Through the website, it was possible to block or open the entrance to the territory of the house, send notifications to residents on mobile phones and use their personal data.

Earlier it became known that 12 programs were found in the Google Play app store for Android devices that steal banking data from infected devices. Applications mimic document scanners and QR codes. After installing the application on the user's device, the program itself decides whether to download the virus to the phone. If the decision is positive, then the malicious code gets to the victim through a fake request to update the program.

Read more »
Russian Cyber Security
Botnet malware Russia Russian Cyber Security

Russian experts have discovered the largest botnet in the history of the Internet

Hackers have combined several botnets to carry out the most powerful DDoS attacks on the Network. Experts of the Russian company StormWall, a company specializing in protecting businesses from cyber threats, have recorded attacks with a capacity of more than 1 Tbit /s, lasting for several days. Most often, they affected companies in the entertainment sector, retail, publishing houses and the fintech sector.

StormWall reported that the attacks were carried out using a new botnet consisting of several tens of thousands of servers with different versions of operating systems, as well as webcams, routers, smart TVs.

Since the botnet includes different devices based on different operating systems, it can be concluded that they are infected in different ways. Each attack had approximately the same power, but at the same time different geographical distribution, which indicates that not one botnet was used, but several combined into a single control system.

According to experts, the botnet's resources were divided between several users who could launch DDoS attacks simultaneously. At the same time, to launch the attack, each attacker used not the entire botnet, but a part of it. But even a part allowed organizing an attack with a capacity of several hundred gigabits per second.

According to Artem Tereshchenko, Development Director of VAS Experts, today the Internet security resources are at a fairly high level, and in order to hack them, you need to generate as much traffic as possible.

Experts believe that the botnet poses risks for both technology companies that provide their services over the Internet and for their customers. The purpose of the botnet is not just to harm, but to seize the personal data of users and commercial data of the company itself.

According to StormWall experts, hackers are combining botnets in order to get the maximum attack power that can even penetrate DDoS protection. 

Read more »
Russian Cyber Security
Cyber Crime Piracy Russia Russian Cyber Security

Software for hacking online cinemas is in open access

There was code repository published in Github for illegally downloading movies from Netflix, Amazon Video, Apple TV+, and other popular platforms. The published scripts allow you to bypass the protection technology used by Russian online cinemas, among others and download video content.

The authors of the TorrentFreak portal reported that on December 28, the software appeared on the international developer platform GitHub for free downloading content from major video services such as Netflix, Apple TV+, Amazon Video, Disney+ others. So, a user named Widevinedump published a code to bypass Widevine's DRM protection technology and posted 12 scripts that allow you to download paid content in resolution up to 720p from popular video services.

According to Karen Ghazaryan, Director General of the Internet Research Institute, almost every Internet browser has support for solutions that prevent illegal copying of files: Microsoft PlayReady or Adobe DRM. The DRM bypass technology, according to the expert, can also be applied to Russian online cinemas.

 “It will not be widely used, the mechanism requires special competencies, but professional pirates may well. So the number of movies and TV series uploaded to torrents will increase, which is very useful before the holidays, ”Mr. Ghazaryan believes.

Sergey Nenakhov, head of the cybersecurity audit department at Infosecurity a Softline Company, explains that Russian online cinemas mainly use the same technologies — Widevine from Google and FairPlay from Apple, some additionally embed watermarks in the video to identify leaks.

"But pirates can also make changes to the video stream, adding their own noise and "spoiling" watermarks to confuse the tracks," he adds.

According to experts, given the current level of availability of pirated content in the Russian Federation, this is unlikely to significantly change the situation.

Read more »
Subscribe to: Posts (Atom)