Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Threats of Technology. Show all posts

Unprecedented Data Breach Exposes Personal Information of Millions in India

Described as the biggest data breach ever, a big security mistake has apparently leaked the personal info of millions of people around the world. CloudSEK, an Indian cybersecurity company, brought attention to the breach, exposing extensive sensitive data, including names, mobile numbers, addresses, and unique 12-digit Aadhaar card numbers. Surprisingly, two groups involved in cybercrime, including CYBO CREW-affiliated CyboDevil and UNIT8200, are selling the data for $3,000. 

CYBOCREW is a relatively new threat group that was initially identified in July 2023. This group has been focusing on organizations in various sectors like automobile, jewellery, insurance, and apparel, carrying out significant breaches. Among its most active affiliates are CyboDevil and UNIT8200. 

Reportedly in the recent attack 750 million Indians have been hit, constituting around 85% of the country's 1.4 billion population, this disclosure raises serious concerns regarding the security and privacy of personal information, marking a critical incident in the cybersecurity domain. 

The breach's severity is magnified by the revelation of Aadhaar card numbers, a crucial identification document in India. The leaked data encompasses details frequently used for identity verification and authentication, leaving affected individuals susceptible to various forms of exploitation, including identity theft and fraud. 

The repercussions of this breach extend to mobile network subscribers in multiple countries, amplifying concerns about privacy and data security. According to CloudSEK researchers, the compromised database contains sensitive security information and has been compressed from 1.8TB to 600GB. 
In their analysis of the extensive personally identifiable information (PII) within the database, CloudSEK identified the global impact on major telecom providers. 

Despite the widespread implications, users in India face heightened risks due to the exposure of their unique Aadhaar identification numbers. This increased vulnerability raises concerns about potential identity theft, financial fraud, and a greater susceptibility to cybercrime for those affected. 

The situation emphasizes the urgent need to address and mitigate risks associated with such breaches to protect personal information and thwart malicious activities. The database is up for sale on Telegram and Breach Forums, which are well-known places for hackers and cybercrime activities. 

Interestingly, this forum recently had another person threatening to release a database from Hathway, which had information from 4 million users. According to CloudSEK, the person selling the data denies being part of the data breach and says they got it through law enforcement channels and undisclosed asset work. However, the source of the data still needs to be clarified.

Learn How to Decrypt Black Basta Ransomware Attack Without Paying Ransom

Researchers have created a tool designed to exploit a vulnerability in the Black Basta ransomware, allowing victims to recover their files without succumbing to ransom demands. This decryption tool potentially provides a remedy for individuals who fell victim to Black Basta ransomware attacks between November 2022 and the current month. 

Regrettably, recent intel suggests that the developers of Black Basta identified a flaw in their encryption process about a week ago and swiftly rectified it. As a result, the fix has nullified the effectiveness of the decryption technique against more recent Black Basta attacks. 

Let’s Understand Black Basta Buster Decryptor 

Security Research Labs (SRLabs) successfully leveraged a weakness in the Black Basta ransomware to create a decryptor tool, offering affected companies the ability to retrieve their encrypted files without being compelled to make a ransom payment. The vulnerability identified in the Black Basta ransomware pertained to the XChaCha20 encryption algorithm. 

This particular algorithm encrypts files within targeted systems using an XOR method. "Our analysis suggests that files can be recovered if the plaintext of 64 encrypted bytes is known. Whether a file is fully or partially recoverable depends on the size of the file,"  SRLabs reported.  

Furthermore, it says that "Files below the size of 5000 bytes cannot be recovered. For files between 5000 bytes and 1GB in size, full recovery is possible. For files larger than 1GB, the first 5000 bytes will be lost but the remainder can be recovered." 

What is the Process of Decrypting? 

To unlock files hit by Black Basta ransomware, you need to know a bit of the original content. If your file is small (under 5000 bytes), it is probably gone. But if it is between 5000 bytes and 1GB, you can get it all back. Larger than 1GB? You lose the first bit, but the rest can be saved. 

Black Basta scrambles files using a special code, and there's a hiccup. They reuse part of the code, making certain chunks turn into a key that can unlock the whole file. Good news for big files, like those on virtual machines – even if the ransomware messes with the main stuff, there are tools to fix it. For small files, it might be tough, but if you have an older version without the code mess, there is still hope.

Who is BB Gang?

The Black Basta ransomware gang started its cybercrime activities in April 2022, focusing on double-extortion attacks against businesses. By June of the same year, they teamed up with the QBot malware operation to infiltrate corporate networks using Cobalt Strike for remote access. 

The gang, associated with the FIN7 hacking group, has targeted various organizations, including Capita, the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada. In a recent incident, they attacked the Toronto Public Library, Canada's largest public library system.

Insider Attacks Becoming More Frequent, And Difficult Gurucul Report

Gurucul, is a California, United States-based company that is known for its innovative solutions for the Next Generation SIEM market, and also provides other companies with risk intelligence to detect, prevent, and deter advanced internal and external threats and fraud. 

The company with its 600,000+ member online community for information security professionals has published its annual 2023 Insider Threat Report. In the survey, more than 325 cybersecurity professionals participated. The report talks about the latest trends and challenges the organizations are dealing with as they try hard to protect their systems from changing insider threats. 

Along with these areas, the survey also highlighted — how worldwide companies are preparing to protect their critical data and IT infrastructure. The report indicates that insider threats for organizations are a top concern of all other kinds of cyber threats. However, only 3% of respondents surveyed are not concerned with insider risk. 

As per the data, organizations have never felt more helpless and vulnerable than today. Cyber threats are increasing at a faster pace. Three-quarters of respondents said they feel moderate to extremely vulnerable to insider threats – an increase of 8% over the previous year. 

Around, 74% of organizations have reported that insider attacks have become more frequent (a 6% increase over last year), with 60% experiencing at least one attack and 25% experiencing more than six attacks. Additionally, 87% of organizations consider unified visibility and control across all apps, systems, web destinations, on-premises resources, and infrastructure to be moderate to extremely important. 

Following the report Saryu Nayyar, Gurucul CEO said, “This report sheds light on some of the most interesting insider threat challenges facing organizations today. While it shows that 86% are using some sort of solution to monitor user behavior in some way, it was surprising to see that access logging was the primary method and that only 25% are using automated tools to monitor user behavior 24×7.” 

Furthermore, more than half of respondents reported that detecting insider threats is very hard in the cloud and that uptime and performance of tools like SASE and CASB are crucial for success. 

“The types of monitoring and analytics used to detect insider threats vary widely between organizations. This highlights the need for better tools and processes to analyze data behavior, user behavior, access, and movement across a network both internally and externally to detect and prevent insider attacks,” Nayyar further added.