Toyota Develops a Car Hacking Tool 'PASTA'

A security researcher at an automobile maker Toyota has developed an open source tool dubbed as PASTA (Portable Automotive Security Testbed) for testing the cyber vulnerabilities in modern vehicles.

The researcher Takuya Yoshida, who is a member of Toyota's InfoTechnology Center, demonstrated the  PASTA testing platform at the BLACKHAT EUROPE 2018, along with this other team members.

The company has revealed that they plan to share PASTA’s specifications on Github, and initially, Toyota intends to sell the system in Japan only.

"There was a delay in the development of cybersecurity in the automobile industry; [it's] late," Toyama said in a pdf shared by a Blackhat Europe.

The PASTA is a 8kg portable briefcase size. It exposes flaws in the automated, internet-connected automobiles.

According to the researcher, the tool simulates a remote operation of wheels, brakes, windows, and other car features rather than "the real thing," for safety reasons.

"It's small and portable so users can study, research, and hack with it anywhere," Toyama further added.

Here are the complete White paper and Presentation for Car Hacking Tool project.
Download Presentation Slides
Download White Paper

Hackers collect the data of Russians for the introduction of new sanctions

There are hacker groups in Russia that are looking for potential candidates among Russians for inclusion in the sanctions lists for Europeans and Americans. This was announced at the AntiFraud event by the Head of the Group-IB company Ilya Sachkov.

Sachkov said that cyber criminals collected information about Bank accounts and payments. Attackers take root into a critical infrastructure in various sectors of the economy and in Banks. According to Sachkov, the company may be unnoticed under the supervision of cybercriminals for a long time.

"They primarily study their accounts, as well as the volume and direction of transactions," noted Sachkov.

An anonymous cybersecurity source said that he knew about two or three cases where certain people fell under the sanctions due to the activity of hackers. Group-IB did not give information on specific cases of hacker attacks in Russia for the purpose of imposing sanctions.

An interesting fact is that there are several Pro-government hacker groups in the world. They collect information about individuals and structures that can be used to replenish the sanctions lists of different countries, not just the US and the EU. These groups work not only in Russia. According to Group-IB, the top 3 countries of origin of the most active Pro-government hacker groups include China, North Korea and Iran.

Sextortion Scams At a Rise Yet Again; Now Leading To Ransomware

In the recent times the sextortion email scams have been at a high rise as they have proved time and time again to being quite a significant and effective method for producing easy money for the hoodlums. A sextortion scam is basically when an individual receives an email stating that they have been spied upon while they were browsing adult websites.

The sextortion campaign which traps recipients into installing the Azorult data stealing Trojan, then further downloading and installing the GandCrab ransomware is in the highlight now.

The first infection, Azorult, will be utilized to steal data from the user's PC, for example, account logins, cookies, documents, chat history, and that's just the beginning. At that point it installs the GandCrab Ransomware, which will encrypt the computer's information.

There have been numerous cases of such scams being accounted for generally where the emails may likewise contain passwords of the users that were leaked amid information breaches so as to make the scams look progressively genuine.

Experts at ProofPoint detected another campaign that as opposed to containing a bitcoin addresses to send a blackmail payment to prompts the user to download a video they made of them indulging in certain "exercises". The downloaded compress document, however, contains an executable that will further install the malware onto the computer.

"However, this week Proofpoint researchers observed a sextortion campaign that also included URLs linking to AZORult stealer that ultimately led to infection with GandCrab ransomware," stated ProofPoint's research.

The downloaded documents will be named like and the full text of the sextortion trick email is below:

This new strategy is turned out to be significantly hazardous, as when the recipients are already terrified with the need to affirm if a video exists. They download the document, endeavor to open the compressed file, and thusly find themselves infected with two distinct sorts of malware.

Consequently, it is recommended for the user's to not believe anything they receive via email from a strange address and rather do a few inquiries on the Web to check whether others have experienced emails this way or not.

Russian Financial Institutions And Enterprises Targeted By Massive Malware Attached Emails

According to information security experts, one such successful “operation” can bring to cyber criminals more than a million rubles (about 15,000 $).

More than 700 messages with the Trojan came to major Russian credit organizations. The senders allegedly were State institutions, one of them is Ministry of Labor. Emails with the virus masked under official documents like "Payment: August-September", "Copies of documents" and so on. Employees of organizations, seeing nothing dangerous in these letters, opened them, but instead of documents received a virus infection of the computer.

According to Group IB specialists, who published a report on the attacks, the damage from the actions of fraudsters can reach 15 000 $.

The mechanism of action is quite simple: the virus created a fake payment order from the Bank on the infected computer and sent it to a legal entity. And then the organization simply transfers the money, but not to the bank, but to scammers who remotely control the infected computer.

The hacker group RTM became active in September this year. In total, according to the company Group IB, during this time the attackers sent more than 11 thousand emails.

UPI apps hijacked, victims lost ₹12 lakh

In Kerala, the bank accounts of at least three customers were wiped clean wherein the sum that was lost totaled around ₹12 lakh.

All the three victims used a United Payments Interface (UPI) smartphone application for "account to account" electronic cash transfer and this element of commonality account for the roots of the fraud.

Referenced from the statements ISP, chief, Kerala Police Cyberdome, Manoj Abraham gave to The Hindu; the fraud was “ingenious”. The fraudsters have attacked the accounts in an elaborate and technically advanced manner.

What transpired?

The hijackers, in order to execute the fraud, downloaded the UPI application on their smartphones and then configured the phishing messages to appear to be coming from the bank.

Once the application was successfully installed, the con men advanced towards the activation of the UPI app on their mobile via the account details and phone numbers of the victims. 

Then the “hijacked app” was exploited to smoothly extract the money out of the accounts of the victims who were oblivious to the attack.  

However, the pattern they resorted to while deciding their potential targets remains to be in question.
The hijackers manipulated their targets just enough to acquire their bank IDs, OTPs, card numbers, and passwords.

According to the police, the con men moved the money from the owners’ accounts to some of their own accounts based in rural Jharkhand.

The mobile numbers that were used to carry out the fraud had been traced by The Cyberdome.
“We have their numbers, not their real-world identity. Officers in Jharkhand are on their scent,” an investigator commented.

Investigators noted that some payment applications which smoothens the process of account to account transfer didn’t always alert customers of the digital transactions.

Preventive measures

Reserve Bank of India (RBI) has been approached via a written complaint by the police and UPI services are urged to strengthen the security, they were requested to use more anti-fraud protections like two-way passcode authentication.