Breaking News »

Latest Hacking News

New vulnerability found like WannaCry

A new flaw is found in widely used networking software which has left tens of thousands of computers potentially vulnerable to an attack that is similar to WannaCry, which infected more than 300,000 computers worldwide.

Announcing the vulnerability on Wednesday (May 24), the US Department of Homeland Security urged users and administrators to apply a patch.

Rebekah Brown of Rapid7, a cyber-security company, told Reuters that there are more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers which cannot be patched. However, there were no signs yet of attackers exploiting the vulnerability in the 12 hours since its discovery was announced but it took only 15 minutes for the researchers to develop malware.

The vulnerability could potentially be used to create a worm like the one which allowed WannaCry to spread so quickly. Cyber-security researchers have said they believe North Korean hackers were behind the WannaCry malware.

Ransomware increases by eight-fold in 2016

Ransomware saw a more than eight-fold (752 per cent) increase as a mode of attack in 2016, according to Trend Micro. Small businesses faced more ransomware attacks in the third quarter of 2016.

The infosec firm estimates file-scrambling malware families such as Locky and Goldeneye raked in $1 billion in 2016.

Kaspersky Security Network has also reported that there were 27,471 attempts to block access to corporate data detected and repelled by Kaspersky Small Office Security in Q3 2016, compared to 3,224 similar attacks during the same period of 2015.

In Kaspersky Lab’s Corporate IT Security Risks 2016 study more than half of respondents from small businesses (55%) reported that it had taken them several days to restore access to encrypted data after an attack.

This danger has been maintained by recent WannaCrypt attacks and the latest threat Eternal Rocks, which has no kill switch and continues to grow.

Ransomware blocks all operations or encrypts critical business data until a ransom is paid. A successful ransomware attack usually leads to significant financial loss or even the shutdown of critical business processes, something which can have a significant impact on a small company.

Crooks behind ransomware attacks in general are targeting organisations rather than individual consumers blocking important business files like database in order to inflict maximum damage and extract more amount.

Ransomware-as-a-service (RaaS) has grown in the past few years. RaaS means that unskilled crooks can hire code and rent the command and control infrastructure they need to run ransomware attacks.

In order to minimize risks, businesses need to take preventative measures to address ransomware threats. Minimal security requirements should include educating personnel on how to resist social engineering and phishing attempts, how to update software on their devices and how to implement high-end information security solutions suitable for a small company’s needs. Trend Micro advises that individuals and organizations should maintain regular back-ups of key data: three copies, two formats, and one air-gapped from the network.

Your weekly dose of tech developments

Robotic police officers on guard in Dubai:

Dubai deployed its first robot police officers on Sunday (May 21) which started its shift by greeting guests and patrolling the halls at the three-day Gulf Information Security Expo and Conference (GISEC).

The police department planned to have the machine on the streets in popular Dubai areas after the expo ended on Tuesday evening (May 23). For now, the robots will patrol the city’s malls and tourist attractions, taking reports of crime and allowing humans to pay fines and get information via a touchscreen on the device’s chest, in either Arabic or English. The police department are plan to add other languages including Russian, Chinese, French and Spanish and is also working on adding voice control to the robots.

“With an aim to assist and help people in the malls or on the streets, the Robocop is the latest smart addition to the force and has been designed to help us fight crime, keep the city safe and improve happiness levels,” said Brigadier-General Khalid Nasser Al Razzouqi, Director-General of Smart Services with the Dubai Police. “He can chat and interact, respond to public queries, shake hands and offer a military salute,” he added.

Dubai is aiming to have the specialised REEM device from PAL Robotics make up to 25% of its police force by 2030.

S8 iris recognition cracked:

Samsung’s latest flagship device, the Galaxy S8, has had its iris recognition cracked by a security researcher. The Chaos Computer Club, a Berlin-based hacking collective, has posted a video showing how they fooled the device with the help of just a point-and-shoot camera, laser printer and contact lens. Though the good news for Samsung is that, while it’s not difficult, it does involve some effort. 

The video shows how a photograph taken from a distance of about five meters using infrared mode of the owner and then printed out on to paper, with a regular disposable contact lens placed on top of the photo of the eye to replicate the curve of an eyeball, can unlock the device. When the print was held up to the smartphone, the S8 unlocked.

"By far most expensive part of the iris biometric hack was the purchase of the Galaxy S8," the group wrote on its website.

S8’s biometrics had been cracked earlier this year also by a Spanish man who posted a video on Periscope of himself appearing to unlock his device with a photo.

ENISA critical of EU's IoT security:

ENISA, the EU’s network and security agency, is not impressed at the state of IoT security. The agency yesterday launched a paper that called for setting a policy framework for ensuring minimal security requirements of testing and certification for connected devices.

In a position paper published Monday, the group says there is “no level zero defined for the security and privacy of connected and smart devices,” no legal guidelines for IoT device and service trust, and no “precautionary requirements in place.”

Russian hackers rob a million from bank customers

A Russian cyber hacking group, “Cron” has used malicious apps and software to infect around 1 million android smartphones and steal 50 million roubles (around £677,000 or $892,000) from domestic bank customers. According to Group-IB, the cyber security firm investigating the attack with the Russian Interior Ministry, the group infected smartphones at a rate of 3,500 devices a day.

The group of 20 hackers had purchased a more powerful piece of malware and it was planning to expand the attack to European financial leaders before being arrested. The core members of the group were arrested on November 22 last year. The group began targeting French firms Credit Agricole, BNP Paribas and Societe General but no funds were stolen from customers.

The cron group, named after the malware they used-disguised the malware as fake banking applications, ecommerce and pornography web clients. When Android users in Russia searched online, the search engine results would suggest the fake apps and users would be tricked into downloading the phony version. After having control over the infected smartphone, hackers were able to send SMS messages to the mobile users’ banks instructing the transfer of money- up to $120 to one of the 6,000 fraudulent accounts. They intercepted the transaction confirmation codes, preventing the victims from receiving messages notifying them about the transaction. The attack was able to bypass two-factor authentication features that would require a user to enter a secondary code—often sent via text message—to confirm their identity.

“Cron’s success was due to two main factors,” Dmitry Volkov, head of investigations at Group-IB, said in a statement. “First, the large-scale use of partner programs to distribute the malware in different ways. Second, the automation of many (mobile) functions which allowed them to carry out the thefts without direct involvement.”

They targeted customers of Sberbank, Alfa Bank, and online payments company Qiwi, exploiting SMS text message transfer services.

“Group-IB first learnt about Cron in March 2015: Group-IB’s Intelligence system tracked the activity of a new criminal group that was distributing malicious programs named ‘viber.apk’, ‘Google-Play.apk’, ‘Google_Play.apk’ for Android OS on underground forums,” explained the cyber security company.

The situation came to light when sources close to the investigation tipped off Reuters.

The Russian hackers rented a “Tiny.z,” a piece of malware designed to attack checking accounts systems, for $2,000 a month in June 2016, and adapted it to target European banks in Britain, Germany, France, the United States, and Turkey, among other countries.

Luckily for the people with infects smartphones and unfortunately for the hackers, only small sums can be transferred via SMS instructions, so despite the volume of devices affected, the amount of money the hackers stole was not astronomical.

A total of 16 people have been arrested thus far in relation to the case, including a 30-year old man who is believed to be the leader of the group operating across six different regions of Russia.

The exploit highlighted the dangers of SMS messages in mobile banking. SMS banking services are used in Russia to help people living in isolated areas, where access to banks is not easy. But security always has to outweigh consumer convenience.