West African Financial Institutions Attacked by Hackers via Living off the Land Tactics



Employing ‘living off the land’ tactics and generic malware, an unidentified hacker group is reported to have attacked financial institutions of West Africa.  ‘Living off the land’ tactics make use of legitimate network administration tools or operating system features to gain unauthorized access to the targets’ networks.
The hackers attacked the organizations based in Equatorial Guinea, Cameroon, Ivory Coast, Congo (DR) and Ghana. Notably, the attack was from 2017 and the latest one is reported to be in December 2018.
A total of four different attack campaigns which compromised the network of various West African financial institutions have been observed by the security researchers at Symantec.
Four Variants of Attack
In the first attack campaign, hackers made use of infected word documents which belonged to West African bank. The victims were attacked via Nanocore malware which was executed through the Microsoft Sysinternals tool PsExec on victims’ devices.
The second attack campaign made use of a hacking tool known as Mimikatz, a malware called Cobalt Strike and a remote administration tool named UltraVNC.
Referencing from the report by Symantec, the hackers employed PowerShell scripts to corrupt networks by the attacks which they probably executed in late 2017, they used Mimikatz for credential surfing and for remote administration they resorted to UltraVNC. Besides, Cobalt Strike was employed for backdooring and to secure a connection with the C&C server in order to download additional playloads.
The third variant of attack involved usage of Remote Manipulator System R AT, hacking tool – Mimikatz and RDP (Remote Desktop Protocol). This variant of attack targeted organizations based in Ivory Coast, hackers stole the credentials through Remote Manipulator System RAT and Mimikatz tool which allowed them to establish a remote desktop connection.
The fourth variant of the attack employed stealer Imminent Monitor RAT, it dealt with stealing information from compromised computers and downloading additional malware. It is reported to have originated in the month of December, last year.



Customer data of lending firm breached

New age data-driven technology companies are always prone to attack on their data storage facilities, more so if they are in the fintech domain.

Last week, an early-stage lending startup Rupee-Redee discovered vulnerabilities in its data stack stored on the Amazon cloud. A data security enthusiast who goes by the name of Gareth on Twitter pointed out that RupeeRedee was ‘leaking’ customer details because of some vulnerability on its cloud storage facilities. What could be accessed was customer scanned copies of Aadhaar or Pan cards which are usually submitted by applicants during KYC.

On being pointed out by ET, after some redacted files were put out in the public domain, the company swiftly got the leak sealed with help of professionals by late Friday.

“A potential isolated vulnerability in one of our data storage block (Amazon) was brought to our attention by a data surveillance enthusiast. Thankfully the vulnerability was recognized and fixed within a few hours thereby preventing any compromise of our systems or customer data. It is noteworthy that we have been audited by Certified Information Systems Auditor (CISA) in the recent past and continue to be committed to maintaining highest standards in data security and privacy,” said Jitin Bhasin, director, RupeeRedee in an official comment to ET.

RupeeRedee, is a subsidiary of Digital Finance International, which serves millions of customers across 16 countries. It is a digital platform, headquartered in Haryana, India. It enhances its services through technology to provide short-term lending, aiming to do so easily and efficiently.

Hackers carried out a massive cyberattack on Russian Banks

The international company Group-IB recorded the first major cyberattack since the beginning of the year. The hacker group Silence made about 80 thousand malicious mailings to employees of Russian Banks, credit and financial institutions and payment systems.

Rustam Mirkasymov, Expert on cyber intelligence in Group-IB, believes that at the moment Silence is one of the most dangerous Russian-speaking groups, actually standing on a par with Cobalt and MoneyTaker.

On January 16, hackers started sending phishing emails on behalf of "Forum iFin-2019" with an attached ZIP archive, inside of which there is an invitation to the banking forum, as well as a malicious attachment Silence.Downloader aka TrueBot.

In Group-IB emphasize that this malware is used only by hackers Silence.

Hackers used a real announcement at the XIX International Forum "Electronic Financial Services and Technologies", which will be held in Moscow on 19 and 20 February. An interesting fact is that the organizers announced the financial forum by e-mail a few hours before the hacker.

Recall that in November last year, the hacker group Silance conducted a massive cyber attack on Russian banks from the fake address of the Central Bank of Russia. At the same time, at the plenary session of the XI St. Petersburg International Innovation Forum it was stated that every eight seconds in Russia there is one cyber attack on the servers of companies and Banks. The average damage from one hacker attack is 30 million rubles. The majority of hacks and attacks occur during the night time when security systems are most vulnerable.
 

Tesla announce big bounty contest of $900,000 for hackers




Tesla cars have opened up its software and devices for a high-profile hacking contest that is being organized by Pwn2Own in Vancouver. The winner will get a Tesla Model 3, and there are other prizes of more than $900,000 worth.

The biggest prize of $250,000 will be awarded to one who will hack an execute code on the car's gateway, autopilot, or Vehicle Controller Secondary (VCSEC). Gateway inside a car is responsible for the powertrain, chassis, and other components, while the autopilot is a driver assistant feature that is to help a driver in control lane changing, parking, and other driving functions, and VCSEC is for security functions.

“Tesla essentially pioneered the concept of the connected car with their Model 3 sedan, and in partnership with Tesla, we hope to encourage even more security research into connected vehicles as the category continues to expand,” the Zero Day Initiative said in its blog on the contest.

The hacking attack would be carried on a Model S mid-range rear wheel drive vehicle, and the target areas are:
·       Modem or tuner for $100,000
·       Wi-Fi or Bluethooth for $60,000
·       Three infotainment system targets for a total of $205,000
·       Gateway, autopilot or VCSEC for $250,000
·       Autopilot DoS for $50,000
·       Key FOB or phone-as-key for $100,000

A security researcher at Trend Micro said that "Since 2007, Pwn2Own has become an industry-leading contest that encourages new areas of vulnerability research on today's most critical platforms."

"Over the years we have added new targets and categories to direct research efforts toward areas of growing concern for businesses and consumers."

 Tesla is the only car manufacturer who has openly participating in a hacking contest.


iPhone users get nude photos while travelling on public transport

Increasingly people are being sent nude photos from strangers without their consent. It’s called cyber-flashing.

Graphic images are sent to people's phones via features like Bluetooth, and AirDrop on iPhones.

Police in London says it’s a growing problem.

Anyone in a public space even kids could have a photo like that pop up on their phone if they have features like AirDrop switched on. People around the world have reported it happening on them on public transports like planes and trains.

When people receive these graphic images and don’t know who they’re from or what their motives are only that they’re nearby it can cause serious distress.

Some people are saying that Apple needs to remove its photo preview feature.

Apple, however, told BBC that users who are facing issues can just change their privacy settings.

Meanwhile, campaigners want a new law to tackle cyber-flashing. But for now, as according to Apple, if you face issues, you have to just change your privacy settings so that you cannot get the photos you don’t want to see.

Police have also asked people to report this form of harassment.