Search This Blog

Showing posts with label Cyber Attacks. Show all posts

Attacks on IoT devices and WebApps on an extreme rise for the Q3

Ransomware threats and Malware numbers have fallen but are presently more active and dangerous. More than 7.2 Billion virus attacks originated from January to September in the year 2019. Also, 151.9 million ransomware crimes were found.

Important conclusions cover:

  • IoT malware mounted to 25M, a tremendous 33% rise 
  • Encrypted attacks rose to 58% 
  • Web application threats are on the increase, revealing a 37% rise during the same time for last year Malware threats reached 7.2 Billion 
  • Ransomware threats hit 151.9 million 
  • 14% of the malware threats were received from non-standard gates


"The attacks may be dropping down for the moment but the truth is the figures of threats are still extremely high and more dangerous in history. We have reported a rise in geographical threats in America and involving the UK and Germany. The researchers at our lab are also investigating distinct and increasing threat vectors, like surface channel threats and tricks," says The SonicWall Capture Threat Network. “While observing the ransomware range, we also recognize that ransomware attacks tricks have evolved,” says SonicWall CEO and President Bill Conner.

“Earlier, the hackers aimed at the number of viruses but today we are witnessing that hackers concentrate on less more eminent victims for expanding sideways. This change in tricks also witnessed a similar increase in the payment demands through ransomware attacks, as the criminals try to steal high payment from the few, but profitable victims such as hospitals and regional districts." “The evidence reveals that cyber-criminals are becoming better at attacks, more specific and more careful. Companies should be careful and make more stringent safety laws in their institutions to overcome the menaces that our experts have found,” says Conner.

He further adds “we suggest that organizations should adopt a combined and multilayered safety program that gives solid security beyond all systems to avoid being the cover story for cyber attack news”. Phishing threats are matching series with malware and ransomware attacks. However, the attacks are also going down at a rate of 32% each year, a figure that has been the same for most of the time this year.

BMW and Hyundai Networks Compromised by Vietnamese Hackers


Hackers allegedly having links to the Vietnamese government have hacked the networks of two leading automobile manufacturers, BMW and Hyundai, according to the recent reports from the German media.

At the same time, eliminating the novelty from the incident, the reports by Bayerische Rundfunk (BR) and Taggesschau (TS) are making claims that around spring this year, the networks of a BMW branch were breached by attackers.

Reports suggest, hackers installed 'Cobalt Strike', a penetration testing toolkit onto the targeted networks; it was employed as a backdoor through which the compromised networks were intruded by attackers.

Supposedly, BMW was acquainted with the attacker's operations and let them continue to penetrate further into their networks. However, the company brought it to an end by putting a restriction onto the illegal access in the last week of November.

According to the findings, the attackers who compromised BMW's networks also no infected South Korean multinational automotive manufacturer, Hyundai. However, no additional information has been provided regarding the Hyundai breach.

The group behind these attacks, Ocean Lotus (APT32) has been in the cybercrime ecosystem since 2014 and is popular for targeting the automobile sector.

Referencing from the reports, "The attack of the alleged Vietnamese hacker group began in the spring of 2019. Last weekend, the automobile company from Munich finally took the computers concerned off the grid. Previously, the group's IT security experts had been monitoring the hackers for months. This is the result of research by the Bayerischer Rundfunk. Also on the South Korean car manufacturer Hyundai, the hackers had it apart."

"The Federal Office for the Protection of the Constitution also follows the hackers of OceanLotus. "The grouping of OceanLotus has already become important, and one should keep an eye on the development, especially because of the target range automotive industry," said a spokeswoman. In the summer, the German Association of the Automotive Industry (VDA) sent an e-mail to its members. The subject was: "Warning message from the Federal Office for the Protection of the Constitution about poscyberattacksttacks (OceanLotus) on German automobile companies." In the e-mail, the BR research, the hacker's procedure is described in detail." The report reads.

One of Australia's Largest IVF Providers Warns Patients of Possible Data Breach


A malicious cyber-attack targeting on the staff email system of one of Australia's biggest IVF providers may have brought a breach in the personal information of the patients. It has been accounted for that the attackers gained access to emails; email addresses and address books belonging to a number of staff members in the attack.

A group of forensic IT experts has just started an investigation to find out how the server was broken and if patients' personal details were gotten to, according to Chief Executive of Monash IVF Group, Michael Knaap.

While the investigation discovered that the private patient databases were immaculate, the national fertility business said in an email to the patients informing them that staff emails containing sensitive patient data, including medicinal histories, may have been hacked.

Monash IVF emphatically stressed the fact that the attackers have focused on just a bunch of the patients and were simply restricted to "an individual's email address"; however a few patients may have been directly affected.

The IVF provider said it had been in contact with the Office of the Australian Information Commissioner and the Australian Cyber Security Centre (ACSC) about the incident as well as industry regulators.

Monash IVF is attached to fertility clinics in New South Wales, Queensland, Victoria, Tasmania, South Australia, and the Northern Territory.

This, in any case, isn't the first cyber-attack exclusively centered around the patients data security there have been quite a few earlier this year also, the most popular one as revealed by "The Age" a cybercrime syndicate had hacked and 'scrambled' the medical records of around 15,000 patients from a specialist cardiology unit at Cabrini Hospital and thusly demanded a ransom.

Group-IB reported attempts to hack Telegram of Russian entrepreneurs


The company specializing in the investigation of cybercrime Group-IB reported that attackers attempted to hack correspondence of Telegram messenger, and Russian entrepreneurs became the target of cyberattacks.

As the experts explained, at the end of 2019 several Russian entrepreneurs turned to them for help, who faced the problem of unauthorized access by unknown persons to their correspondence in the Telegram messenger.

The incidents occurred on iOS and Android, regardless of the carrier used. Group-IB believes that the attackers were able to view and copy activation codes from SMS messages that Telegram sends when activated on a new device.

Technically, the cyber attack could have been carried out using a vulnerability in the SS7 Protocol. However, attacks on SS7 are rare.

“It is much more difficult to implement such an attack, it requires certain qualifications in the field of data transmission networks and their protocols,” explained Kaspersky Lab’s antivirus expert Viktor Chebyshev.

"The attack began when a message was sent to the Telegram messenger from the Telegram service channel (this is the official messenger channel with a blue verification tick) with a confirmation code that the user did not request. After that, an SMS with an activation code was sent to the victim’s smartphone, and almost immediately a notification came to the Telegram service channel that the account was logged in from a new device,” reported Group-IB.

It is known that other people's accounts were hacked through the mobile Internet, the IP address of the attackers was most often determined in the city of Samara.

It is assumed that the attackers used disposable SIM cards. They deliberately sent SMS with the code, intercepted it and authorized in Telegram. They could buy access to tools for hacking in the Darknet from 100 thousand rubles ($1,565).

The company drew attention to the fact that in all cases, SMS messages were the only authorization factor on devices affected by hacking attempts. Accordingly, such an attack can only be successful if the “Cloud Password” or “Two-step verification” options are not activated in the Telegram settings on the smartphone.

According to anti-virus expert Viktor Chebyshev, Telegram is consistently included in the list of applications targeted by cybercriminals in various spy campaigns. Such an attack can allow attackers to gain access to the correspondence of specific people.

Indian Govt Bans Foreign Firms from Conducting IT Security Audits


The Indian Government directs the ministries and departments responsible of India's basic infrastructure to abstain from employing foreign firms to conduct IT security audits of its frameworks and systems; this was brought to light following the cyber-attack on Kudankulam Nuclear Power Plant.

From now onwards Indian firms empanelled for inspecting will require a clearance from domestic spy agency, Intelligence Bureau (IB) to preclude any foreign link. Security reviews in every one of the ministries and critical sectors are done to guarantee that nation's information infrastructure isn't vulnerable against attacks by hackers and that every one of the systems have a protected government firewall.

As per the reports looked into by Firstpost, Computer Emergency Response Team (CERT-IN) — under the domain of the Ministry of Electronics and Information Technology — has arranged a rundown of evaluating firms in consultation with the IB.

It has been additionally observed that certain critical segments are confronting dangers from numerous sources and increasing attacks on the frameworks are organised and targeted with the assistance of criminals and state actors to thusly receive monstrous rewards out of 'information compromise or espionage'.

The cyber criminals may indulge in fraud, conduct espionage to steal state and military mysteries and disturb critical infrastructures by misusing the vulnerabilities in any framework.

The administration archives state that, “The public sector, although increasingly relying on information technology, has not fully awakened to the challenges of security. Economic stability depends on uninterrupted operations of banking, finance, critical infrastructure such as power generation and distribution, transport systems of rail, road, air, and sea which are critically reliant on information technology.

Even though the focus has been on improving systems and providing e-governance services by various institutions, the IT networks and business processes have not placed the desired emphasis on information security," Aside from this there are a couple of different directives which have been issued for critical areas for protective observing of sensitive data and risk radiating from terrorist groups or enemy state.

Workers taking care of sensitive servers will be required to unveil the phone they are carrying, its serial number, model number alongside subtleties like security abilities and vulnerabilities and the critical segments will claim all authority to control official information on the said employee's mobile, including the privilege to back up, retrieve, modify, decide access or erase the organization's information without an early notice.

Likewise, people or specialists employed for security reviews of government frameworks will have to sign a non-disclosure agreement to anticipate spillage of sensitive information.

Russian hackers switched from Russian banks to foreign ones


Two of the most dangerous Russian-language hacker groups over the past year have almost stopped attacking Russian banks and concentrated on foreign banks. Damage from targeted attacks on credit institutions fell by 14 times.

"Until 2018, Russian-speaking groups often attacked banks in Russia and the CIS, but over the past year, this trend has changed. Now the attackers focus mainly on foreign banks and organizations," said experts.

"New hacker groups often start working in their region: this was the case with Cobalt, with Silence in Russia, this is happening now with SilentCards in Africa. Home regions are a testing ground for them. Having worked out the techniques, they move on. For example, the same Russian-speaking groups focused on goals in Asia, Africa, Europe and America," added the representative of Group-IB.

Recall that in the world, according to Group-IB, there are five major hacker groups that hack financial institutions, three of them Cobalt, Silence and MoneyTaker are Russian-speaking.

A representative of Kaspersky Lab confirmed the statement about this trend. He noted that the attackers switched to the countries of Eastern Europe and the CIS, which are less protected.

"But a new generation of hackers will soon grow up who will again attack banks in their homeland," predicts the representative of Group-IB.

Experts have already recorded an increase in the number of Russian-speaking young people who are still engaged in "harmless attacks".

In addition, cyber experts Group-IB identified the most frightening trend of 2019. This is the use of cyberweapons in open military operations. According to the representative of the company, interstate conflicts have now acquired new features and cyber activity has begun to play a key role in this confrontation. Thus, experts found many previously unknown groups sponsored by states.

However, the activities of such hackers can go unnoticed for years. And their actions can destabilize the situation in the states, as well as cause social and economic damage.

Cyber-War Exercise held between US and Taiwan


In a cyber-war event that has been going for a week now, the Taiwanese executives are getting hit by phony emails and messages as a part of it. The event is said to be one of its kind. As a part of the cyber-war training between Taiwan and America, the local authority (of Taiwan) is co-directing the cyber drill with the American Institute in Taiwan (AIT), which also represents the US interests in Taiwan. "The foremost is attention is on threats professed by 'North Korea and other countries' that are responsible for the attack," says AIT in a statement.


On the contrary, Taiwan says that a vast number of cyber-attacks that it suffers come from China. "It is like fighting combat when we are dealing with attacks like these," said a Taiwanese official earlier this month. The cyber-war drills are to take place on Friday, which will try to break into the administration servers and websites by duping the workers in receiving misleading messages. "Taiwan considers China as the main offender for these cyberattacks threats on the island," said Veerle Nouwens, Royal United Services Institute for Defence and Security Studies, UK.

"Taiwanese administration's systems suffer around 30 million cyberattacks every month, and China is responsible for half of it," says the administrator general of Cyber Security Agency, Taiwan. He further adds, "But, no matter where the origin of the attacks happen, building a robust cyber-security system is the first priority for every government and private-sector corporations."

Risks involved- 
The cyber-war exercises were formally started by Raymond Greene, Director, AIT, at a Microsoft event. "It is a start of new opportunities between the two nations in the cybersecurity field," says Raymond regarding the tests. "The concern today is not any physical violence in any country but rather an invasion of cyber-security by corrupt criminals that is capable of stirring the society from the inside." "But in the end, these attacks are a concern for us all in numerous ways." This is a matter of serious concern as the cyberattacks are trying to influence the elections, economy, and infrastructure of the victim country.

The data of Alfa-Bank's clients is sold on the black market


The data of Alfa-Bank credit card holders, as well as Alfa Insurance customers came up for sale in the Darknet. The bank confirmed the leak saying that it affects a few customers and does not pose a threat to the money in the accounts.

Seller who published the ad on a hacker forum said that he has up-to-date data on about 3,500 Alfa-Bank customers and about 3,000 Alfa Insurance customers. The ad was published on October 31, the seller registered there on the same day.

To verify the data, the seller suggested to look at 23 contracts. They contained the full name, mobile phone number, passport data, registration address, the amount of credit limit or issued insurance, the subject of insurance, as well as the date of conclusion of the contract. According to the seller, all contracts of Alfa-Bank are issued in October.

When the investigator tried to transfer money by phone number, in 11 of the 13 credit card contracts, the names and first letters of the surnames matched. Also he phoned up nine customers, most of them confirmed that they had recently issued a credit card at Alfa Bank. Fraudsters have already managed to make a call to one of the clients, after which he blocked the card.

Alfa-Bank confirmed the leak. "At the moment, it is reliably known about the illegal distribution of personal data of 15 clients. The occurrence of this situation is not the result of a violation of the protection of the corporate information system of the Bank, " - said the representative of the Bank.

According to him, the leak does not pose a threat to customer accounts, as it does not have data to access them.

Indeed, the contracts do not contain card numbers and CVV-codes, so fraudsters will not be able to get direct access to the money. However, they can use the information to call a customer under the guise of a Bank and find out the necessary information to steal money.
Alfa Insurance has introduced additional security measures and is investigating the publication of customer data.

Recall, in early October Sberbank confirmed of credit card accounts, which affects at least 200 customers of the Bank. It was announced that 60 million credit cards were in the public domain.

Georgia in a panic after a strange cyberattack


On October 28, several hundred websites in Georgia were attacked by hackers. As a result of the cyberattack, several Georgian TV companies stopped broadcasting. The cyberattack was also carried out on the website of the administration of the President of Georgia Salome Zurabishvili. When the site was opened, a photo of the runaway ex-President of Georgia appeared with the inscription: "I will be back." The damage, according to preliminary data, is very large.

The State Security Service and the Ministry of Internal Affairs with the support of partner countries are investigating a massive cyber attack on public and private sites in Georgia.

The Georgian Ministry of Internal Affairs admitted on Tuesday that the attack could come from both Georgian territory and from abroad.

Political scientist Tornike Gordadze, who held the post of minister in the government of Saakashvili, believes that this is a vivid example of "the ineffective work of the government to ensure security against possible threats, including from Russia."

In addition, the French Daily Le Monde saw the Russian connection in a large-scale cyberattack.

According to the newspaper, the current Georgian authorities are taking new steps to improve relations with the Kremlin in the hope of resuming trade with the Russian neighbor, as well as the extradition of alleged criminals. The hacker Yaroslav Sumbayev, who was arrested in Georgia in 2018 and suspected of involvement in the murder of Colonel Evgenia Shishkina, who was investigating economic crimes and corruption offenses, was handed over to Russian authorities on October 24, despite a statement by his lawyer regarding the risk of "inhuman treatment." The publication believes that a large-scale cyber attack could be a retaliation from the hacker community.

Former analyst of the Georgian National Security Council and political affairs assistant to the Prime Minister of Georgia, political analyst Tornike Sharashenidze, did not rule out "the involvement of the Russian Federation in the hacker attack in Georgia."

Malspam Campaign attacks German organizations with Buran ransomware


As of Oct 2019 researchers have discovered malicious spam (malspam) campaign targeting German organizations that delivered Buran crypto-ransomware family. The emails are crafted so as to appear to be coming from online fax service eFax.

Public reporting indicates that Buran malspam campaigns began on 13 September 2019, corroborated by metadata found in emails and Microsoft Word documents. Then the campaign on 1 October 2019 copied the eFax brand, an online fax service. German organizations were targeted using an email that seemed like it was from eFax and Word document in German.

 Technical Details 

On opening the mail, the user is given a hyperlink, which if clicked directs the user to a PHP page that contains the malicious word document. The document then contains a Visual Basic for Applications (VBA) macro, when enabled, downloads the malicious executable.

On Activation, the Buran ransomware performs the following tasks- (Sc.Itssecure.com)

•Sends an HTTP GET request to hxxp://geoiptool[.]com, in order to determine the location of the victim machine.
•Copies itself to another directory & renames itself to “Isass.exe”, in order to evade being detected by security solutions in place.
•It then utilizes a command shell to establish persistence.
•Further, it modifies the windows registry’s run key, so that “Isass.exe” is executed every time someone logs into the machine.
•It then disables services like windows event log and windows error recovery & automatic repair.
•Finally, it deletes any backups made by Volume shadow copy service (VSS).
•Upon completion of the encryption process, a ransom note is displayed, containing the instructions that need to be followed by the victim, in order to decrypt his files.

These type of malicious spam ransomware campaigns leads to lag in business-critical operations, loss of sensitive and confidential data and financial loss to the organization. Such ransomware keeps surfacing often and can lead to degeneration of an organization and hence organizations should take active measures and protect themselves from such malevolent attacks. The organizations should create strong cybersecurity with updated systems and software and invest in employee training programs, to aware them about malspams, phishing, and other threats.

Group-IB reported on the five hacker groups threatening to Russian banks


The main hacker groups threatening Russian banks are Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. They can hack a Bank, reach isolated financial systems and withdraw funds, said Ilya Sachkov, CEO and founder of Group-IB, a company specializing in preventing cyber attacks.

At the same time, hacker groups are shifting their focus from Russia to other countries.

According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

"For example, Silence began its activities in Russia, but gradually shifted its focus to the CIS, and then entered the international market. Group-IB analysts have detected Silence attacks in more than 30 countries in Europe, Asia and the CIS for the current year," said Sachkov.

According to him, the pro-government hackers of developed countries are the most dangerous, since their activity is less noticeable, while they have a better arsenal for carrying out attacks.

"Our last year's forecast came true. The number of targeted attacks aimed at espionage, sabotage or obtaining direct financial benefits has grown significantly. So-called "digital weapons" or cyberweapons, which can stop production processes and disable networks of critical infrastructure and large commercial enterprises, are actively used. This is a serious problem. The number of cyber attacks will increase and it will be more difficult to resist them, " added Sachkov.

The head of the company Group-IB also said that cybercriminals began to use a new method of stealing money from Bank customers by installing remote access programs on smartphones. The monthly losses of large banks from this type of fraud can reach 6-10 million rubles.

He noted that the Secure Bank system monthly records of more than 1 thousand attempts to steal money from the accounts of individuals using this scheme.

Earlier it was reported about a new way of stealing from Bank cards. Hackers pose as Bank employees using the technology to substitute phone numbers.

The Head of the FSB spoke about the threat of massive terrorist hacker attacks


Director of the FSB Alexander Bortnikov said that terrorist can disguise their hacking attacks under the actions of special services of specific States and this threatened to political and military conflicts. He stated this at the XVIII international meeting of heads of intelligence, security and law enforcement agencies in Sochi.

According to the FSB, terrorist groups create and develop their own cyber units.

Bortnikov called on intelligence agencies of other countries to support Russia's demand to deposit encryption keys for mobile devices. Fighting terrorism is ineffective as long as they use closed channels of communication on the Internet, he explained.

"The main tool of communication between bandits are still Internet Messengers with high crypto protection. In this regard, we consider it a serious problem that a number of the world's leading IT companies do not want to cooperate with intelligence agencies in the field of information security,” Bortnikov said.

He also called on the special services to join efforts in identifying and blocking terrorist and extremist materials on the Internet and to establish cooperation with leading technology companies for this purpose.

Bortnikov also noted that the capabilities of terrorists in the future can grow due to the growing availability of artificial intelligence technologies. And with their help, the militants will be able to analyze large amounts of information, including illegally obtained databases.

In addition, the FSB Director said that international terrorists are increasingly using "confidential cryptocurrencies" to financially fuel their criminal activities. According to Bortnikov, terrorists create shell companies that legally participate in trading on stock exchanges, invest in real estate and various sectors of the economy. At the same time, criminals are increasingly using not bitcoin, but so-called “confidential cryptocurrencies”, which guarantee the anonymity of transactions.

Also, Alexander Bortnikov said about the threat of massive terrorist attacks using unmanned aerial vehicles. According to Bortnikov, the use of unmanned aerial vehicles capable of delivering various cargoes by terrorists will become a "real challenge" for the world's intelligence services.

It is important to add that this year the FSB has identified 39 terrorist attacks in preparation and eliminated 32 terrorists.

How 5G Network would Change the IoT and the Challenges Ahead



Extremely fast and effective, 5G mobile networks would increase the exposure to attacks as every internet of things (IoT) when connected to fifth-generation technology can potentially become a tempting target for attackers and cybercriminals.

The efficiency would allow for improved interconnectivity and greater control over devices and machines ranging from automobiles to traffic lights and everything in between which have internet-connected sensors embedded in it. The number of such items is reported to rise from 14.2bn to 25bn by 2021, according to global research and advisory firm, Gartner.

Major home appliance company, Whirlpool is all set to have one its factories run on 5G technology. The factory puts to use a lot of metal and as 5G penetrate through walls and doesn't reflect off metal unlike Wi-Fi, Douglas Barnes, Whirlpool's North American regional IT and OT manufacturing infrastructure applications manager, says, "This will allow us to go to truly autonomous vehicles throughout the entire plant, for maintenance, for delivery, for everything that supports the manufacturing operations. That business case carries so much weight and so much in cost savings. The payback for 5G is very favorable."

With encryption of data becoming more secure than ever, 5G technology will massively change the way users communicate over the internet, browse, watch videos and play games. However, the increased speed and effectiveness, low latency, high Gbps data transfer rates, and greater capacity also accompany more security challenges as compared to the current mobile networks. It would mean that threat actors while breaching a machine running on a 5G network, will be able to download and hence steal the data much faster than the current networks allow. It would also make it easier for criminals to execute bigger cyber attacks by utilizing the increased engagement of software required to smoothly run 5G technology.

Did hackers exploit IoT before?

Earlier in 2016, in the "Mirai botnet" cyber attack, where hackers took advantage of vulnerable IoT devices to take down major websites including Reddit, Twitter, Spotify and left much of the internet inaccessible, the incident witnessed the involvement of a large number of routers, cameras, and video recorders to take down a large chunk of the internet for the Eastern coast.

Commenting on the matter, Cesar Cerrudo, chief technology officer at IOActive, a cybersecurity consultancy, said, "I think 5G will be a more tempting target for nation-state actors than . . . hackers, as 5G will be a core communication technology for most countries,” 

Security experts recorded more than 500,000 attacks on smart devices in 2 hours


Avast experts conducted an experiment installing in Russia (in Moscow and Khabarovsk) and in other countries of the world more than 500 trap servers (Honeypots), posing as IoT devices, such as streaming devices, webcams or routers. With this, the experts wanted to prove how many potential attacks smart home devices face.

More than 500 traps were scanned by potential attackers 561,003 times in two hours, and five devices located in Russia were scanned 5,370 times in two hours. Honeypots traps were located in Russia, Mexico, France, Germany, South Korea, Australia, the United Kingdom, Australia, Japan, Spain, Ireland, Singapore, the United States, and India. According to the research, the three main countries from which the attacks came were the US, the Netherlands and Japan.

It is worth noting that Avast researchers chose typical connected devices with open ports to make attackers believe they were connecting to real routers, smart TVs, Webcams, or other smart devices.

The purpose of the trap was to calculate the activity of cyber criminals and study the methods of attackers who believe they attack real devices with real data. Avast traps were programmed with open ports such as TCP: 23 (telnet Protocol), TCP: 22 (ssh Protocol), TCP: 80 (HTTP Protocol), which are usually found in Internet-connected devices such as routers, security cameras and smart TVs.

According to Avast research, streaming devices are among the top 5 most vulnerable in the home, and two-thirds of routers in Russia have weak credentials or software vulnerabilities.

According to Michal Salat, Director of the Avast Threat Analysis Department, most people do not pay much intention to the vulnerabilities of home devices such as smart speakers, TVs or light bulbs, as they believe that they can not become a target of cybercriminals.

"For many people, it probably doesn't matter if their devices are used to attack other people, but they should know that hackers can also target them".

An attacker needs only one hacked device to take control of the entire home network. A vulnerable coffee maker can become the front door for a hacker to spy on households with a smart speaker and a security camera. In addition, connected devices may contain GPS data, so that an attacker will receive information about the exact location of the device.

Attack against Saudi Aramco Damages the World's Biggest Oil Producer



With the Saudi government and U.S. intelligence authorities accusing Iran, and Iran accusing the Yemeni rebels, the most recent attack against Saudi Aramco has damaged the world's biggest oil producer and deferred oil production, roiling oil and gas markets.

As of late, Iran has indeed deployed dangerous computer viruses against Saudi Arabia and these attacks have now marked a somewhat "real-world" continuation of this long-stewing cyber war between the two nations, by and by overflowed into other global powers.

Nicholas Hayden, the global head of threat intelligence for cyber intelligence company Anomali, who has served as a cyber-security operator in the electrical sector says that, “There hasn’t been a discernible increase in cyber-attack activity in the region yet but while nothing is standing out right now in the region, there’s a good chance that there are nation-state actors involved, ”

Iran has been notably known for increasing cyber-attacks when it clashes with nations, and that can likewise mean collateral damage in other companies  as well not simply Saudi-owned working together in the area.

“We’re certainly paying more attention than we normally would to that area. When stuff like this happens, we tend to put our ear a little bit closer to the ground.” Says Hayden.

Since, collateral damage is a common symptom of regional cyber conflict, organizations working in Saudi Arabia and beyond ought to likewise be alert for any changes that might hit the region.

The majority of the experts surveyed by CNBC conceded to one end solution, that in spite of the 'economic odds' stacked against them, Iran has turned out to be one of the world's most noteworthy cyber security powers.

John Hultquist, director of intelligence analysis for cyber security company FireEye, included later that, they’ve never been the most technically sophisticated. But they have made up in their brazenness, their willingness to destroy and disrupt. They have really separated themselves on this from others, as if they have nothing to lose.”

Regardless of all this Saudi Aramco yet again declined to comment for the issue when approached.

The Rise of the DDoS Attacks and the Abuse of the WS-Discovery Protocol


A new type of attack that feeds on vulnerabilities in the usage of the Web Services Dynamic Discovery protocol has been discovered recently by analysts from Akamai's DDoS mitigation service Prolexic.

The attackers here are said to have had used a moderately new strategy—one that can possibly yield more than 15,000 per cent rate of return for the junk data it heaves at a victim.

Since WS-Disclosure provides devices on a similar network a chance to communicate, and guides them all to ping one area or address with insights concerning themselves, attackers can control WS-Discovery by sending uniquely crafted pernicious protocol requests to vulnerable devices like CCTV cameras and DVRs, which is extremely simple for them to do as WS-Discovery is intended to be utilized internally on local access networks and Akamai gauges that approximately 800,000 gadgets exposed on the web can receive WS-Discovery commands.

“There's a huge pool of vulnerable devices sitting out there waiting to be abused” says Chad Sailor, senior specialist on Akamai's security insight reaction group.

"DDoS attacks abusing the WS-Discovery protocol have increased," says security researcher Troy Mursch.
 "The notable thing here is the amount of vulnerable hosts that can be abused and the large amplification factor that enables crippling attacks."

Video game platforms are the most well-known targets for DDoS attacks, during the beginning of September, for instance, Blizzard's hugely famous World of Warcraft Classic went down sporadically for a considerable length of time as a result of a DDoS attack.

"With gaming, they are one of our most frequently attacked industries," Akamai's Seaman says. "We have a handful of different gaming customers that we protect and we basically see the full gamut of all the different attack vectors and exploratory attacks through them. So it’s not surprising to see them being the first ones being targeted with a new vector."

In any case the dread about WS-Discovery DDoS attacks, however, is that the gaming industry won't be the last target as the researchers caution once more that the industries should be prepared for greater versions in the future.


Radio Pakistan Website hacked


The website of state broadcasters Radio Pakistan was hacked for a brief period of time on Sunday and was restored successfully. The hackers displayed the following message on the website

“Hello Admin, you are very secured. Appreciated your security. We got an eye on you. Expect us. Pakistan zindabad.”

According to the reports, the group of hackers who call themselves ‘Crash Rulers’ have accepted the ownership of the attack. The news of the hacking was released on twitter through the twitter handle name @TheCrashRulers.

The user behind the twitter handle which led to the attack has not been known yet. According to the tweets by the same twitter handle over the last three months, it claims to have attacked various government agency websites, business websites, some of them includes Public Procurement Regulatory Authority Pakistan, Pakistan Cricket Board, Bahauddin Zakariya University and Zoom Petroleum Pakistan among others.

Though the claims have not been authenticated yet.

'Malicious attack' takes Wikipedia offline in Germany


Wikipedia users in Germany couldn't find the answers they were looking for when they were met with an error message while attempting to visit the online encyclopedia on Friday.

The website fell victim to a "massive and widespread" denial-of-service (DDoS) attack that paralyzed the site on Friday evening across Germany and in other parts of Europe.

The website reappeared shortly before midnight before going offline again early Saturday.

In a DDoS attack, the attackers attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

Later Friday evening, Wikipedia tweeted that it was "continuing to work on restoring access."

Biding their time until the online encyclopedia was back online, social media users were quick to share their Wikipedia woes on Twitter using the hashtag #WikipediaDown.

Alert: #Wikipedia is now down across the #US and much of the world, following hours of intermittent disruption caused by a major #DDoS attack; incident ongoing #WikipediaDown : Tweeted NetBlocks.org.

Knew I should have given Wikipedia £2#WikipediaDown: Tweeted another user.

If you can’t read @Wikipedia, just read #WikipediaDown, in almost as many languages. #DDOS: read another tweet.

U.S. Cyber Military Forces Execute Retaliatory Cyber-attack Against Iran




In a retaliatory cyber-attack against Iran, U.S. cyber military forces cut down a database utilized by its Revolutionary Guard Corps to target ships in the Persian Gulf, just hours after 'the Islamic Republic shot down an American Drone'.

Right now, Iran still can't seem to recuperate the majority of the data lost in the attack and is attempting to re-establish military communication networks connected to the database.

As indicated by the Washington Post, the U.S President Donald Trump purportedly approved the U.S. Cyber Command's strike however the government has not openly recognized its occurrence.

A U.S. official who addressed the Washington Post additionally noted that the cyber-attack was intended to harm for Iran – however not to the degree that would further heighten pressures between the two sides.

Elissa Smith, a Pentagon spokesperson said in a statement, “As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence, or planning.”

In spite of the attack, the Islamic Republic has stayed rather active in the Strait of Hormuz, holding onto the English oil tanker Stena Impero in mid-July.

Recently discovered Fox News, it happened in June that Iran shut off a portion of its military radar sites around the time the U.S. was ready to dispatch retaliatory strikes, thusly it’s not clear if those radar sites were killed by cyber-attacks or if Iran shut them off intentionally fully expecting them.

In any case these strikes are not first major operations executed by the U.S. Cyber Command, as the organization a year ago had disrupted a Russian entity's endeavours to utilize Internet trolls to cultivate discontent among American voters during the 2018 midterm elections.


Texas Hit with a Series of Coordinated Ransomware Attack




Texas is currently hit with an 'unprecedented' of ransomware attacks that has significantly focused on local government entities in the state, with at least 23 impacted by the attacks.

The attacks which seem to have been led by a single threat actor are said to have of begun in the morning of August 16. It is additionally presumed that 23 may not be the final count considering that right now the details are at 'a minimum' with the Department of Information Resources (DIR), who is leading the investigation into the attacks.

The local Texas authorities, like the DIR, Texas Division of Emergency Management, and Texas Military Department are still investigating the origin of the attack, also involved are the federal agencies such as the Department of Homeland Security, Federal Bureau of Investigation – Cyber, and Federal Emergency Management Agency (FEMA).

In its original statement released on late Friday, DIR says that while investigations regarding the origins of the attack are continuous, their principle need is to aid the response and recuperation of 'affected entities'.

DIR is driving the reaction to what it calls a "coordinated ransomware attack" however does not unveil which organizations are affected. This is a result of security concerns involving the matter.

In an updated statement on Saturday, DIR said that the frameworks and systems of the State of Texas have not been influenced by this attack. Until more details rise, the strain of file-encrypting malware, which is said to be the one responsible for the attack as well as the perpetrator(s) ransom demand, still remains very unclear.