Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Turkey. Show all posts
Turkey
CosmicBeetle Cyber Attacks ESET ESET Research Malware Attack ransomware attacks small business security Small Businesses Turkey

CosmicBeetle Exploits Vulnerabilities in Small Businesses Globally

 

CosmicBeetle is a cybercriminal group exploiting vulnerabilities in software commonly used by small and medium-sized businesses (SMBs) across Turkey, Spain, India, and South Africa. Their main tool, a custom ransomware called ScRansom, is still under development, leading to various issues in the encryption process. This sometimes leaves victims unable to recover their data, making the ransomware not only dangerous but also unpredictable. 

Based on analysis by Slovakian cybersecurity firm ESET, CosmicBeetle’s skills as malware developers are relatively immature. This inexperience has led to chaotic encryption schemes, with one victim’s machines being encrypted multiple times. Such issues complicate the decryption process, making it unreliable for victims to restore their data, even if they comply with ransom demands. Unlike well-established ransomware groups that focus on making the decryption process smoother to encourage payment, CosmicBeetle’s flawed approach undermines its effectiveness, leaving victims in a state of uncertainty. 

Interestingly, the group has attempted to boost its reputation by implying ties to the infamous LockBit group, a well-known and more sophisticated ransomware operation. However, these claims seem to be a tactic to appear more credible to their victims. CosmicBeetle has also joined the RansomHub affiliate program, which allows them to distribute third-party ransomware, likely as an attempt to strengthen their attack strategies. The group primarily targets outdated and unpatched software, especially in SMBs with limited cybersecurity infrastructure. They exploit known vulnerabilities in Veeam Backup & Replication and Microsoft Active Directory. 

While CosmicBeetle doesn’t specifically focus on SMBs, their choice of software vulnerabilities makes smaller organizations, which often lack robust patch management, easy targets. According to ESET, businesses in sectors such as manufacturing, pharmaceuticals, education, healthcare, and legal industries are particularly vulnerable. CosmicBeetle’s attacks are opportunistic, scanning for weak spots in various sectors where companies might not have stringent security measures in place. Turkey, in particular, has seen a high concentration of CosmicBeetle’s attacks, suggesting that the group may be operating from within the region. 

However, organizations in Spain, India, and South Africa have also been affected, illustrating the group’s global reach. CosmicBeetle’s focus on exploiting older vulnerabilities demonstrates the need for businesses to prioritize patching and updating their systems regularly. One key issue with CosmicBeetle’s operations is the immaturity of their ransomware development. Unlike more experienced cybercriminals, CosmicBeetle’s encryption tool is in a constant state of flux, making it unreliable for victims. While ESET has been able to verify that the decryption tool technically works, its rapid and frequent updates leave victims uncertain whether they can fully recover their data. To reduce the risk of falling victim to such attacks, SMBs must prioritize several cybersecurity measures. 

First and foremost, regular software updates and patch management are essential. Vulnerabilities in widely used platforms like Veeam Backup and Microsoft Active Directory must be addressed promptly. Businesses should also invest in employee cybersecurity training, emphasizing the importance of recognizing phishing attacks and suspicious links. In addition to these basic cybersecurity practices, companies should back up their data regularly and have robust incident response plans. Having a reliable backup strategy can mitigate the damage in the event of a ransomware attack, ensuring that data can be restored without paying the ransom. Companies should also invest in cybersecurity solutions that monitor for unusual network activity, providing early warning signs of potential breaches.
Read more »
Vulnerabilities and Exploits
Censorship Digital Communication Instagram Meta Social Media Turkey Vulnerabilities and Exploits

Why Did Turkey Suddenly Ban Instagram? The Shocking Reason Revealed


 

On Friday, Turkey's Information and Communication Technologies Authority (ICTA) unexpectedly blocked Instagram access across the country. The ICTA, responsible for overseeing internet regulations, did not provide any specific reason for the ban. However, according to reports from Yeni Safak, a newspaper supportive of the government, the ban was likely a response to Instagram removing posts by Turkish users that expressed condolences for Hamas leader Ismail Haniyeh's death.

Many Turkish users faced difficulties accessing Instagram following the ban. Fahrettin Altun, the communications director for the Turkish presidency, publicly condemned Instagram, accusing it of censoring messages of sympathy for Haniyeh, whom he called a martyr. This incident has sparked significant controversy within Turkey.

Haniyeh’s Death and Its Aftermath

Ismail Haniyeh, the political leader of Hamas and a close associate of Turkish President Recep Tayyip Erdogan, was killed in an attack in Tehran on Wednesday, an act allegedly carried out by Israel. His death prompted widespread reactions in Turkey, with many taking to social media to express their condolences and solidarity, leading to the conflict with Instagram.

A History of Social Media Restrictions in Turkey

This is not the first instance of social media restrictions in Turkey. The country, with a population of 85 million, includes over 50 million Instagram users, making such bans highly impactful. From April 2017 to January 2020, Turkey blocked access to Wikipedia due to articles that linked the Turkish government to extremism, tellingly limiting the flow of information.

This recent action against Instagram is part of a broader pattern of conflicts between the Turkish government and social media companies. In April, Meta, the parent company of Facebook, had to suspend its Threads network in Turkey after authorities blocked its information sharing with Instagram. This surfaces ongoing tensions between Turkey and major social media firms.

The blockage of Instagram illustrates the persistent struggle between the Turkish government and social media platforms over content regulation and freedom of expression. These restrictions pose crucial challenges to the dissemination of information and public discourse, affecting millions who rely on these platforms for news and communication. 

Turkey's decision to block Instagram is a testament to the complex dynamics between the government and digital platforms. As the situation pertains, it will be essential to observe the responses from both Turkish authorities and the affected social media companies to grasp the broader implications for digital communication and freedom of speech in Turkey.


Read more »
Turkey
Cyber Security Earthquake Google Alerts Natural Calamity Safety Measures Tech Safety Technology Safety Turkey

Google's Earthquake Alert System Failed to Notify Residents of Turkish Earthquake

 

An investigation by BBC Newsnight on July 27, 2023, revealed that Google's earthquake warning system failed to reach many residents in southern Turkey before the devastating double earthquake disaster that occurred in February, claiming tens of thousands of lives.

Google claims that its Android Earthquake Alert System is capable of providing users with up to one minute's notice before an earthquake strikes, utilizing a loud alarm to alert them. The company stated that it had sent tremor alerts to millions of users prior to the first and largest quake that hit in the early hours. 

However, when the BBC conducted interviews with hundreds of people in three cities within the earthquake zone, they were unable to find anyone who had received a warning.

Harold Tobin, the director of the Pacific Northwest Seismic Network, expressed concern, saying that if Google promises or implies the delivery of an earthquake early warning service, the stakes are raised as it directly relates to people's lives and safety. He believes that Google has a responsibility to follow through on such a critical service.

Micah Berman, the product lead on Google's system, defended the earthquake warning system, stating that they are confident it worked and alerts were sent out. However, the BBC reported that the company did not provide evidence that these alerts were widely received.

Although about 80% of mobile phones in Turkey operate on the Android system, the BBC found only a small number of individuals who claimed to have received a Google earthquake alert before the second quake struck during lunchtime.

Google's earthquake alert service is considered a "core" component of its Android service, utilizing the vast network of Android phones to send quake alerts. This is made possible by the accelerometers in smartphones that can detect shaking.

During their investigation, the BBC team visited cities like Adana, Iskenderun, and Osmaniye, located between 70 and 150 kilometers away from the earthquake epicenter. The people they interviewed were adamant that they did not receive any Google warnings on their phones prior to the first earthquake. One woman named Funda, who tragically lost 25 members of her family in the disaster, stated that she was "certain" she did not receive any alert from Google.

Tobin emphasized the importance of Google being transparent about its earthquake alert service, suggesting that if the system had worked during this major earthquake, it could have been highly beneficial. However, the failure of the system during such a significant earthquake raises questions about its effectiveness and why it did not provide the expected benefits during one of the biggest earthquakes in the last century.



Read more »
WizCase
000 incidents 15 Data Breach Privacy Turkey WizCase

15,000 Clients Data Leaked Accidently by a Turkish Firm

 

Accidentally, a law firm has disclosed client data of 15,000 incidents in which individuals have been killed and wounded after a cloud misconfiguration. Through a misconfigured Amazon S3 bucket, the WizCase team unearthed a huge data leak with private details regarding Turkish residents. The server includes 55,000 judicial records concerning more than 15,000 court proceedings, affecting hundreds of thousands of individuals. The firm affirmed that it does not require any permission to browse the 20GB trove that anyone with the URL may have viewed the very confidential information.

WizCase is one of the leading multinational websites offering cybersecurity resources, tricks, and best practices for online safety. Also incorporates VPN ratings and tutorials. The data was traced by WizCase, back to the Turkish actuarial consulting company, Inova Yönetim, which analyses details for risk and premium estimation.

The online security team has revealed a major abuse of the data from an Amazon Bucket misconfigured by INOVA YÖNETIM & AKTÜERYAL DANIŞMANLIK, a Turkish legal attorney. Inova is an actuarial consulting firm that gathers mathematical data and measures the probability and premiums of insurers. Since 2012, Inova has been in operation and has dealt with thousands of cases. 

The researchers have found that, along with insurance and accident data, the personally identifiable information (PII) about the survivor in each of the 15,000 court cases including name, national ID and marital status, and day of birth is also available. Some records have revealed much more specific details about claimants, witnesses, and others, including detailed accident information, car registration numbers, breathalyzer test reports, incident descriptions, and many more. In certain cases, the data has more details about the victims or other persons involved in it. It involved information of parties such as victims, event participants, police officers, lawyers. 

The data appeared to relate to the circumstances between the beginning of 2018 and the end of summer 2020. Many who are vulnerable to the snafu could be at risk from scammers following extremely persuasive phishing emails or telephone calls to get more financial and personal details. 

“With some social engineering, bad actors or criminals could contact an [mobile] operator, masquerading as the victim, and verify all kinds of verification questions operators would ask to clone a SIM card,” WizCase stated. “After having access to victims’ phone calls and SMS messages, bad actors could then try to do the same operation with clients’ insurance and bank.” 

According to WizCase, for situations like this, preserving the internal data is unusually challenging since it is always in the hands of the organization one deals for. One must be sure that they just send the correct details and ask them what security steps they are undertaking to keep their private data private. If one gets a call relating to the crash, please notify their Inova contact and ensure that an application comes from them, and never trust someone asking for personal details over a phone.
Read more »
Subscribe to: Posts (Atom)