Shipping is the new target zone for hackers

Attacks on naval companies have been accentuated, ushering in a new meaning for the term 'virtual pirates'. 

'Pirate' is a term that has long applied to criminals or people acting on the margins of the law, especially those who live in the sea of cargo theft. Hence the name 'Virtual Pirates' - a name commonly used to designate Blackhat Hackers, people with excellent skills in the area of systems security, but who use this knowledge for illegal activities.

If the word pirate refers to criminals acting on the high seas, it can no longer be said that virtual pirates are just criminals in the network. There are already cases of real pirate groups that also use the nets to attack ships.

When CyberKeel, a cyber-security firm specialising in shipping, controlled one of the medium-sized shipping firm’s emails, they made a shocking discovery, the BBC said.

"Someone had hacked into the systems of the company and planted a small virus," explains co-founder Lars Jensen. "They would then monitor all emails to and from people in the finance department."

As Jensen soon discovered, e-mail reading was by no means the only thing the virus did. Every time a fuel supplier sends an invoice to the company, the virus changed the bank account number listed on the invoice. "The client pitched millions of hacker bank accounts before we discovered it," added Jensen.

Breaking into a shipping firm's computer systems could allow attackers to access all kinds of sensitive information.

This is just one example of what CyberKeel has to deal with. In June, Maersk, one of the world's largest shipping hotspots (and many others) were hit by the notorious NotPetya ransomware, which cost the company some $ 300 million unprofitable revenues.

Jensen founded her company a little more than three years ago and, according to her, nobody really wanted to take them seriously. "Do not waste time, shipping is pretty safe, they told me at the beginning," said Jensen. Now the mentality has changed, the times have changed.

There have been cases of criminals who have identified the route and location of specific products of their interest, invaded the ship and took only the targeted product. One such case was investigated by Verizon and occurred in 2016. This is yet another sign of the spread of security issues for various areas hitherto considered free from virtual attacks.

eScan Points Out Security Flaws in Xiaomi's MIUI Software

(pc-Google Images)
Xiaomi is facing allegations of threatening the safety of its users, with security firm eScan outlining MIUI’s flaws in a 36-page report.

eScan’s report concentrates on Xiaomi’s uninstall feature and Mi Mover app. While the uninstall process poses a threat to third-party security and Android for Work apps, the second involves Mi Mover, the company’s migration assistant tool which helps move data from an old handset to a new Xiaomi one.

eScan claims the Mi Mover app overrides the Android sandbox, which means that a person would already be signed in to an app on their new smartphone. The firm goes on to state that any phone can be cloned using Mi Mover without having to root the handset.

Xiaomi has responded strongly to the accusations, denying the existence of any loopholes in its system. Xiaomi has pointed out that attackers can only pose a threat if they somehow gain access to an unlocked smartphone. If a person simply uses a PIN, pattern unlock, or fingerprint authentication no one will be able to do anything with the handset in the first place. Furthermore, Mi Mover requires a password at the start.

Hackers threaten HBO to leak Game Of Thrones season 7 finale

It seems that HBO’s miseries are not going to resolve any soon. Hackers have now reportedly threatened them that they will release the Game Of Thrones season seven finale.

This week only, hackers have already released passwords for a number of HBO social media accounts, including the official HBO, Game Of Thrones and Westworld accounts on Twitter.

It is speculated that those who were responsible for 1.5 terabytes of data stolen including Game Of Thrones scripts and personal employee data, and now they have
have threatened to release the season seven finale ahead of its air date.

They warned: ‘Be ready for GOT S& E6 &E7 as soon as possible.’

In exchange for the information not to be leaked, the hackers are demanding around $6.5 million in Bitcoin from HBO.

While HBO has refused to give any comment.

Ukranian central bank warns financial institutions to brace against new cyber attack

Ukraine’s central bank on Friday issued a warning to state-owned and private lenders of the appearance of a new malware as security services said Ukraine faced cyberattacks like those that knocked out over 200,000 entities in 100 countries in June.

Ukraine was hardest hit by the attack, dubbed NotPetya that took place on June 27. It took down many government agencies and businesses through accounting software M.E.Doc, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe.

Kiev's central bank has since been working with the government-backed Computer Emergency Response Team (CERT) and police to boost the defences of the Ukrainian banking sector by quickly sharing information.

The regulator warned that the vulnerabilities exploited by the hackers are the same for companies as they are for individuals. It also advised banking sector to follow protection guidelines recently issued by CERT and emphasized that organisations should not meet any stated demands or pay a ransom.

"Therefore on Aug. 11..., the central bank promptly informed banks about the appearance of new malicious code, its features, compromise indicators and the need to implement precautionary measures to prevent infection," the central bank told Reuters in emailed comments.

Reuters reported the central bank warned the new malware is spread by opening email attachments containing Word documents.

Based on an analysis of the malware, and the timing of its distribution, the attack is preparation for a mass cyberattack on the corporate networks of Ukrainian businesses.

"The nature of this malicious code, its mass distribution, and the fact that at the time of its distribution it was not detected by any anti-virus software, suggest that this attack is preparation for a mass cyber-attack on the corporate networks of Ukrainian businesses," the letter said.

The state’s Security and Defence Council has warned Ukraine may be targeted on 24 August with a NotPetya-style attack, aimed at destabilising the country as it celebrates its 1991 independence from the Soviet Union.

New android malware puts users data at risk with taxi apps

A modified version of notorious mobile banking Trojan "Faketoken" has resurfaced which is able to steal credentials from popular taxi applications and ride-sharing apps, Moscow-based cyber security firm Kaspersky Lab said on Friday.

A year-old piece of Android malware poses a huge threat to anyone who stores bank card information for in-app purchases.

According to Kaspersky Lab, in the past year or so since its discovery, Faketoken has worked its way up from primitive bankbot capabilities like intercepting mTAN codes, to being able to encrypt files and eavesdrop on communications. While the modifications continue, its focus is spreading too, from low-level nuisance to serious security threat, to the point where it can overlay about apps to capture user credentials. 

"The new version of 'Faketoken' performs live tracking of apps and, when the user runs a specified app, overlays this with its phishing window to steal the bank card details of the victim," Kaspersky Lab said in a statement.

The malware, which likely sneaks onto smartphones through bulk SMS messages with a prompt to download some pictures, begins by monitoring all of the calls and apps the user launches. Upon receiving a call from (or making a call to) a certain phone number, the malware begins to record the conversation and sends it back to command and control. By the same token, when a user launches a targeted application, Faketoken substitutes its UI with a fake (but identical) one, prompting the victim to enter his or her bank card data.

The trojan virus has an identical interface, with the same colour schemes and logos, which creates an instant and completely invisible overlay. The malware puts screen overlays on an estimated 2,000 apps, including taxi booking, hotels and flights, to fake payment information windows. Kaspersky hasn't named the affected apps yet.

"The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ride-sharing services, means that the developers of these services may want to start paying more attention to the protection of their users," said Viktor Chebyshev, security expert at Kaspersky Lab. 

Kaspersky labs reports that Faketoken has been mainly spotted in Russia but also notes that its evolution has kept pace with its spread around the globe.

Ukrainian National Bank warns of possible cyber-attack at Independence Day

The Ukrainian National Bank said that the country's banking system would be in danger of cyber attack on the eve of Independence Day.

According to the Bank, the virus is distributed through emails as a Microsoft word document.  It is reported that antivirus will not be able to detect it and the malware takes complete control of the infected computers.

Representatives of Ukrainian cyber police noted that usually hackers attack on the eve of important events. So, the Ukrainian authorities reported that a cyber attack will occur on August 24.

It should be noted that, even back in June, the NotPetya malware attack also began on June 27th, the day before Constitution Day in Ukraine.

- Christina

Apple secure Enclave in threat, hacker claims to decrypt mobile security

iOS users are advised to be alert as a hacker who claims to hack Apple's secure enclave(SEP ) firmware has revealed decryption key generation protocol for the Apple secure enclave, which was supposed to be very secure and was responsible for all the touch ID transactions in iOS devices.

A hacker who goes by the handle xerub and claims to hack Apple's secure enclave just released full decryption key.

If this comes out to be a valid hack, then it's a major security threat for iOS devices which uses SEP.

In all of the latest iOS devices, SEP is responsible for providing security to the device, it's completely isolated from the other parts of the device , it has its own Operating system.SEP handles all touch ID transactions in the device, only SEP has the protocol to generate unique ID (UID) for the device which is completely indifferent to other processes in the device.

Now since its firmware code is claimed to be hacked, it's a major security blow to iOS users.

Since the release of iPhone 5S, every iOS device comes with SEP, which is responsible for Touch Id transactions, there is a small co-processor embedded in the processor, that runs completely on its own with its own separate OS, no process is entangled with SEP. SEP generates unique ID(UID) every time system reboots.

Protection of UID is the sole purpose of SEP, with the claims of hacking SEP, all the Touch ID actions, passwords, verifications and security features are vulnerable.

Xerub said "The fact that [the SEP] was hidden behind a key worries me " he added "Is apple not confident enough to push SEP decrypted as they did with kernels past iOS 10 " He added that while SEP is amazing tech the fact is it's a "black box","Obscurity helps security- I am not denying that", he said.

"I think public scrutiny will add to the security of SEP, in the long run, Apple's job is to make [SEP]" as secure as possible, It's a continuous process.There is actually no point at which you can say right now it's 100% secure "Xerub said.

He further added"Decrypting the firmware itself does not equate to decrypting user data", as there are several layers needed to be decrypted, as result, it's not going to have massive impact on the users.

According to the Apple's spokesperson, eho chose to remain unidentified, stated that the release of SEP key doesn't directly compromise data ."There are a lot of layers of security involved in the SEP, and access to firmware in no way provides access to data protection class information"

The Apple source further added that "it's not an easy leap to say it would make getting at customer data possible".

There are no plans to roll out a fix this time from Apple.

HBO's social media accounts hacked

A notorious hacking group has compromised the social media account of the Time Warner-owned cable network, HBO, on Wednesday night.

The hacking group is called OurMine, and they took whole control of the main HBO’s Facebook and Twitter accounts, as well as their network's shows including Game of Thrones.

Message posted on both the social media website read, “Hi, OurَMiَne are here, we are just testing your security, HBO team please contact us to upgrade the security – ourmine .org -> Contact.

While some of the social media posts were removed quickly.

However, HBO did not respond to the BBC's request for comment.

OurMine has a reputation for hacking high-profile Twitter accounts of a wide range of media accounts in past including Netflix, Marvel and Google.

It seems that they didn’t do any harm to the company, they were just demonstrating the group’s ability to take over the account.

WannaCry attacks publishing firm in Delhi

A publishing firm in India’s national capital, New Delhi has fallen victim to the WannaCry ransomware, that crippled 48,000 computer systems in India and hundreds of thousands of computers across 150 countries back in May. The ransomware attack in May was listed as one of the world's largest cyber attacks in history and India was the third-most affected nation.

The WannaCry malware attack exploits potential vulnerabilities of computer systems as hackers encrypt all files and demand ransom in exchange for unlocking them. Last year, a ransomware attack was used to target the Mumbai police system, and several files were encrypted by hackers.

After the WannaCry ransomware cyber attack spread like wildfire and paralysed computer systems, isolated incidents were reported from Andhra Pradesh, Gujarat, Kerala and West Bengal. This is the first case of the WannaCry ransomware attack in Delhi.

Rachna Sagar Private Limited in Daryaganj which publishes books for students of CBSE and ICSE boards, registered a complaint at Daryaganj police station on August 9 after it found that the employees are unable to log in to their accounts in any of the 200 computers in the office, and are only able to use the “demo” account.

When the IT staff at the firm tried to diagnose the problem, they found that they had been at the receiving end of a ransomware attack.

According to a report in The Indian Express, the hackers had posted a message demanding a ransom between USD 800 to USD 1,000 in bitcoins.

Reportedly, the publishing firm uses an accounting software ‘Busy’ where employees are required to log in for accounting purposes.

The police are investigating the matter. However, data is yet to be recovered from the affected systems. 

Sources claim that the hackers have locked the firm out of its own data from April. Employees now fear using net banking facilities which they speculate has been compromised by the hackers.

Unknown attackers hacked website of the State Of Ukraine

The website of the Ukrainian State Fund to support farmers was hacked. On the website hackers placed news about the campaign "Immortal regiment" ("IR"), for example, "Campaign broke a record in this year in Moscow", "IR has united tte world, "In Ukraine will host IR".

Also, they proclaimed "Imarat Donbass" and putted an advertisement banner of online-shop "Souvenirs of Donetsk region".

On the main page hackers posted a collage, on which the President of Ukraine Petro Poroshenko is on his knees next to the man in black.

Under the heading "Useful information" it listed: "In connection with yesterday's clashes near Donetsk, the government of the Donetsk people's Jamahiriya has decided to proclaim Emirat Donbass".

- Christina