Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Theft. Show all posts

Emerging Technology Facilitating Increased Vehicle Thefts and Accidents by Criminals

 

The automotive industry is abuzz with discussions about the "Internet of vehicles" (IoV), which envisions a network of interconnected cars and other vehicles capable of sharing data via the Internet. The goal is to revolutionize transportation by enhancing its autonomy, safety, and efficiency.

IoV has the potential to empower vehicles to identify obstacles, traffic congestion, and pedestrians. It could also facilitate precise vehicle positioning, potentially leading to autonomous driving and streamlined fault diagnosis. This concept is already manifesting to some extent through smart motorways, where technology is deployed to optimize motorway traffic management.

However, the realization of a more advanced IoV necessitates the integration of additional sensors, software, and technology into vehicles and the surrounding road infrastructure. Modern cars are already equipped with an array of electronic systems, ranging from cameras and mobile connectivity to infotainment setups.

Nevertheless, the proliferation of these systems comes with security concerns. Certain vulnerabilities could render vehicles susceptible to theft and malicious attacks as criminals exploit weaknesses in this burgeoning technology. In fact, instances of such exploitation are already being observed.

A common security measure to guard against car theft is the use of smart keys. These keys possess a button that deactivates the vehicle's immobilizer—a device preventing unauthorized starting—enabling the car to be driven. However, thieves have discovered a method to bypass this security measure using a handheld relay tool. By collaborating, one person stands near the car while the other stays in proximity to the key, often near the owner's residence. 

The tool captures the key's signal and relays it to the car, tricking it into thinking the key is nearby. This kind of theft, which typically occurs at night, can be facilitated with relay equipment readily available online for a modest sum. Protective measures such as Faraday bags or cages are employed to counteract such attacks.

Now, a more advanced attack technique is emerging—referred to as a "CAN (Controller Area Network) injection attack." This approach involves establishing a direct connection to the vehicle's internal communication system, the CAN bus. Criminals attempt to access this system by manipulating the front lights of the vehicle, usually requiring the manipulation of the bumper to insert a CAN injector.

This enables the thieves to send fraudulent messages to the car, convincing it that they are from the legitimate smart key and subsequently disabling the immobilizer. Once access is gained, the thieves can start the engine and drive away with the vehicle.

To counteract the rising threat of vehicle theft, manufacturers are adopting innovative strategies. One such approach involves a "zero trust" philosophy, which involves scrutinizing and verifying all received messages. Hardware security modules are being incorporated into vehicles to generate cryptographic keys, enabling data encryption and decryption as well as digital signature verification.

While this mechanism is being increasingly integrated into new vehicles, retrofitting existing cars is impractical due to time and cost constraints, leaving many vehicles susceptible to CAN injection attacks.

Another security consideration is the vulnerability of the onboard computer system, often referred to as the "infotainment system." Attackers can potentially exploit this system using "remote code execution" to inject malicious code into the vehicle's computer. Such attacks can manipulate various car components, including the engine and wheels, with potentially catastrophic consequences.

Hence, it's crucial for vehicle owners with infotainment systems to grasp fundamental security mechanisms to shield themselves from potential hacking endeavours. 

The spectre of a surge in vehicle thefts and insurance claims stemming from CAN attacks underscores the need for a balanced approach between the advantages of IoV—such as enhanced safety and improved recovery of stolen vehicles—and the associated risks.

"Securing Your Digital Assets: Uncovering the Untraceable Data Theft Bug in Google Workspace's Drive Files"

 


Security consultants say hackers can steal information from Google Drive accounts through a method known as password mining. It is all done to conceal the fact that they have taken away a lot of information without leaving any trace behind. 

Google Workspace has been found vulnerable to a critical security flaw revealed in the past few days. Thousands of files on people's drives are at risk of silent theft by hackers due to this vulnerability. Due to the current trend of increased remote working and digital collaboration, and as a result of this alarming vulnerability, immediate attention must be given to ensuring the security and privacy of sensitive information. 

Mitiga Security researchers discovered a security vulnerability in Google Workspace that was previously unknown. The attacker could use this technique to exfiltrate data from Google Drive without leaving a trace. Due to a forensic vulnerability, this vulnerability allows a user to exfiltrate data from an application. This is without leaving a trail for anyone to see what they did. 

There is a security issue pertaining specifically to actions taken by users without a Google Workspace enterprise license. This makes it a particularly serious issue. There will be no documentation for the actions carried out on private drive-by users without a paid Google Workspace license. 

When hackers cancel their paid license and switch to a free "Cloud Identity Free" license, they can disable logging and recording on their computers. 

A great collaboration tool that Google offers is Google Workspace. There are, however, several security holes that exist in its security system. There is no such thing as an untouchable threat when it comes to data. When there is a lot of connectivity between things, cloud services can be extremely risky. An entire department's work can be overturned by one wrong link in a chain of documents that are all dependent on one another. 

There is a "Cloud Identity Free" license available by default to all Google Drive users. There are no logs kept in the system regarding actions performed by a user on their private drive. This is unless an administrator assigns a paid license to the user. In this environment, due to the lack of visibility, threat actors can manipulate or steal data without being detected. Two different methods can be used to exploit security vulnerabilities in a computer system. 

As a first method, a threat actor compromises a user's account, manipulates the license of that user, and allows the threat actor access to and download private files through the user's account. The only thing that is preserved during license revocation and reassignment is the logs that accompany the process. During the revoking of a paid license, the second method targets employees who are involved in the process. Despite being revoked, a license can still be useful for downloading sensitive files from a private drive if the account is not disabled before the license is revoked. 

A threat actor could easily revoke a cloud storage account's paid license by following a few simple steps, thereby reverting an account to the free "Cloud Identity Free" license if the account is compromised by a threat actor.

There is no record-keeping or logging functionality in the system, so this would turn it off. Once that was done, they could exfiltrate any files they wanted, without leaving any trace of what they did behind. As far as an administrator is concerned, all they may notice later is the fact that someone has revoked a paid license. 

A company called Mitiga says it notified Google that it had found the information, but the company has not responded. An important step of any post-mortem or hacking forensics process is to identify which files have been taken during a data breach so you can conduct your investigation accordingly. It can assist victims in determining what types of information were taken and, as a consequence, if there is a need to worry about identity theft, wire fraud, or something similar, help them establish if they are in danger. 

In addition to logging, one of the standard methods by which IT teams keep track of potential intrusions before causing severe damage is to ensure that all activity is logged appropriately. Google Drive accounts, on the other hand, are often left without adequate controls by hackers, which makes it easier for them to steal data undetected.

It is also imperative that cloud storage providers take more robust steps to protect user data to prevent vulnerabilities like this from occurring in the future. Even though Google has yet to reply to Mitiga's findings, the company will likely address this problem shortly. It will result in an enhanced level of security for its platform as a result. 

The users should remain vigilant while they are awaiting the emergence of the attacks and make sure they are protecting their data. It is also recommended that they regularly monitor their Google Drive accounts to make sure that there are no suspicious activities or unauthorized access. Further, it must be noted that strong passwords must be used and two-factor authentication must be used to prevent unauthorized access from happening. 

Many documents and files can be stolen, including confidential business documents, proprietary information, financial records, intellectual property, and personal documentation. Regulatory violations, as well as financial fraud, corporate espionage, reputation damage, and other potential economic repercussions, can result from data breaches on a large scale. This is far beyond a mere failure to recover data. 

Due to the alarming nature of this discovery, you must take immediate action to protect your sensitive data and protect yourself against potentially harmful hacks. 

To improve your organization's security posture, it is recommended you take the following steps: 

Make sure two-factor authentication is enabled in your account. Two-factor authentication on your Google Workspace account adds extra security. As a result, even if your login credentials are compromised, this will apply an additional security layer. This will ensure you cannot access your account until you pass an additional verification step. 

Stay Educated: Make the most of Google Workspace security alerts and advisories and keep up to date on the latest security threats. It is imperative to keep an eye on official sources, including Google's security bulletins and blogs, for more information regarding security threats. 

You need to educate your employees about the risks of phishing attacks. You need to give them the tools to act when interacting with suspicious emails and websites. Educate them about phishing risks and the importance of action when providing login credentials. Reporting suspicious activity promptly should be encouraged as part of organizational culture.

Interpol is Determining How to Police the Metaverse

 

Interpol, the International Criminal Police Organization, is researching how to police the metaverse, a digital world envisioned as an alternative to the real world. Jurgen Stock, the secretary general of Interpol, believes that the organization must be prepared for this task in order to avoid being left behind by the metaverse and its associated technology. 

When it comes to enforcing the law in the metaverse, police organizations face challenges. However, Jurgen Stock, the secretary general of the International Criminal Police Organization, Interpol, appears to believe that the organization must be prepared to take action on cybercrime. 

The organization is currently preparing to expand its operations to metaverse platforms, which are already in use by some groups to commit crimes. In an interview with the BBC, Stock stated:

"Criminals are sophisticated and professional in very quickly adapting to any new technological tool that is available to commit crime. We need to sufficiently respond to that. Sometimes lawmakers, police, and our societies are running a little bit behind."

Among the current metaverse crimes are verbal harassment, assaults, and others such as ransomware, counterfeiting, money laundering, and financial fraud. However, some of these remain in the legal gray areas.

Thefts in the Metaverse

According to Dr. Madan Oberoi, Interpol's executive director of technology and innovation, one of the most difficult problems the organization is currently facing is determining whether an action on the metaverse constitutes a crime or not. Recognizing that there are still difficulties in this regard, he stated:

"If you look at the definitions of these crimes in physical space, and you try to apply it in the metaverse, there is a difficulty. We don’t know whether we can call them a crime or not, but those threats are definitely there, so those issues are yet to be resolved."

For Oberoi, one thing is certain: to police the metaverse, Interpol needs to have contact and be present on metaverse platforms. This is why the organization already has its own location in the metaverse, which was inaugurated during its 90th General Assembly in New Delhi in October.

Interpol's metaverse platform also serves another purpose, enabling it to offer courses online to members of the force in other countries and directly practice the acquired skills in the metaverse.

How to Prevent Corporate Login Credential Theft?

 

Expenditure on enterprise cybersecurity is growing rapidly. According to the most recent estimates, the average figure for 2021 will be more than $5 million. Despite this, US organizations reported a record number of data breaches in the same year. 

So, what's the problem? Static passwords, user errors, and phishing attacks continue to undermine security efforts. Threat actors benefit greatly from easy access to credentials. And user training alone will not be enough to restore the balance. A strong credential management strategy is also required, with multiple layers of protection to ensure credentials do not fall into the wrong hands.

During the first half of this year, nearly half of all reported breaches involved stolen credentials. Once obtained, these credentials allow threat actors to disguise themselves as legitimate users in order to deploy malware or ransomware or move laterally through corporate networks. Extortion, data theft, intelligence gathering, and business email compromise (BEC) can all be carried out by attackers, with potentially huge financial and reputational consequences. Breaches caused by stolen or compromised credentials cost an average of $4.5 million in 2021, and they are more difficult to detect and contain (327 days).

It may come as no surprise that the cybercrime underground is rife with stolen credentials. In fact, 24 billion were in circulation in 2021, a 65% increase over 2020. Poor password management is one factor.  Since password reuse is common, these credential hauls can be fed into automated software to unlock additional accounts across the web, a technique known as credential stuffing. They are quickly put to use once they are in the hands of hackers. 

As per one study, cybercriminals gained access to almost a quarter (23%) of accounts immediately after the compromise, most likely through automated tools designed to quickly validate the credibility of the stolen credential.

Phishing is a particularly serious enterprise threat that is becoming more sophisticated. Unlike the error-ridden spam of yesteryear, some efforts appear so genuine that even a seasoned pro would have difficulty detecting them. Corporate logos and typefaces are accurately reproduced. Domains may use typosquatting to appear identical to legitimate domains at first glance.

They may even use internationalized domain names (IDNs) to imitate legitimate domains by replacing Roman alphabet letters with lookalikes from non-Latin alphabets. This enables fraudsters to register phishing domains that look exactly like the original.

The same holds true for the phishing pages that cybercriminals direct employees to. These pages are intended to be convincing. URLs will frequently use the same tactics mentioned above, such as letter substitution. They also intend to imitate logos and fonts. These techniques make pages appear to be the "real deal." To trick users, some login pages display fake URL bars that display the real website address. This is why you can't expect employees to know which sites are legitimate and which are attempting to dupe them.

This means that user awareness programs must be updated on a regular basis to account for specific hybrid-working risks as well as constantly changing phishing tactics. Short, bite-sized lessons with real-world simulation exercises are required. Creating a culture in which reporting attempted scams is encouraged is also important.

But be aware that there is no silver bullet, and user education alone will not reliably prevent credential theft. Bad actors only need to be fortunate once. And there are numerous ways for them to contact their victims, including email, social media, and messaging apps. It is unrealistic to expect every user to detect and report these attempts. Education must use technology and solid processes.

Credential management should be approached in layers by organizations. The goal is to reduce the number of sites where users must enter passwords. Single sign-on (SSO) should be implemented by organizations for all reputable necessary work applications and websites. SSO should be supported by all SaaS providers.

In the meantime, a password manager would be useful if there are logins that require different credentials. This also allows employees to determine whether a login page can be trusted, as the password manager will not provide credentials for a site it does not recognize. To secure logins, organizations should also enable multi-factor authentication (MFA).

FIDO2 is also gaining popularity. It will provide a more robust solution than traditional authenticator apps, though those apps will still be superior to text-message codes. Not everything is foolproof, and risky login pages may slip through the cracks. Employees should only be flagged for risky login pages as a last resort. 

This can be accomplished by analyzing threat intelligence metrics, webpage similarities, domain age, and how users arrived at a log in page in real-time. This rating can then be used to either block high-risk login pages or warn users to check again for less-risky ones. Importantly, because this technology only intervenes at the last second, security appears transparent to the user and does not make them feel watched.

A layered approach to credential management, when combined with an architectural approach to security across the entire stack, can help reduce the attack surface and mitigate risk from an entire class of threat.

Classified NATO Documents Stolen from Portugal, Now Sold on Darkweb

 

The Portuguese Armed Forces General Staff Agency (EMGFA) was reportedly the victim of a cyberattack that resulted in the theft of classified NATO documents, which are now being sold on the dark web. 

EMGFA is the government agency in charge of controlling, planning, and operating Portugal's armed forces. The agency only discovered it had been hacked after hackers posted samples of the stolen material on the dark web, offering to sell the files to interested parties. 

American cyber-intelligence agents discovered the sale of stolen documents and notified the US embassy in Lisbon, which alerted the Portuguese government of the data breach. A team of experts from the National Security Office (GNS) and Portugal's national cybersecurity centre was immediately dispatched to EMGFA to carry out the a complete screening of the body’s entire network.

The story was first reported by the local news outlet Diario de Noticias, which claims to have confirmed the accuracy of the information through anonymous sources close to the ongoing investigations. According to these sources, the leaked documents are of "extreme gravity," and their dissemination could jeopardise the country's credibility in the military alliance.

“It was a cyberattack prolonged in time and undetectable, through bots programmed to detect this type of documents, which were later removed in several stages,” stated one of DN’s sources.

EMGFA's computers are air-gapped, but the exfiltration used standard non-secure lines. As a result, the investigation's first conclusion is that the top military body violated its operational security rules at some point. As of today, no official statement has been issued by the Portuguese government on the subject, but the political opposition is increasing pressure for a briefing in response to DN's report.

Many members of parliament expressed surprise after learning that classified military documents were being sold on the internet and that the country's intelligence services had failed to detect such a critical breach. As a result, they asked the chairman of the parliamentary defence committee, Marcos Perestrello, to intervene and schedule hearings on the incident as soon as possible.

Are your rewards and loyalty points getting less? You might want to take a look!


The universe is lazy, everything that occurs follows the principle of least action. It should be no surprise that living things have evolved to obtain the most benefit for the least work; consider the intersection of intelligence and energy. And the same is true for humans, we are inherently lazy - choosing the path of least resistance. No matter the work, we will choose the shortest, most easy and least time-consuming way to do it. No matter the path, we will take the most direct and simplest route.

The same could be said for the cyber world wizards, the hackers who would take the easiest path to hack and earn and hence have chosen a new way to earn and steal - "Loyalty Points".


Loyalty Points 

Digital Banking systems nowadays is as safe and impenetrable as their physical counterparts and require planning, knowledge and a load of luck to hack. And when there are easily accessible, far less secure targets like Loyalty Points, then why do so much work?

 Loyalty Points and schemes are rewards given to customers that they can swap for goods and offers much like currency. Since these are less secure, easy to steal our lazy hackers are now attacking these points instead of the highly secure bank accounts and vaults.

Need to be taken seriously

Andy Still, CTO Netacea writes for Infosecurity Group Website, "People don’t treat loyalty points in the same way as they treat other financial products. When our wallet or purse is stolen or lost, we immediately cancel our credit and debit cards. Our loyalty cards can wait. Retailers tend to treat loyalty points in the same way—logging into an account doesn’t have the same level of security, and two-factor authentication is rare."

People are often careless with their reward accounts, they leave it for months before they check it and the theft goes unnoticed. There's also a benefit that the stolen points will be refunded. In this scam, both the businesses and the customers are affected. The customer doesn't get the benefit of loyalty points nor does the business get what they want- repeat business, customer loyalty and branding. Business needs to take their loyalty points scheme like bank accounts and ask their customers to do the same.

Hackers Attack IOTA's Trinity Wallet, Company Shuts Down the Network


The hackers attacked the IOTA's cryptocurrency wallet and stole all the funds. The theft happened by exploiting a vulnerability in the IOTA's networks. Attack took place on 12th February 2020, and the company informed about the incident via its official account on twitter. The tweet said that the IOTA is presently investing an attack on its trinity wallet. IOTA has advised its users not to share or use the Trinity Wallet on their desktop until the case has been solved. According to the news, the IOTA is currently working with cybersecurity experts and law agencies to go to the roots of the problem that has caused the cryptocurrency theft.


The company, on its official website, announced that because of the theft of funds, it has shut down its 'Coordinator' node for a while to protect the users. The Coordinator works as a final checkpoint for safety assurance of the transactions that take place on IOTA's network. According to the company, the decision to shut down the Coordinator node is to protect any further fraudulent transactions that might take place on IOTA's network. IOTA says that the hackers chose to attack the high profile accounts first, and then moved on to smaller accounts, and so on until the transactions were stopped by the coordinator.

“The attack pattern analysis showed that the halt of the coordinator interrupted the attacker’s attempts to liquidate funds on exchanges,” said the IOTA's official website. “The stolen funds have been purposely and repeatedly merged and split to obfuscate the investigation, and with the current token exchange rate as well as exchanges’ KYC limits in mind. We received additional feedback from more exchanges (not all yet), confirming that none of the identified transactions has been received or liquidated.”

As of now, IOTA's network system is still not active, and the company is still investigating the issue. Cybersecurity experts and members of the IOTA say that the hackers found a vulnerability in the Trinity wallet and were thus able to launch the attack. IOTA hasn't announced anything about the amount stolen but the experts believe it to be around $1 Million IOTA coins or more.

21-Year-Old Arrested For SIM Swapping Hack; Allegedly Steals $1 Million


U.S. broadsheet the New York Post announced Nov. 20 regarding some authorities in the United State, state of California who have arrested a 21-year old New Yorker for the supposed burglary of $1 million in crypto utilizing "SIM-swapping,"

SIM-swapping otherwise called a "port-out scam" includes the burglary of a mobile phone number with the end goal to capture online financial and social media accounts, empowered by the way that numerous organizations utilize computerized messages or telephone calls to deal with client validation.

The captured suspect, Nicholas Truglia, is accused for having focused on well off Silicon Valley officials in the Bay Area, and of effectively convincing telecoms support staff to port six exploited people's numbers to his an affirmed "crew" of accomplice attackers. Deputy DA Erin West, of Santa Clara Superior Court, told the Post that the ploy was "a new way of doing an old crime.”

“You’re sitting in your home, your phone is in front of you, and you suddenly become aware there is no service because the bad guy has taken control of your phone number,” West said.

With his capture on November 14, authorities were able to recover $300,000 in stolen reserves while the remaining assets remain untraced.

Trugila is currently being held at pending for extradition to Santa Clara, where he faces 21 felony counts related with an aggregate of six exploited people, authorities said. One of Truglia's supposed SIM-swapping victims, San Francisco-based Robert Ross, was purportedly robbed of $500,000 worth of crypto possessions on his Coinbase wallet "in a flash" on Oct. 26, and in the meantime a further $500,000 was taken from his Gemini account. West said the $1,000,000 was Ross' "life savings" and his two girls' college fund.

This rising predominance of SIM swap-related occurrences has therefore provoked a California-based law enforcement group to make it their "most noteworthy need." in excess of one prominent occasion, exploited people have acted to sue telecoms firms, for example, AT&T and T-Mobile for their help of the wrongdoing.

Truglia is since being held Manhattan Detaintion Complex pending extradition to Santa Clara in California. Formal charges identify with a seven-day "hacking spree" starting Oct. 8, particularly involving "grand theft, altering or damaging computer data with the intent to defraud and using personal information without authorization.”