Search This Blog

Showing posts with label Cyber Crime. Show all posts

Cyber Attack Alert! A Fake Factory Network Attacked With RAT, Ransomware, Malware and So On!



Researchers simulated a real-looking “Industrial prototyping” organization with fake employees, PLCs, and websites to study the types of cyber-attacks that commonly on such networks.

The elaborately fake organization’s website and the network worked on a highly advanced interactive “honeypot” network that worked extensively on attracting the attention of potential hackers.

The plan was to create such a legitimate-looking network that no one could even doubt it's being phony and to accumulate serious information related to cyber-threats and attacks to study and analyze them.

Behind researching these threats and attack mechanisms the motive was to dig out the threats that the “Industrial control system” (ICS) sector faces today.

Per sources, the sham company specifically let some ports of its network be susceptible to attack and Voila! It got hit with the most cliché of attacks that any IT network faces, including, Ransomware, Malware, Remote Access Trojans (RAT), Crypto-jacking, Online fraud and the “botnet-style” malware which hit the network’s robotic workstation.

A couple of the attackers went as far as shutting the factory via the HMI, locking the screen and opening the “log view of the robot’s optical eye”.
While one of the few attackers of the more mischievous inclinations worked on tactics like circumventing the robotics system to shut the HMI application and ultimately powering down the entire system, the others started the company network back and shut the bogus conveyor belt and then shut the network back again.

Per sources, the fake factory network was constructed of real ICS hardware and an amalgamation of physical hosts and virtual devices, mainly a Siemens S7-1200 PLC, an Omron CP1L PLC and two Allen-Bradley Micrologix 1100 PLCs.

The researchers as bait also used the common exposed passwords on the internet for the network’s administrative security, which happens to be a very basic mistake in the ICS sector.

The PLCs were used to imitate real processes like controlling the burner, the conveyor belt and palletizer for piling pallets using robotic arms. The plant network had three VMs including an engineering workstation for programming, a robotics workstation and HMI for controlling the factory.

Allegedly, per reports, later on, the fake network also opened up Remote Desktop Protocol, EtherNet/IP, and Virtual Network Connection ports to lure in more attackers.

Another attack that the researchers found out which deeply exhausted the server’s capacity, was for crypto-currency mining unlike what they thought it to be.

Per reports, the network was also attacked with ransomware called “Crysis”, which kept the network down for around four days while negotiating which led to HMI being locked down and loss of visibility into the plant operations.

If only the network were real, this ransomware would have wreaked major havoc owing it to 4 entire days of no production. This clearly reflects the kind of jeopardy the ICS sector could face.

One of the researchers pretending to be a worker at the fake company emailed the attackers to return their files and also mentioned that how they were working for a very important client and wanted to immediately run the production back.

The ransom stopped at $6,000 in email-exchange which didn’t need to be paid given that they already had backups and therefore were able to re-construct their systems. Following this little incident, another ransomware which goes by the name of “Phobos” tried to binge on the network.

And then came the attacker with quite a sense of humor. With a data destruction attack disguised as ransomware, the attacker renamed the network’s ABB Robotics folder. And when they didn’t agree to pay the ransom the attacker wrote a script that made browsers to porn sites appear whenever the network was started.

Hence, pretty evidently, in addition to never letting VNCs open without passcodes and reusing passwords across different systems, the researchers say, that this fake “Network” had everything that must NOT be done to keep the ICS sector safe and secure.

Railway Protection Force (RPF) bust a multi-crore ticket fraud



Bengaluru: The Railway Protection Force busted a multi crore ticket booking fraud and apprehended two miscreants who hacked the railway booking website and used the ANMS Tatkal software to book tickets.



The ticketing racket seems to have been working all around the nation and the police as well as RPF are making all efforts to snub the fraud and catch all the agents involved in the fraudulent scheme.

The accused arrested by the police are Gulam Mustafa (26),  from Jharkhand, and Hanumantharaju M (37), from Peenya.

Akhilesh Kumar Tiwari, post commander RPF, South Western Railway told that Hanumantharaju was arrested last year and Mustafa on Jan 8th.

Upon questioning, Mustafa said to deccanherald that, "in 2017, he had created an Indian Railway Catering and Tourism Corporation (IRCTC) agent ID to book an e-ticket. He later joined hands with the other accused and hacked the booking portal through ANMS software and created 563 fake IDs and started booking e-tickets illegally."

He even rented out the hacked ANMS software, which led to the department incurring losses up to crores of rupees. He also had in his possession a Pakistan-based DARKNET software and Linux software to hack central government websites, bank accounts etc. He had gained access to government websites and banned websites.( by deccanherald) 


Hanumantharaju worked for Mustafa in selling the e-tickets illegally. The RPF couldn't file the report under IT act, so instead they filed the complaint with the city Police under IPC Section 419 (cheating by personation) and 420 (cheating).

The accused are still under RPF custody but will soon be moved to the city Police station,  Rajagopala Nagar Police Station.
The IRCTC mobile app can be download by anyone and used to book tickets online within two minutes, five tickets per month for personal usage. The accused made hundreds of IRCTC accounts to book several tickets.

52 Hackers get into the US Army system in the last 5 weeks


Last year, during October and November, 52 hackers were able to hack the US army. "It only strengthens our security systems as the hackers who hacked our systems did it on ethical principles, as the participants of second 'Hack the Army' event that is taking place since the year 2016," says the spokesperson of the US Department of Defense Defense Digital Service.



In today's world of cyber attacks and hacking, it is right to assume that inviting hackers to try and invade your system's security is not safe, not even for the US army. The hackers don't need a mere invite to hack into any organizations' cybersecurity. This statement raises a bit of doubt as lately, the US government warned users to update specific Virtual Private Network (VPN), or suffer from persistent cybersecurity attacks. Also, recently, the New York airport and New Orleans city suffered a cyberattack.

But still, there exists a plan in this obvious cyber insanity. 'Hack Army 2.0' was a mutual undertaking between the U.S. Army, a bug bounty program called 'HackerOne,' and the Defense Digital Service.

What is HackerOne?
In simple words, HackerOne is a platform where various exploits or vulnerabilities can be tested by hackers. This platform has allowed some of its best hackers to win millions of dollars. Surprisingly, one hacker was even able to hack the program itself. This reflects the caliber and potential of the hackers, who register in HackeOne.
Therefore, the whole reason for organizing 'Hack Army 2.0' is to find out any threats or vulnerabilities that might affect the security of the US army. This is crucial as it ensures the US army from other unethical hackers and national threats, for instance, Iran.

146 bugs detected, the Army pays $275,000-
The results after this drill revealed that a total number of 60 open US army assets were under the potential threat of hacking. The US army rewarded the hackers a total amount of $274,000 for their efforts. "The assistance of hackers can be helpful for the Army to increase its defense systems exceeding fundamental agreement lists to attain maximum security," said the spokesperson Alex Romero.

Cyber Security Incidents- the biggest risk to Businesses!

According to a survey of 2,718 executives from across 100 countries, cyber security incidents ranked as the biggest risk to businesses globally. 


The survey was participated by CEOs, risk managers, brokers and insurance experts and 39% of them said cyber risks were the biggest fear for a business. 

"Seven years ago, cyber ranked 15th on the business risk list, compiled by Allianz Global Corporate & Specialty (AGCS), with just 6% of respondents picking it."

Among cyber security issues, ransomwares got the most attention and seem to worry executives the most. They are increasing rapidly over the years and even after the encryption has been removed, businesses face extra cost (apart from the ransom cost)  in the form of expensive litigation from consumers or investors who have been affected by data breach.

Mergers and acquisitions can also lead to security threats, as acquiring a company with poor cyber security measures can be liable for your company as well. 

"Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands. Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions," says Marek Stanislawski, deputy global head of cyber at AGCS.

Business Interruptions drops to second behind cyber security concerns. Interruptions can be caused due to fire, explosion or natural catastrophes to digital supply chain failures or political violence. Changes in legislation and regulation comes third , with tariffs, sanctions, Brexit and protectionism. 

" Around 1,300 new trade barriers were implemented in 2019 alone, the report said."

Climate change ranked 7th biggest risk to business.

 "If a digital platform is unavailable due to a technical glitch or cyber event, the losses for multiple companies reliant on it could be in the hundreds of millions of dollars or higher if they cannot provide services or products," the report said.

Cyber attacks was among the top three risks in countries like Austria, Belgium, France, India, South Africa, South Korea, Spain, Sweden, Switzerland, the UK and the US. 

Another Chinese state-sponsored hacking groups discovered - would be the fourth one to be found


A group of cyber security analyst, Intrusion Truth have found their fourth Chinese state-sponsored hacking operation APT 40.
"APT groups in China have a common blueprint: contract hackers and specialists, front companies, and an intelligence officer," the Intrusion Truth team said. "We know that multiple areas of China each have their own APT."
APT stands for Advanced Persistent Threat and is used to describe government supported and sponsored hacking groups. 

Intrusion Truth has previously exposed three government supported APTs, APT3 (believed to operate out of the Guangdong province), APT10 (Tianjin province), and APT17 (Jinan province),  they have now doxed APT40, China's cyber apparatus in the state of Hainan, an island in the South China Sea.

In a blog post, they said they've discovered 13 companies that serve as a front for APT activists. These companies use offline details, overlapping contacts and no online presence except to recruit cyber experts. 

"Looking beyond the linked contact details though, some of the skills that these adverts are seeking are on the aggressive end of the spectrum," the Intrusion Truth team said.

"While the companies stress that they are committed to information security and cyber-defense, the technical job adverts that they have placed seek skills that would more likely be suitable for red teaming and conducting cyber-attacks," they further said. 

APT40 RECRUITMENT MANAGED BY A PROFESSOR

Intrusion Truth was able to link all these companies mentioned above to a single person, a professor in the Information Security Department at the Hainan University.

One of the 13 companies was even headquartered at the university's library. This professor was also a former member of China's military. 

"[Name redacted by ZDNet] appeared to manage a network security competition at the university and was reportedly seeking novel ways of cracking passwords, offering large amounts of money to those able to do so," the anonymous researchers said.Intrusion Truth are pretty credible and have a good track record, US authorities have investigated  two of their three APT expose. 

Ukrainian cyber police exposed a fraudulent scheme of financial auctions


Earlier EhackingNews reported that cyber police in the Kharkiv region exposed members of a criminal hacker group who purposefully carried out attacks on private organizations and individuals to illegally gain access to their remote servers. It is established that in this way they managed to hack more than 20 thousand servers around the world.

It turned out that in fact, the cyber police exposed a fraudulent scheme of financial auctions with a monthly turnover of $100 thousand.

According to cyber police, the attackers opened in Kiev several call centers to conduct trading on the world financial markets. They offered their victims to invest money, which in the future, according to them, can bring high profits. Otherwise, they promised to return the invested money.

Scammers created an imitation of trading, appropriating money for themselves. When the client tried to withdraw money, the attackers carried out a number of operations that led to the complete loss of money by the client.

All invested money was credited to the offshore accounts of the attackers. In the end, the income amounted to more than 100 thousand US dollars monthly. The attackers worked on the territory of Ukraine and the European Union. Cyber police identify all victims.

Law enforcement officers raided the offices of fraudsters and seized system units, servers, and mobile phones. During an inspection of this technique, it was found that the attackers also sold illegal drugs. Their sale was carried out in Ukraine and abroad via the Internet. Attackers face up to 12 years in prison and confiscation of property.

It is worth noting that fraud with Bank cards is gaining popularity in Ukraine. A fraudster who stole more than $42 thousand from his victims was detained last month. The man duplicated Bank cards of citizens. Imitating an ATM operation error, he used special manipulations to duplicate the card of the next user of the Bank.

Department Of Homeland Security Monitoring the Apparent Hack of a Government Website


The Federal Depository Library Program website, run by the Government Publishing Office recently fell victim to a hacking operation being referred to as "defacement" by a senior administration official.

The website makes federal government records and data accessible to the public, including an image that is speculated to have been the reason behind the hack. The website is offline and the Department of Homeland Security is now monitoring the whole situation.

Gary Somerset, the chief public relations officer for the US Government Publishing Office says, "An intrusion was detected on GPO's FDLP website, which has been taken down. GPO's other sites are fully operational. We are coordinating with the appropriate authorities to investigate further,"

Despite the fact that the authorities didn't comment on who could be behind the hack, the site on the fourth of January displayed a picture of President Donald Trump bleeding from his mouth with an Islamic Revolutionary Guard fist in his face.


The picture showed up alongside the claim that is a message from the Islamic Republic of Iran, and that the webpage was "Hacked by Iran Cyber Security Group Hackers." The text is in Arabic, Farsi, and English and passes on a message of support for "oppressed" people in the Middle East.

While Sara Sendek, a spokesperson for DHS's Cybersecurity and Infrastructure Security Agency further added, "We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners."

According to sources, the FBI is yet to comment on the matter.

Military Personnel and Veterans - faced the worst hit by scammers loosing 405 Million dollars since 2012



It's easy to trick anyone in a financial scam but hackers and scammers found their favorite victims in militants and veterans. According to a new report analyzed by the Federal Trade Commission (FTC) and Better Business Bureau, nearly one million militants and veterans in the US have been conned of 405 million dollars in different scams since 2012.



The Losses
The loss by Army personnel accounts for up to 142 million dollars, this loss by Army personnel records up to 64% of the total loss in scams since 2012. This was followed by a loss by the Navy, losing 62 million dollars. Meanwhile, loss by Airforce and Marine stands at $44,257,654 and $24,976,528 respectively. Veterans also suffered great losses, 60% of the total loss.

The worst-hit states

The state Virginia was the most impacted, with the highest number of reports recorded standing at a number of 70,047. Most of these were duped by a retailer who tricked army personnel and veterans into paying $5 for legal protection.

Some of the prominent scams

Bank and lender scams were the highest, with a loss of 111,709,530 dollars. The next one and among the most common scam that conned veterans were the fraudulent employment variety. Such scams were reported for over 270,000 since 2012. In these cases, scammers send emails to new veterans offering them jobs as civilians.

They claimed of having the job offer on popular boards like LinkedIn. After hiring, they asked the newly appointed individual to buy equipment from a website (operated by fraudsters). The veterans were assured that they will receive the amount for the equipment back but to no avail.
Other scams reported during the last seven years included identity theft, imposter scams, and advanced payment for credit services.

Email Server of Special Olympics of New York Hacked; Later Used To Launch a Phishing Campaign


A nonprofit organization committed towards competitive athletes with intellectual inabilities, The Special Olympics of New York as of late at the Christmas holidays had their email server hacked which was later utilized to dispatch a phishing campaign against past donors.

Promptly as the issue surfaced a notification was sent by the nonprofit to reveal the security episode to the people influenced, asking the donors to dismiss the last message received and clarifying that the hack just affected the "communications system" that stores just contact information and no financial information.

"As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies," email notification from Special Olympics New York told donors.


The phishing messages conveyed by the attackers were 'camouflaged' as an alert of an approaching donation transaction that would consequently debit $1, 942, 49 from the target's account within two hours.

Utilizing such a brief span outline enabled the phishers to initiate a 'sense of urgency' intended to make the Special Olympics NY donors click on one of the two installed hyperlinks, links that would, as far as anyone knows, divert them to a PDF rendition of the transaction statement.

The phishing email used a Constant Contact tracking URL that redirected to the attackers' landing page. This page has since been brought down, however, it was in all likelihood used to steal the donors' credit card subtleties.


"Please review and confirm that all is correct if you have any questions, please find my office ext number in the statement and call me back," the phishing emails said. "It is not a mistake, I verified all twice. Thank you, have a great weekend."

Shockingly so, this isn't the first, historically speaking, episode where such a ‘mishappening’ was recorded, as the Tokyo 2020 Summer Olympics staff additionally gave an admonition cautioning of a phishing campaign that conveyed emails intended to look like they had originated from the Tokyo Organizing Committee of the Olympic and Paralympic Games (Tokyo 2020).

And additionally said that the malignant emails probably diverted the beneficiaries to landing phishing sites or tainted the victim's PCs with malware whenever opened.

Seattle- based Wyze alleged of data breach: Unpaired all devices from Google Assistant and Alexa


Seattle-based smart home appliance maker Wyze, which is popular for selling its products cheaper than its competitors, has been accused of a data breach and trafficking the data to Alibaba Cloud servers in China.




In response to the alleged data breach against its production database, Wyze logged out its users out of their accounts and has strengthened security for its servers.
 "Customers endured a lengthy reauthentication process as the company responded to a series of reports claiming that the company stored sensitive information about people's security cameras, local networks, and email addresses in exposed databases.", stated Android Police.

Texas-based Twelve Security, a self-described "boutique" consulting firm, claimed of a data breach against Wyze's two Elasticsearch databases on Medium yesterday. The data has come from 2.4 million users from the United States, United Kingdom, the United Arab Emirates, Egypt, and parts of Malaysia.

The data included, email addresses, firmware versions, and names of every camera device in a household, time of devices' last activation, times of users' last login and logout, account login tokens for users' Android and iOS devices, camera access tokens for users' Alexa devices, Wi-Fi SSID, and internal subnet layout. Some users who also gave out more information, their info was also tracked, their height, weight, gender, bone health, and protein intake were also exposed.

Twelve Security also posted that Wyze was clearly dealing with and trafficking data through Alibaba Cloud servers in China. Video surveillance news blog IPVM along with Twelve Security could spot devices and accounts linked to their staff those reviewed Wyze products. They chose not to inform Wyze about this breach before going public because of the negligence of the company and probable link to Alibaba and previous security blunders.

Wyze in response to these allegations logged out the users from their accounts but posted in their community forum that it failed to verify a breach. Wyze also denied any relation with Alibaba.

But later it posted that the breach was caused by an employee and was a "mistake" and the affected customers can expect an email from the company and as a caution,n the company logged out all users and they'll have to log in again with two-factor authentication.

Cyber police in Ukraine caught hackers who hacked tens of thousands of servers around the world


Cyber police in the Kharkiv region exposed members of a criminal hacker group who purposefully carried out attacks on private organizations and individuals to illegally gain access to their remote servers. It is established that in this way they managed to hack more than 20 thousand servers around the world.

According to employees of the Department for Combating Cybercrime, the attackers sold the hacked accesses to customers. In addition, law enforcement identified all members of this group. So, it included three Ukrainian and one foreigner. All of them were well-known participants of hacker forums and carried out orders hacking remote servers located in the territory of Ukraine, Europe and the USA.

Cyber police found that the criminal group had been operating since 2014. Its participants carried out bruteforce attacks on private enterprises and individuals. They used for attacks specialized software that exploited vulnerabilities of Windows-based servers.

It is known that attackers sold some hacked servers to other hackers who used the acquired information for their own purposes, for example, they demanded money from a victim or threatened to debit money from bank cards.

They also used part of the servers for their own purposes: creating botnets for mining, DDoS attacks, installing software command centers for viruses like Stealer, turning them into tools for conducting brute-force attacks on new network nodes.

Cybercriminals received income from their illegal activities on e-wallets. Almost $80,000 was found in some accounts.

To coordinate the actions of all members of the international hacker group, communication between them took place through hidden messengers.

Cyber police together with investigators of the Kharkiv region police conducted searches of the places of residence of the persons involved in the international hacker group. Computer equipment, additional media, draft records, mobile phones and bank cards that were used to commit crimes were seized.

Russian hackers included in the US sanctions list may be associated with the criminal world


Russian hackers from the group Evil Corp, which the British intelligence services call the most dangerous in the world, can be associated with crime, in particular, with the thief in law Vyacheslav Ivankov, better known as Yaponchik ("the little Japanese").

On December 9, it became known that Maxim Yakubets, the alleged leader of the group, was married to Alena Benderskaya, who is the daughter of Eduard Bendersky, a veteran of the FSB special forces Vympel.

Journalists wrote that Benderskaya is the founder of companies associated with the security business of her father, as well as co-owner of two stores of the Italian brand Plein Sport. It's sportswear stores that Yakubets and his friends from Evil Corp liked to wear.

According to the database, the share in these stores belongs to Otari Sadov. Journalists call him "the son of an authoritative businessman Leni Assiriysky, the right hand and nephew of Yaponchik."
According to a source familiar with the details of the investigation, the hacker group was engaged in money laundering, including through real estate investments. He emphasized that Yakubets attracted a thief in law to Evil Corp.

Earlier it became known that one of the participants of the hacker group Evil Corp was Andrei Kovalsky, the son of Vladimir Strelchenko, the former mayor of the Moscow city of Khimki.

On December 5, the US government imposed sanctions against 17 Evil Corp hackers and companies associated with them. The US Treasury Department estimated the damage from their activities at $100 million.

The leader of the group Maxim Yakubets arrested in absentia. The US State department has announced a five-million-dollar reward for information leading to his arrest.

Zeppelin Is Back! Ransomware Stealing Data Via Remote Management Software


Hackers are employing remote management software to steal data and exploit networks only to install “Zeppelin” ransomware on compromised devices.

Reportedly, “ConnectWise” is the name of the software that fabricates agents that are installed on target computers. Once the agent kicks off, the device appears on the ConnectWise Control Site management software.

"ConnectWise" is a remote management software generally employed by MSPs and IP professionals to acquire access and render support to remote devices.

The ransomware Zeppelin was recently per reports spread via “ScreenConnect” which is a desktop control tool basically in charge of remotely executing commands on a user’s device and managing it.

The ScreenConnect client was installed on a compromised station leading to a massive real estate company’s network being jeopardized.

The client that is named, ScreenConnect.ClientService.exe would run in the background undetected waiting all the while for a “remote management connection”.

The software was then used to execute numerous commands that harvest data from back-up systems and install malware, Trojans capable of stealing data, other exploitation tools to make the network more vulnerable and finally the Zeppelin ransomware to infect machines.

The attack starts with the execution of the CMD script that readies the device for the ransomware installation. A “registry file” is installed which “configures the public encryption key”, which is then used by the ransomware to disable Windows defender by deactivating several security mechanisms.

Per reports, the hacker would execute a PowerShell command that downloads the Zeppelin ransomware in form of a file by the name of “oxfordnew.exe or oxford.exe on the C drive of Windows in the “Temp folder” section.

In most cases, such ransomware attacks are employed by firstly hacking the MSP and then configuring the remote management software to wreak havoc.

Instead, here, the hackers themselves deployed the ScreenConnect software only to have complete control over the situation and making as much trouble as possible.

Ransomware is being used at high rates where repeated incidents of stealing data are coming in light. The hackers use the stolen data as a weight to get people to pay in exchange for it.

Zeppelin, Maze, and REvil are leading names in the ransomware market.

ATM Attacks-Know how ATMs can be hacked under 20 minutes!!!



Want to know something interesting and alarming? A research report published last year revealed that most ATM's can be hacked in less than 20 minutes. And extensive research showed that 85% of ATMs allowed attackers access to the network and 58% had vulnerabilities in their programmes that could be used to control the machine from far of location.



This research concludes the extreme fragility of ATM machines and can be a huge threat as they not only hold huge amounts of cash but also user data and if the data entered by user like pin, phone number or card could be traced then it poses a grave security issue.

CloudSek, after this report scrounged the dark web to find the various ATM hacking strategies and counjoured up a list to make people more aware and stay safe from cyber crimes.

Method 1: ATM Malware Card

This is the most popular method out there. It includes an entire malware kit containing ATM Malware Card, PIN Descriptor, Trigger Card and an Instruction Guide.
Once the Malware Card is installed, all the user information is captured in the machine and then hackers using Trigger Card can dispense all the cash from the ATM.
The kit comes with step by step procedure clearly explained and Windows XP supportable.

Method 2: USB ATM Malware

This is also windows XP supported. It allows hackers to dispense cash from ATM via Malware-hosted USB .

Method 3 : ATM Hacking Appliances

According to CloudSek, "There are a number of ATM Skimmer Shops on the dark web that offer various ATM Hacking Appliances such as EMV Skimmer, GSM Receiver, ATM Skimmer, POS, Gas Pump, Deep Insert, etc. Many shops offer a package of these different devices together."
"These shops are available on the dark web and keep getting updated with newer devices including Terminals, Upgraded Antenna, custom-made ATM Skimmers, RFID Reader/Writer, and so on."

Method 4 : Prepaid Cards

Some sites on the dark web offer cards like Bank Fulls and physical cards that can be used for online transactions and as debit cards in ATM respectively.

Method 5: Tutorials and Case Studies

There are a range of tutorials and case studies on the dark web as to how to hack ATMs . To site one, there is a forum that gives detailed account on how to access these machines using Botnets.

Method 6: Ploutus-D 
This was used in a recent ATM hack, where it gained control of the machine, the cash dispenser, card reader, and pin pad. The source code of Ploutus-D is now being sold on the dark web.

In Conclusion

It's not easy to comprehend that a machine so extensively used in daily life could be so easy to hack and could be siphoning your money to hackers but ATM attacks are becoming quite common, a hard pill to swallow but it's the reality. 

Romanian cybercriminals sentenced to 20 years in prison for developing malware


Two Romanian citizens were sentenced to imprisonment for the development and operation of the Bayrob malware, which infected more than 400 thousand computers, and theft of confidential information.

Back in 2016, three members of the hacking group Bayrob were extradited to the US. Law enforcement officers told that citizens of Romania Bogdan Nicolesku aka Masterfraud, aka mf, Danet Tiberiu aka Amightysa, aka amy and dRadu Miclaus aka Minolta, aka min since 2007 engaged in fraud and development of malware, and then their business became a large botnet, which was also involved in cryptocurrency mining.

According to authorities, during the years of activity, the group stole more than four million dollars from its victims, but Symantec analysts, who helped law enforcement agencies to stop the group's activities, reported that in fact, the damage from the actions of Bayrob could be more than $35,000,000.

Bayrob malware was conceived as a tool to steal email addresses from the target computer and then send infected messages to users. Cybercriminals managed to infect and hack more than 400 thousand computers. The attackers registered more than 100 thousand email accounts to send 10 million letters to the collected addresses. The defendants also intercepted requests to Facebook, PayPal, eBay and other websites and redirected victims to similar domains in order to steal their data.

So, if in 2007 about 1000 cars were infected with Bayrob, by 2014 their number increased to 50,000, and by 2016 it exceeded 300,000 altogether.

All three suspects were charged in 2016, but the case came to court much later. At the end of last week, the website of the US Department of Justice reported that Nicolesku and Tiberiu were sentenced to 20 and 18 years in prison.

Cases of Net Banking and ATM Frauds Increase by 50% in New Delhi


Cases of illegal matters like Net Banking, ATM hackings, and fraud banking cards rose over 50% to pass more than 52,000 cases in the year 2018, with New Delhi being the banking scams metropolis estimating for approximately 27% of the recorded instances of "theft of money." The Indian Government, however, replies by saying the situation is not that bad as the amount of money stolen in such instances have dropped. Cases of theft related to Netanking, ATMs, and transactions have risen by 50%. But the amount of fraud money involved in these cases has fallen by 12%.


The capital New Delhi amounts for 3,164 complaints registered, top in the list of ATM frauds cities. However, the figures in the public sector ATM frauds are quite staggering. State Bank of India, which has more than 58,000 ATMs throughout the country, has been the victim of 1 out of 5 frauds happening to its ATM. SBI amounts to 25% of the ATM frauds that happened in 2018-19. Following SBI is IDBI Bank, which is second in the list of ATM frauds. According to IDBI's website, the bank has over 3700 ATMs in the country, and it reports 1800 cases of scam. IDBI amounts for 15 % of the ATM heists cases between 2017 and 19.

As of now, the Indian government has not revealed the causes that led to the fraud. The bankers, on the other hand, say that India has been falling prey to banking frauds day by day, at the time when the country is working to develop its infrastructure to protect itself. "The country is observing a large entrance of frauds from alien nations as the support system in Europe has been enhanced, causing more trouble for the fraudsters," says a banker.

Whereas, another banker says that hidden cameras are being planted over the ATM keyboards for spying the pin codes, and different hacking methods like viruses are being deployed by the hackers in the ATMs to steal all the money. The RBI has announced specific measures to control the situation but the banks are very slow in responding to the measures suggested.

Hackers steal money from cards through the Uber and VTB applications


A resident of Russia Anna Kozlova, resting in Spain, lost 14 thousand rubles ($220). The money was stolen from her VTB Bank card through the Bank's mobile app and Uber.

At first, the woman was charged 2 rubles from the card, it looked like a standard check of the solvency of Uber customer, especially since the money immediately returned to the account.

However, immediately after this, 2829 rubles were debited from the card. The app’s notification said it was Uber service fee that Anna hadn’t actually used since she was sleeping.
Then notifications, according to the tourist, began to come one after another. After 22 minutes, when she woke up, the girl blocked her card, but by that time the cost of four more trips that she had not made was debited from the card.

Unknown stole from Kozlova 14 118 rubles and did not stop trying to withdraw money from her account even after blocking the card. It is curious that all write-offs were allegedly made by the international service Uber, which in Russia was merged with Yandex.Taxi.

When Anna contacted the support team of this company, the staff could not give her information about the write-offs. The VTB support service clarified that the last write-offs were made from Moscow, and then Anna appealed to Uber Russia.

The Russian company Kozlova explained that if she did not use a taxi, it means that someone received the data of her Bankcard, including CCV code, and used it for payment.
Kaspersky Lab experts explained that fraud schemes through taxi services are no longer uncommon.

According to them, there are channels in the messengers where you can order a taxi at a great discount. The scheme looks something like this: the passenger sends a message to such a channel indicating the details of the trip, and the attacker calls a taxi using the stolen account.

After completing the trip, the driver receives money from the owner of the stolen account, and the passenger transfers the money directly to the attacker. In order to remain unnoticed for as long as possible, attackers can track the owner of a hacked account on social networks and organize such trips at night when it is likely that a person is sleeping, or during the victim’s travel abroad.

State of the Art Cyber-Security and Network Security a Top Priority for The Business Market



Reportedly, accepting the growing need for better cyber-security tactics and embracing a further developed regime for securing the businesses on the cyber front, European organizations are up for upgrading their network security.

With a high rise in the number of cyber-crime, mainly data breaches, and other infamous cyber-attacks it’s become the need of the hour to promote more initiatives regarding data safety.

By taking upon themselves the idea of spending more on modern security techniques and solutions, the European businesses are investing truly in lucrative methods of counteracting cyber-crime.

Along with getting into partnerships with their local governments, network security is one of the major focuses of the organizations with allegedly an expected compound annual growth rate of over 15% by 2025 in the field.

Protecting data integrity, guarding businesses against any virus or malware attacks, stabilizing the critical business networks and shielding against any unwanted intrusions are a few of the major missions.

Network management has indeed become difficult owing it to the technological advancements, multiplication in the variety of devices and intricate network structures and hence network monitoring tools have become imperative.


Long gone are the days of traditional solutions to not so traditional cyber-hazards and cyber-insecurities. Antiquated prevention systems are obviously failing at keeping cyber-crime at bay.

Reportedly, large amounts of random alerts are generated everyday but go unnoticed which leads to “classes of risky connected devices” going without proper monitoring, analyses and management.


Per sources, analysis of network security has got to be of paramount importance to any business that wishes to successfully and safely function in these imminently digital times.

Finding out what the actual threats are, reducing noise, realizing their motives and ultimately being ready for them when (if) they arrive at all is the smartest decision any organization could make.

The banking sector, per reports is one of the leading turfs to become cyber-active and cyber-ready. With all the e-commerce platforms and cyber-banking being a huge part of the digital game the investments are supposed face a gigantic hike in the coming years.

Cyber-attacks have several repercussions to them that they leave behind after wreaking the primary havoc. Financial damages, tarnished images, dissatisfaction between customers, clients and other stakeholders are at the top of the list.

With improved and upgraded cyber-awareness regimes and cyber-security solutions owing it to better analytics, all the enterprises from large to smaller ones shall definitely be more lucrative than ever.

The Kremlin opposed cross-border persecution of Russians in the United States


Dmitry Peskov, the Press Secretary for the President of Russia, commenting on the largest award in history appointed for Russian hacker Maxim Yakubets, said that Moscow opposes cross-border persecution of Russians by the American authorities. The State Department announced awards of $5 million for information that would help detain the Russian Maxim Yakubets. American authorities consider this citizen of the Russian Federation the leader of the hacker group Evil Corp.

"The Russian side has repeatedly offered cooperation [in the fight against cybercrime], and our proposals were undesirable and misunderstood," said the Kremlin representative.

According to Peskov, Moscow considers crimes in the cybersphere very serious, the people who committed them should bear the deserved punishment.

"We traditionally advocate for cooperation in the investigation of such crimes and the capture of criminals, but in this case, we can't speak about cooperation, this is not our fault," said the representative of the Kremlin.

On December 5, the US State Department announced its readiness to pay $5 million for information that will help detain the alleged leader of the hacker group Evil Corp (also known as the Dridex Gang) Maxim Yakubets. This award was the largest in history of all that has ever been nominated for the head of a cybercriminal. Earlier, another Russian Evgeny Bogachev was the “leader” in this indicator, for whom in 2015 a prize of $3 million was offered.

Us and UK authorities accuse Yakubets of leading a group of hackers who stole more than $100 million. According to the US Treasury, Evil Corp is responsible for the development and distribution of the malware Dridex, used to infect the computers of 300 banks and financial companies in more than 40 countries.

According to Washington, Yakubets also provided direct assistance to the Russian government. The US Treasury Department claims that Yakubets worked for the FSB of Russia in 2017, and in April 2018 was allegedly in the process of obtaining permission from the FSB to work with Russian secret documents.

Facebook Files a Lawsuit Against a Company for Running Malicious Ads?



Reportedly, Facebook filed a lawsuit against a “Chinese Company” that allegedly put user accounts at large only to put up suspicious ads on the platform.

The running and distribution of advertisements which were about “counterfeit goods” and “dietary pills” was the only purpose of compromising the accounts in question.

The aforementioned company, per reports, goes by the name of “ILikeAD Media International Company Ltd.” It is, according to sources represented by the authors of the malware scheme, namely, "Huang Toa" and "Chen Xiao Cong".

Purportedly, the aforementioned authors apparently employed two basic ploys to mask their actual aim.

Using images of celebrities, aka “celeb bait” to lure people into clicking on them is one of them and the other happens to be something called “Cloaking”.

Cloaking refers to the act of hiding something from the Facebook systems so that the real destination of a link and advertisement is concealed.

The ad after getting clicked on would lead the users to the genuine “landing page” whereas Facebook would be tricked into seeing a version that’s legitimate according to the policies and terms of the advertising policies.

Per Facebook, in most cases, Cloaking is foolproof as it hardly ever leaves tracks behind, making it pretty tough to realize the identity of actors. This majorly happens to be the reason why there are no specific rules about this.


Reportedly, another attack along the same lines was observed when fake PDF file editor was being pushed only to steal Amazon and Facebook session cookies. The malware at work, per reports, goes by the name of “Socelars”.

Along with session cookies, other data like access tokens, email addresses, credit card information, account IDs et cetera have allegedly constituted a part of the compromised data.

The cookies are later on used to link with several Facebook URLs where one among them accesses the “account_billing” directory.

The information allowing users to call a Facebook Graph API and extract data from the users’ Ads Manager settings is the major part of what’s inside the directory.

The malware which was being distributed via numerous websites was in actuality a new “Trojan” which had almost nothing in common with the other types.

There’s no knowing if the above-mentioned malware has anything to do with the organization that Facebook sued but it surely suits the description.

All the users who had fallen prey to the schemes pulled off by the cyber-cons were handsomely compensated for, along with getting their accounts secured and free of any unauthorized access.

Facebook is very well aware of the jeopardy its users almost got into and is all-in for taking precautionary measures to erase any chances of repetition.