Breaking News »

Latest Hacking News

WannaCry Is Back-Hits LG systems

WannaCry seems to be back already as LG reports discovering it on a self-service kiosk in South Korea earlier this month. The consumer electronics giant had to shut down its systems and took parts of its network offline for over two days.

LG Electronics found itself infected by WannaCry three months after the initial global outbreak.

When WannaCry ransomware attack hit the businesses earlier this year, it caused chaos all around the globe as it severely infected hospitals, caused manufacturing shutdowns, headaches for Microsoft, and overtime for cyber security professionals. It managed to infect over 300,000 Windows systems resulting in a number of major organisations -- including the UK's National Health Service (NHS) and car manufacturer Honda -- being forced to take systems offline. The file-encrypting malware that used a leaked NSA exploit, pushed many to suspend their work since attackers had taken control of their devices and data. It could have even affected more businesses if it hadn’t been “accidentally” stopped by Marcus Hutchins (who has been accused of selling Kronos banking malware by the US).

While the hackers behind the malware have been on a notorious spree, there was news that the malware had been contained. Reportedly, the flaw was fixed by Microsoft shortly after the outburst in May and they had also released an emergency patch for Windows XP and other Windows versions that were out of support. 

But the WannaCry woke up again to attack the South Korean electronics manufacturer. The attack was made on the network operated by the company in the domestic market.

“Enable Windows Update, update and then reboot,” Hutchins had asked everyone. But at the time, Hutchins had also warned, that “the attackers will realise how we stopped it, they’ll change the code and then they’ll start again.” Apparently, attackers don’t even need to change the code since there are plenty of machines that still haven’t been updated.

Currently, there is no information on how WannaCry reached LG's computers but the investigation is in the process. While the investigation goes on, it is yet to be determined as to how many computers in LG's network were compromised.

Pakistani Hackers hacked Tiruchirappalli Municipal Corporation's website

Tiruchirappalli Municipal corporation came into Hackers radar as recently the online portal of Tiruchirappalli Municipal Corporation was allegedly hacked by a Pakistani hacker. The hacker posted pro-Kashmiri separatist slogans on the portal.

The motive behind the hack was not yet known to the police but they suspect of stolen data from the website.

The police said that the hacker also posted about views on an attack on women and children on the website.

Though the website is resumed now after a technical team has fixed the portal, an investigation has started regarding the whole attack.

Though the police do not have a clear indication of a hacker, they suspect it to be a "lone injector". The municipal corporation has lodged a complaint against the attack with cyber crime police.

The hacker went on to post on the website .."Do you know why you got hacked?" with a caption, "Free Kashmir... Freedom is our goal".

Taxi sharing apps on risk with this trojan

A modified version of notorious mobile banking Trojan "Faketoken" has resurfaced which is able to steal credentials from popular taxi applications and ride-sharing apps, Moscow-based cybersecurity firm Kaspersky Lab said on Friday.

A year-old piece of Android malware poses a huge threat to anyone who stores bank card information for in-app purchases.

According to Kaspersky Lab, in the past year or so since its discovery, Faketoken has worked its way up from primitive bankbot capabilities like intercepting mTAN codes, to being able to encrypt files and eavesdrop on communications. While the modifications continue, its focus is spreading too, from low-level nuisance to serious security threat, to the point where it can overlay about apps to capture user credentials.

"The new version of 'Faketoken' performs live tracking of apps and, when the user runs a specified app, overlays this with its phishing window to steal the bank card details of the victim," Kaspersky Lab said in a statement.

 The malware, which likely sneaks onto smartphones through bulk SMS messages with a prompt to download some pictures, begins by monitoring all of the calls and apps the user launches. Upon receiving a call from (or making a call to) a certain phone number, the malware begins to record the conversation and sends it back to command and control. By the same token, when a user launches a targeted application, Faketoken substitutes its UI with a fake (but identical) one, prompting the victim to enter his or her bank card data.

 The trojan virus has an identical interface, with the same colour schemes and logos, which creates an instant and completely invisible overlay. The malware puts screen overlays on an estimated 2,000 apps, including taxi booking, hotels and flights, to fake payment information windows. Kaspersky hasn't named the affected apps yet.

 "The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ridesharing services, means that the developers of these services may want to start paying more attention to the protection of their users," said Viktor Chebyshev, a security expert at Kaspersky Lab.

Kaspersky labs report that Faketoken has been mainly spotted in Russia but also notes that its evolution has kept pace with its spread around the globe.

Shipping is the new target zone for hackers

Attacks on naval companies have been accentuated, ushering in a new meaning for the term 'virtual pirates'. 

'Pirate' is a term that has long applied to criminals or people acting on the margins of the law, especially those who live in the sea of cargo theft. Hence the name 'Virtual Pirates' - a name commonly used to designate Blackhat Hackers, people with excellent skills in the area of systems security, but who use this knowledge for illegal activities.

If the word pirate refers to criminals acting on the high seas, it can no longer be said that virtual pirates are just criminals in the network. There are already cases of real pirate groups that also use the nets to attack ships.

When CyberKeel, a cyber-security firm specialising in shipping, controlled one of the medium-sized shipping firm’s emails, they made a shocking discovery, the BBC said.

"Someone had hacked into the systems of the company and planted a small virus," explains co-founder Lars Jensen. "They would then monitor all emails to and from people in the finance department."

As Jensen soon discovered, e-mail reading was by no means the only thing the virus did. Every time a fuel supplier sends an invoice to the company, the virus changed the bank account number listed on the invoice. "The client pitched millions of hacker bank accounts before we discovered it," added Jensen.

Breaking into a shipping firm's computer systems could allow attackers to access all kinds of sensitive information.

This is just one example of what CyberKeel has to deal with. In June, Maersk, one of the world's largest shipping hotspots (and many others) were hit by the notorious NotPetya ransomware, which cost the company some $ 300 million unprofitable revenues.

Jensen founded her company a little more than three years ago and, according to her, nobody really wanted to take them seriously. "Do not waste time, shipping is pretty safe, they told me at the beginning," said Jensen. Now the mentality has changed, the times have changed.

There have been cases of criminals who have identified the route and location of specific products of their interest, invaded the ship and took only the targeted product. One such case was investigated by Verizon and occurred in 2016. This is yet another sign of the spread of security issues for various areas hitherto considered free from virtual attacks.