Search This Blog

Showing posts with label Cyber Attacks. Show all posts

Hackers use Bill Gates themed video to sell off Ponzi Crypto Scheme


Recently, tens of YouTube accounts were hacked to broadcast a Ponzi cryptocurrency scheme by renaming the hacked YouTube accounts as Microsoft accounts bearing the message from the company's former CEO Bill Gates to invest in crypto.


This is not the only attack of it's kind, various other attacks like this have become frequent on YouTube where the hacker hijacks a popular account and broadcast a message from the account- a "crypto giveaway", where the user is offered that if they give some cryptocurrency they'll get it back doubled. And of course, this is a scam and the victim does not get any returns.

These frauds first made their appearance on Twitter but moved on to YouTube as Twitter started weeding these posers out.

These hackers very efficiently gave their scheme an air of legitimacy by live streaming (on 30+ accounts) one of Bill Gates talk given to an audience at Village Global in June 2019 and adding a pop of messages of the Ponzi Scheme. This Ponzi scheme was live streaming on these accounts on YouTube- Microsoft US, Microsoft Europe, Microsoft News, and others.

Though both YouTube and Microsoft denied that any official accounts were hacked some users did report that they found the stream on Microsoft's nonverified accounts.

Most of the scam videos were streaming from hacked accounts with high subscriber numbers, that were renamed as Microsoft US, Microsoft Europe and such to seem more official. The viewed number of the videos was in tens and thousands, also the Bitcoin address in the scheme received thousands of US dollars thus successfully scamming some users.

 Various other organizations have been used by such hackers like Chaos Computer Club, a famous Germany-based hacking community, had their accounts hacked and broadcasted with a similar cryptocurrency scheme.
The most recent and popular case was when the YouTube account of YouTube's founder was hacked back in January. So, these sorts of fraudulent schemes have now become a common affair and it's at the hands of the users not to pay heed to these. Always check the legitimacy of these accounts and it's good to remember to think twice before giving in to an offer that's too good to be real.

Hackers switched from direct theft of money to gaining control over the infrastructure of companies


According to the report by Rostelecom Solar JSOC, hackers changed the focus of attacks, switching from direct theft of money to gaining control over the infrastructure of companies. Experts explain this trend by the fact that the average level of security of banks has increased significantly, which forces hackers to look for more vulnerable targets. Moreover, the demand for industrial espionage has increased on the black market. However, experts said that the activity of such hacker groups began to decrease against the background of the pandemic.

According to the report, by the end of 2019, the number of attacks aimed at gaining control over the infrastructure of companies and organizations has increased by 40%, while attacks for the purpose of stealing money have become 15% less frequent.

A long and unnoticeable presence in the organization's infrastructure allows attackers to investigate its internal processes in detail, gain deeper access to IT systems and control over them, says Vladimir Drukov, Director of Solar JSOC. He notes that hackers monetize this information by selling it on the black market, blackmailing the victim organization, or engaging in competitive intelligence.

In addition, in recent years, attacks are increasingly targeted at industrial and energy facilities, as well as government agencies whose control over infrastructure is critical for the country.

Kaspersky Lab confirmed that the number of attacks on corporate infrastructure is increasing. According to antivirus expert Denis Legezo, about 200 groups engaged in cyber espionage are currently being observed. However, the expert notes that during the coronavirus pandemic, a decline in their activity is noticeable.

Head of Analytics and Special Projects at InfoWatch Group of Companies Andrei Arsentyev noted that hackers are usually engaged in industrial espionage by order, including “hunting for various know-how, business development plans, pricing schedules”.

Attackers can monetize attacks not only through theft of funds but also by selling already configured connections to the victim’s local network to other criminals, says Evgeny Gnedin, head of Positive Technologies information security analytics department. Such a model of “access as a service” is gaining momentum today, which explains the increase in the number of such attacks.

Security Experts say number of network nodes in the Russian Federation accessible via RDP


Positive Technologies experts said that the number of network nodes in the Russian Federation accessible via the Remote Desktop Protocol (RDP) for three weeks (since the end of February 2020) increased by 9% and reached over 112,000.

It is enough for hackers to send a special RDP request to vulnerable Remote Desktop Services (RDS) to attack. Authentication is not required. If successful, an attacker can install and delete programs on a compromised system, create accounts with the highest level of access, and read and edit confidential information. The vulnerabilities affect Windows 7, Windows Server 2008, and Windows Server 2008 R2 operating systems.

According to Alexey Novikov, director of Positive Technologies security expert center, attacks on the network perimeter of domestic companies have begun to grow. Hackers are trying to get access over servers and get into the local network. This boom is caused by the transfer of employees to remote work.

For a secure remote connection, employees need to use a special gateway. For RDP connections needs a RDG, for VPN requires a VPN Gateway. Experts do not recommend connecting directly to the workplace.

Experts warn that opening access to individual subnets to all VPN users at once significantly reduces the security of the organization and not only gives broad opportunities to an external attacker but also increases the risk of an insider attack. Therefore, IT professionals need to maintain network segmentation and allocate the required number of VPN pools.

Positive Technologies experts emphasize the threat of remote access channels to business-critical networks and systems, for example, production and energy technology networks, ATM management networks or card processing in banks.

In addition, Positive Technologies recommends paying attention to a critical vulnerability (CVE-2019-19781) in Citrix software that is used in corporate networks. The vulnerability in PHP 7 (CVE-2019-11043), which, according to Positive Technologies, was included in the list of the most dangerous by the end of 2019, should be eliminated.

Russian Defence Minister says Pro-Western Activists Trying to Infiltrate Military Facilities using Media Laws as a cover


Defense Minister Sergei Shoigu, speaking in the Federation Council, announced opposition attempts to penetrate Russian military facilities.

The head of the military Department recalled that Western countries regularly make high-profile accusations against Moscow, such as interference in American elections, hacking attacks, and concealment of military losses.

"In our country, they are supported by a Pro-Western opposition division regularly trained abroad. Using media laws as a cover, its activists are trying to infiltrate military facilities and are monitoring relatives and witnesses. They go to hospitals where our wounded are lying, to cemeteries, to commemorations, to the families of our dead children. They take photos of the entrances and exits from our secret objects and put them on the Internet. You can imagine what responsibility they would be brought to in Western countries," said the head of the military Department.

In this regard, Shoigu called on senators to regulate Russian legislation in this area.
The head of the defense department also told the Federation Council about the increase in the number of cyberattacks against the Russian army.

"The information space today has become another theater of war. Over the past three years, the information infrastructure of the Armed Forces has been attacked by more than 25 thousand high-tech computer attacks from abroad. At the same time, their number increases annually by an average of 12%. We are ready for this fight. Of course, I wanted the hackers to have a little less domestic helpers,” said Shoigu.

According to him, the Ministry of Defense has a reliable system for protecting information resources, and all attacks are neutralized.

A number of countries have previously accused Russia of hacking attacks. Thus, Georgia accused the Russian military of planning and conducting a cyberattack, as a result of which sites and servers of several government bodies, courts, the media, and private companies were damaged. Also, the head of the Ministry of Defense of Ukraine Andrei Zagorodniuk said that the country is daily faced with cyberattacks that come from Russia.

At the same time, since 2016, the United States has been discussing the topic of possible Russian interference in the presidential election, as a result of which Donald Trump became the head of state.

Rostelecom detected more than a hundred thousand cyberattacks in the North-Western Federal district of Russia


In 2019, the Rostelecom Solar JSOC Monitoring and Response Center for Cyberthreats detected and repelled over 1.1 million external attacks on organizations' information resources. At the same time, as always, more than 430 thousand cyberattacks were detected in Moscow. More than 128 thousand cyberattacks were recorded over the year in the North-Western Federal district.

The most common tool of hackers was the use of vulnerabilities in web applications (web portals, email, Internet banks, personal accounts). At the same time, according to Solar JSOC experts, it's easy to hack every third application and gain access to the organization’s server. The number of such attacks increased by 13% in 2019.

"Such dynamics can be associated with the active development of corporate Internet resources, not only in traditional industries (banks, retail), but also in the fuel and energy sector, and the public sector. At the same time, most of these resources have critical vulnerabilities that allow hackers to get privileged access to the organization's resources," explained Vladimir Dryukov, director of the

Rostelecom Solar JSOC Monitoring and Response Center.
Also, in 28% of cases, cybercriminals used the introduction of malware (viruses, Trojans, spyware, etc.) into the information infrastructure of organizations in the region. Across the country, the number of such attacks increased by 11% in 2019. At the same time, hackers are constantly improving their tools, making malware less visible to security tools.

The method of selecting and compromising credentials (logins and passwords) from the Internet resources of organizations was in third place.

According to experts, among other types of cyberattacks, there are attempts to compromise logins and passwords of system administrators, DDoS, and exploitation of known vulnerabilities that were not timely eliminated by information security services of organizations.

The Federal Security Service (FSB) of the Russian Federation purchased equipment for hacking smart devices - Hacker group Digital Revolution


Hacker group Digital Revolution published documents according to which the FSB ordered the creation of the Fronton program for organizing cyberattacks using the Internet of things devices.

According to the technical documentation published by hackers, there are three versions of the program — Fronton, Fronton-3D and Fronton-18. They allow infecting smart devices (from digital assistants to smart homes), integrate them into a network and “crash” the servers responsible for the stability of large Internet services and the Internet in entire countries.

It's interesting to note that the Moscow company 0day (LLC 0DT) could have participated in the development of the programs. Previously, the company also carried out orders of the Ministry of Internal Affairs.

According to the published documents, the Internet of things is "less secure, unlike mobile devices and servers." This is due to the fact that many users use smart devices instantly, without changing factory usernames and passwords.

FSB contractors cite the experience of Mirai, the largest network of infected IoT devices, which had 600,000 bots. In 2016, it disabled the DNS servers of the American company Dyn, which made PayPal, Twitter, Netflix and about 70 other services unavailable for some time. At the same time, the organizers of the attack did not use computers, but printers, children's monitors and IoT routers.
Hackers noted that Fronton can be used for "spying on the whole world". The BBC suggests that, most likely, the main targets of cyberattacks may be digital cameras.

The documents note that 95% of the botnet should consist of IP cameras and digital video recorders. Search server must find targets for hacking, which can be connected via a virtual private network or the Tor browser. Documentation also emphasizes that "the use of the Russian language and the connected Cyrillic alphabet is excluded". It is suggested to hack devices using a dictionary of typical passwords from the Internet of things devices.

In December 2018, Digital Revolution said that it hacked the server of the Kvant Scientific Research Institute, owned by the FSB, and found documents on the system of automatic monitoring of social networks for protest moods. In the summer of 2019, hackers said that they broke into the servers of the Moscow IT company Sitek, which carried out projects for Russian special services and agencies.

ESET: hackers used the Adobe brand to attack government websites


IT specialists of the Slovak company ESET warn of a new series of attacks committed by the Turla cyber-spy group, which are aimed at websites of government agencies in the world.

"ESET, a leader in information security, has discovered a new activity of the Turla group, which is aimed at government websites. This time, cybercriminals are using social engineering techniques, using a fake Adobe Flash update as a decoy to download malicious software," said the website.

According to the report, as a result of such attacks, at least four websites, two of which belong to the government of Armenia, were infected. At the same time, these web portals have been infected at least since the beginning of 2019. ESET specialists warned the national unit of CERT of Armenia. Thus, the researchers concluded that the main target of cybercriminals is officials and politicians.

During the recorded cyberattacks, hackers infect the selected site with malicious software, which is subsequently transmitted to the devices of users of the resource. After the initial infection, Turla operators get full access to the victims' devices.

ESET specialists were not able to determine what the hackers did on infected devices, but they usually try to steal confidential documents.

According to ESET, during the latest attacks, the cybercriminals of the Turla group used a completely new backdoor called PyFlash. According to ESET experts, the authors of Turla used Python for the first time in this malicious software. The command server sends commands to the backdoor to download files, execute Windows commands, and launch and remove malicious software.

The company added that the group of cybercriminals Turla is active in most of the world, but mainly its activities are aimed at countries in Eastern Europe and East Asia. Its main goals are government and military organizations. A group of cyber spies has been working for more than ten years.

Check Point: coronavirus has become a tool for hacker attacks on users and businesses


According to Check Point Threat Intelligence, more than 4,000 coronavirus-related domains have been registered worldwide since January 2020. 3% of these sites have already been identified as malicious, and another 5% as suspicious.

According to experts, hackers send spam with a link to a malicious site on behalf of trusted organizations to encourage a potential victim to click on it. When you click the link, malware is automatically installed on the user's device.

So, Check Point discovered a phishing attack allegedly on behalf of the World Health Organization (WHO), which spread in Italy. Experts noted that 10% of organizations in Italy were subjected to this attack.

Moreover, a website registered in Russia in February 2020 was discovered. The attackers offered to buy "the best and fastest test for detecting coronavirus at a fantastic price — 19,000 rubles ($264)".
In addition, a large spam campaign was recorded in Japan. There, attackers send spam on behalf of the Japanese Society for the rehabilitation of disabled persons (JSRD). Emails report the spread of the coronavirus in several cities in Japan, prompting the recipient to open the document.
If the user is interested and opens the attachment, the Emotet Trojan will be downloaded to their computer.

According to experts, as the spread of the coronavirus continues, scammers will continue to use the coronavirus theme to carry out attacks on users and businesses.

Any events that cause mass discussion or are popular, especially negative ones, are an occasion for fraudsters to realize their plans, said Alexey Dankov, head of the information security Department at Cross Technologies. In this case, they use the news as an excuse to get data, and people who are panicked lose their vigilance and, as a result, trust scammers.

"A virus that has become a pandemic is a great reason for cybercriminals to get the desired information on accounts and personal information," added Mr. Dankov.

Russia has responded to Canada's accusations of cyberattacks on Georgian websites


The international community, following Georgia, the UK and the US, continues to publish statements condemning the cyberattack allegedly committed by Russia on the websites of Georgian government agencies, non-governmental organizations and the media. The relevant statements are published in Georgian by the Georgian Foreign Ministry.

Foreign Ministry of Australia, the Ministry of Foreign Affairs of Ukraine, and the foreign ministries of Canada, the Netherlands, Romania, and Montenegro condemned the actions of the Russian GRU. And the Icelandic Foreign Minister on his behalf published a short statement on Twitter.
The Ministry of Foreign Affairs of Ukraine not only condemns Russia but also calls on the international community to "bring to justice those who deliberately organize and carry out cyberattacks".

The authors of all statements regard the report of a cyberattack on Georgian websites as a "violation by Russia of the sovereignty and territorial integrity of Georgia and disrespect for the norms and principles of international law".

However, the Russian Embassy in Canada on Twitter stated that Russia is not involved in cyberattacks on Georgian government websites.

"Another fragment of Russophobic lies and fakes," the Russian mission responded to the accusations from Canada. The diplomats called the Canadian policy towards Russia extremely deplorable and reprehensible, and stressed that it further worsens the weakened relations between the two countries.
Prior to this, the accusations of cyberattacks on Georgia were denied by the Deputy head of the

Russian Foreign Ministry, Andrey Rudenko. According to him, Russia did not intend and is not going to interfere in the internal affairs of the neighboring country.

Recall, on February 20, US Secretary of State Michael Pompeo accused Russia of attacking Georgia. They allegedly occurred in October 2019. According to him, because of this, the work of the country's government, several private websites and two major television stations was disrupted. Representatives of the Georgian government made the same statements. The cyberattack was allegedly indicated by the results of the investigation, which Tbilisi conducted "together with other partners."

Russian banks and energy companies have undergone a new wave of cyberattacks


A new wave of cyberattacks targeting banks and energy companies has been recorded in Russia. Employees of these organizations receive numerous phishing emails with infected links, clicking on which is fraught with data theft from the computer.

It is reported that the malicious message contains an office document. The victim clicks on it and gets to the text hosting Pastebin, which downloads images from the Imgur service, which in turn contains malicious code. Thanks to it, attackers can steal secret files, withdraw funds, or install spyware on a user's computer.

"Since the chain consists of four stages, the protection tools that companies use cannot detect it, they are designed for shorter activity of malware," explained Igor Zalevsky, head of the center for the investigation of cyber incidents of JSOC CERT Rostelecom-Solar.

The company said that about 60% of phishing emails were received by employees of the energy sector, but 80% of all attacks turned out to be aimed at banks.
Zalevsky added that the attack is similar to the activity of the hacker group Silence, which just specializes in credit organizations. It is possible that the group decided to expand the scope of its activities or it's completely different hackers copying the behavior of Silence.

Group-IB confirmed that the attack recorded by Rostelecom-Solar was previously carried out in the banking sector.

Information security experts said that in 2020, energy companies will become the “main targets” for cybercriminals.

Andrey Arsentyev, head of Analytics and special projects at InfoWatch group, agrees with this assessment, he called the energy sector one of the "most attacked" in recent years. According to Denis Kuvshinov, a leading specialist of the PT Expert Security Center Positive Technologies cyber threat research group, the main goal of cybercriminals targeting the energy sector is industrial espionage, as well as the impact on critical infrastructure.

The website of the Echo of Moscow radio station reported a two-week hacker attack


For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been hacked.

According to Sergey Buntman, First Deputy Editor-in-Chief of Echo, the radio station technically and actually proved that there are attacks not only on the Echo of Moscow website but also on the Echo office, and on computers, computer and Internet communications. Because of this, part of the telephone service is also affected.

"We asked for help wherever we could, both technical, political, and law enforcement agencies. We linked these attacks with certain information, programs. Law enforcement agencies, as I understand it, are now searching for the source of the attacks," said Alexey Venediktov, Editor-in-Chief of Echo.

He said that two weeks ago, powerful hacker attacks began. Their peculiarity was that they attacked not only the site but also the communication channels of Echo of Moscow when programs were broadcast with presenters who are located remotely," explained Venediktov.

In addition, office computers were unexpectedly attacked, due to which Echo Moscow could not receive news from news agencies. "It is very important that they attack Internet communication channels, including from the satellite from which our regional partners receive the signal. These are very experienced, very powerful DDoS attacks. As experts tell us, very large structures have such capabilities," he said, adding that the radio station's specialists have already learned to repel all these attacks.

However, according to Venediktov, the radio station is losing subscribers and advertisers. The Editorial Board drew the attention of the shareholders to this fact, and "the shareholders are worried".

Alexander Baranov says Russia has nothing to do with the cyberattack on the friendly Austrian Foreign Ministry


The hacker attack that the Austrian Ministry of Foreign Affairs underwent prompted European countries to take active measures to defend against such attacks. At the same time, the EU accuses Moscow of the attack, which makes no sense, given the friendly relations between Russia and Austria. Alexander Baranov, head of the Department of Information Security at the National Research University, commented on the situation.

According to the expert, anti-Russian accusations once again show the policy of Western "hawks" who regularly make groundless statements to undesirable countries.
"These accusations are completely groundless and are not supported by any arguments," Baranov said.

He stressed that Russia has absolutely no interest in attacking the Austrian Foreign Ministry. In addition, Austria supports the implementation of major projects, such as the Nord Stream 2 gas pipeline.

"This is one of the friendliest countries in the European Union, I think. Therefore, I do not see any sense to attack its foreign Ministry, especially since the country is small and it does not play a decisive role," the expert believes.

In his opinion, the provocation is obvious in order to worsen relations between the countries.
"One of the most famous methods of hackers is to carry out an attack from the territory of States that have nothing to do with it. Most often it is China or India," Baranov explained.

The expert reminded that it is now almost impossible to track the end user if he uses an anonymizer. It is possible that the European security forces were able to establish any facts, but they are not able to make them public because of the secrecy.

He added that European politicians enjoy their impunity by regularly making unfounded accusations.
"Representatives of Russia have repeatedly asked for facts, but there is nothing, there is only empty talk," the expert concluded.

A hacker attack on the Austrian Foreign Ministry occurred in early January. In Vienna, they believe that the incident has a Russian trace while recognizing the absence of any evidence.

Earlier, the Austrian newspaper DiePresse reported that a number of EU countries decided to form a group to protect themselves from cyber attacks from Russia. Vienna will work together with Germany, the Czech Republic, Belgium and Cyprus on this issue. These States consider themselves to be "victims of a Russian cyber-espionage".

Experts predicted an increase in the number of DDoS attacks in 2020


In Russia, the number of DDoS attacks will increase due to the introduction of 5G technology, said Anton Fishman, head of the system solutions Department of the Group-IB.

He noted that the wider introduction of 5G will significantly increase the number of traditional attacks that providers have faced in recent years. "For example, the power and frequency of DDoS attacks will increase significantly due to many insecure devices."

According to him, a DDoS attack can be used as a distraction when stealing money from a Bank or disabling a service.

Earlier, Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank, said that the main areas that require attention when countering cybercrime are DDoS attacks, data leaks and fraud using social engineering methods. He explained that the number of DDoS attacks has increased, their quality has changed, in addition, it is quite difficult to detect them.

It is important to add that on the eve of the Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov said that in January the bank underwent the most powerful DDoS attack in its history.

"On January 2, 2020, Sberbank faced an unprecedented DDoS attack that was 30 times more powerful than the most powerful attack in the history of Sberbank. The attack was carried out using IoT devices (Internet of Things)," said Kuznetsov, noting that the state Bank successfully repelled the cyberattack.

According to Kuznetsov, not every company in Russia or even in the world could reflect such attacks.
"This could become a trend in 2020 [increasing cyber attacks]," he added.

According to Kuznetsov, in 2019, the number of hacker attacks on Sberbank increased by 15-20%, and the Bank records 280-300 attempts to attack its systems per day.

"We identify all of them and block them. In addition, it is worth noting that mass malicious mailings are still popular — about 50% of the emails that our employees receive are spam, including phishing attempts," said the Deputy Chairman of Sberbank.

Hackers from Russia hacked the Ukrainian gas company Burisma


Russian hackers in November 2019 attacked the Ukrainian energy company Burisma in order to gain potentially compromising information about former US Vice President Joe Biden and his son Hunter.

Starting in November 2019, a series of phishing attacks were carried out to gain access to the usernames and passwords of employees of Burisma, as well as other companies belonging to Burisma Holdings. According to an American cybersecurity company Area 1, hackers allegedly linked to the GRU and members of the Fancy Bear group, also known as Sofacy and APT28, are behind these attacks.

It is known that hackers managed to hack the accounts of some employees and thus gain access to one of the company's servers. Experts said that the timing and scale of the attacks suggest that hackers may have been looking for potentially compromising material about the former US Vice President and his son, who was part of the leadership of Burisma.

According to experts from Area 1, the tactics of Russian hackers, are strikingly similar to the hacking of the servers of the National Committee of the Democratic Party of the United States during the 2016 presidential campaign, for which the American special services also blame Russia. Then, as now, Russian hackers used phishing emails.

The story involving the son of Joe Biden in the work of Burisma caused of a loud political scandal in the United States. In this regard, an investigation was launched to impeach President Donald Trump.
In particular, it was pointed out that Trump, during his July phone conversation with his Ukrainian president Vladimir Zelensky, asked him to resume the investigation into Burisma, with which Joe Biden and his son were associated. Moreover, Trump threatened to freeze military aid to Kiev.

Kaspersky Lab recorded an increase in attacks by Russian hackers on banks in Africa


Kaspersky Lab recorded a wave of targeted attacks on major banks in several Tropical African countries in 2020. It is assumed that the attacks are made by the Russian-speaking hacker group Silence.

According to the company's leading anti-virus expert, Sergey Golovanov, "hundreds and sometimes thousands of attempts to attack the infrastructure of banks in Africa are blocked every day."
According to Kaspersky Lab, the hacker group Silence has already penetrated the internal network of

African financial organizations, and the attacks are "in the final stages".
During the attack, hackers could gain access to a large amount of confidential data that can be used in the future, said Golovanov.

At the end of August 2019, Group IB calculated the amount of theft from banks by the group of Russian-speaking hackers The Silence. From June 2016 to June 2019, the amount of damage amounted to about 272 million rubles ($4.2 million). Hackers infected financial institutions in more than 30 countries in Asia, Europe and the CIS.

According to Kaspersky Lab, Silence attacks financial organizations around the world with phishing emails containing malicious files, often on behalf of real employees of organizations. Viruses use administrative tools, study the internal infrastructure of banks, and then attackers steal money (including through ATMs).

The director of the Positive Technologies security expert center, Alexei Novikov believes that Silence did not increase activity at the beginning of 2020, and attacks outside of Russia and the CIS countries are uncharacteristic for them.

Recall that in October, Group-IB reported five hacker groups that threaten Russian banks: Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

Kaspersky Lab reports North Korean Hacker group Lazarus stealing cryptocurrencies using the Telegram messenger


A group of hackers calling themselves Lazarus modified their previous scheme to steal cryptocurrency which was used in 2018. Hackers use more effective tactics and act more carefully. According to Kaspersky Lab, now, not only users of the macOS operating system are at risk but also users of Windows.

Presumably, Lazarus hackers use malware that runs in memory and not on hard drives allowing it to remain undetected. The researchers believe that the group uses Telegram to spread the virus.

The new Lazarus attack was named Operation APpleJeus Sequel, which follows APpleJeus attack conducted in 2018. Principle of cryptocurrency theft remains the same as before: fake cryptocurrency companies are used to attract investors. The websites of these companies contain links to fraudulent

Telegram trading groups, through which malware that infects Windows computers is distributed.
Once the system is infected, attackers can gain remote access to it and steal the cryptocurrencies stored on the device. So far, researchers have been able to identify many victims of the new fraud across Europe and in China. A representative of Kaspersky Lab reports that it is known about the victims from Russia, China, Poland and the UK. At the same time, they include both individual traders and companies whose activities are related to cryptocurrency.

Kaspersky noted that currently, hackers from Lazarus have suspended their campaign using the messenger, but researchers suggested that in the future, attackers will use even more advanced methods.

Earlier, a closed UN report reported that North Korea finances the development of weapons through digital and Fiat currencies stolen from banks and cryptocurrency exchanges. Last fall, Group-IB said that a North Korean group of hackers stole $571 million in cryptocurrencies.

Hacker Jailed on Charges of Blackmailing Apple


A twenty-two-year-old hacker has agreed that he tried to threaten Apple company by alleging that he had data of accounts of millions of iPhone users and that he would destroy these accounts if not given the ransom. The hacker is known to be Kerem Albayrak, living in North London, who scared to clear more than 300 million Apple users' iCloud accounts, demanding that the company gave him iTunes reward vouchers amounting to £76,000 ($1,00,000), as a ransom. However, while enquiring about the issue, Apple discovered that Kerem's claims were false, and he didn't jeopardize the company's safety system.


Kerem has been charged with the crime of data breach and blackmailing and has been sentenced 2 years of jail imprisonment, and 300 hours of community service (unpaid). Two years back, in March 2017, Kerem e-mailed Apple company's safety unit, declaring to have hacked more than 300 Million iCloud accounts of Apple users. To strengthen his claim, Kerem showed him hacking two iCloud accounts in a video that he uploaded on Youtube. The hacker blackmailed to trade the iCloud accounts' data, drop his data on the internet and restore the iCloud accounts if he was denied by Apple to give his iTunes bonus voucher-request. Kerem also agreed to accept cryptocurrency as a payoff, saying he would accept a return of $75,000, but later raised it to $1,00,000. 2 weeks after the threat was sent, Kerem was caught in his house in north London, by the London police.

The attack is called Credential Stuffing-
Apple examined his allegations but was unable to obtain any solid proof that the users' iCloud accounts were hacked. "The hacker collected passwords and e-mail addresses from different aids, that were exposed recently on charges of the data breach," says UK's National Crime Agency in its inquiry. It further says that the hacker sought his chance, checking whether the user had similar iCloud accounts and passwords. The attack is known as 'Credential Stuffing,' which allows the process to complete faster.

While the investigation was in process, Kerem told the investigators, "You have fame and everyone starts to respect you, once you have power on the internet." Along with the 300 hours of unpaid community service, Kerem has also received an electronic curfew of 6 months. "Kerem thought that he could avoid prosecution when he hacked 2 iCloud accounts and blackmailed Apple, an MNC giant," says Anna Smith, senior investigative officer, NCA.

Cyber Security Company Predicts Cyber Cold War Will Escalate In 2020


A new Cold War will begin in the world in 2020, it will break out in cyberspace. Fake news before the elections will become an Internet trend in politics, and companies and ordinary people need to be wary of old threats - phishing and ransomware viruses. This forecast was made by Check Point IT company in a study available to the Russian Agency for International Information RIA Novosti.

According to experts, cyber attacks will increasingly be used as indirect conflicts between small states, which are supported and financed by large countries seeking to expand their spheres of influence.

In addition, they predict an increase in the number of cyber attacks on utility and other critical infrastructures, explaining this by the fact that in many cases outdated technologies are used in the field of electricity and water supply.

In 2020, an increase in the number of targeted attacks on authorities, specific enterprises and healthcare organizations through mobile malware and ransomware is projected. According to the study, "new versions of malware are available to anyone willing to pay developers".

Companies Check Point predicts more phishing against their employees. "Despite the fact that email remains the main attack vector, cybercriminals now use many other attack vectors. Phishing increasingly includes SMS attacks on mobile phones or the use of messages on social networks and gaming platforms," said experts.

Another trend in 2020, according to the IT company, will be fake news during election campaigns. "In 2016, before the US presidential election, the distribution of fake news based on artificial intelligence began. Political opponents were successful by creating special teams that created and spread false stories," said IT company.

90% of Russian entrepreneurs faced external cyber threats, says ESET


The antivirus company ESET conducted a comprehensive study on the state of information security in Russian companies, interviewing dozens of IT Directors and business owners.
According to the study, 90% of Russian companies faced external cyber threats and about 50% faced internal ones. Among external cyber threats spam (65%), malware (47%) and encryptors (35%) are leading.

The distribution of malicious software is closely linked to the activity of spammers and phishers who seek to lull the employee's vigilance and force him to follow a malicious link or download a dangerous file. At the same time, many respondents noted that often viruses, Trojans and other malware got on devices because of the human factor - employees used unverified external drives or installed unwanted software.

In addition, 7% of respondents experienced the loss of corporate smartphones, tablets or laptops with confidential information by employees.
It is worth noting that specialists from the CIS often face internal problems of information security. At the same time, Russian companies often had to repel more serious threats: DDoS attacks, phishing, encryptors.

Every fifth Russian company suffered from accidental data leaks due to a lack of knowledge of the security rules for employees working with confidential information. At the same time, Russian IT managers are concerned about the protection of personal data of employees (60%), which is also due to the tightening of the relevant norms of Russian law.

90% of respondents reported that they use anti-virus solutions, 45% control the work with external drives, 26% implement financial protection systems and 28% fight against DDoS attacks. In addition, managers are increasingly turning to third-party companies for audits to ensure information security (15%). At the moment, according to experts, outsourcing security is one of the trends in cybersecurity.

At the end of 2019, 5% of Russian companies are not satisfied with the state of information security and would like to increase the budget. Moreover, with the growth of the number of computers, the level of dissatisfaction and the desire to increase the budget for information security are growing.

Insider Threat : Employees of Russian banks are massively recruited to get data


In Russia, there are 73 services that recruit insiders in Russian banks. This information was shared by Darknet researcher Anton Staver.

"Many groups providing such services is due to the amount of work that falls on them," explained Staver. According to the researcher, services that recruit Bank employees receive up to 50 orders a day, which is enough for the existence of an entire industry.

The expert said that customers of such data are usually competitors of banks, jealous spouses of customers, as well as hackers and scammers. Scammers often asked to choose a list of victims with the big account balance. At the same time, according to Staver, recruitment is most often “carried out by specialized structures”.

The expert noted that recruiters receive from customers about 15 thousand rubles ($240) for one employee of the Bank. During the work, the recruiter receives the search criteria, after which the client receives the contacts of the necessary person in Telegram or Jabber. It takes about 5-7 days to search for an insider.

Pavel Krylov, who runs a company specializing in the investigation of cybercrime, agrees with the research data. "Fraudulent schemes using personal data are now successful and effective, so attackers are actively looking for insiders in banks," said the expert. He also noted that various criminal groups taking advantage of theft and withdrawal options use schemes with recruitment for monetization.

The cost of recruitment ranges from 7 thousand to 100 thousand rubles ($112-$1600) and depends on the complexity of the task. If the security service of the Bank works effectively, the price will be much higher. Employees are usually hired through social networks, instant messengers, personal contacts, LinkedIn.