The European Union's drug regulator has said that COVID-19 vaccine documents that were purloined from its servers in a cyberattack have been not only leaked on the web but "manipulated" by hackers.
The European Union's drug regulator has said that COVID-19 vaccine documents that were purloined from its servers in a cyberattack have been not only leaked on the web but "manipulated" by hackers.
Phishing emails impersonating well-known brands like Microsoft or PayPal need visual content to be successful. From brand logos to colorful pictures, images give a visual cue to the recipient that the email is innocuous and authentic. However, pictures add a visual component of authenticity to in any case fake emails: they likewise make the work of filtering emails a lot harder. Image spam has consistently been a very mainstream strategy for evading an email's textual content analysis, as there is no important content that can be separated from the text email parts.
FBI officers began checking the JetBrains company. So far, there are no specific accusations, but the special services are investigating whether the products of the above company could be used in the hacking of the American SolarWinds, which is considered the starting point of the global hacker attack.
JetBrains, founded in Prague in 2000, sells customers software that makes it much easier to create applications. For millions of developers, its tools are indispensable: the company now has more than 10 million users in more than 213 countries. In an interview with Forbes, the company's CEO, Maxim Shafirov, said that despite the pandemic, revenue has grown by 10% over the past year, and the company suggests that this year it can reach $400 million. According to a JetBrains representative, the company is worth more than $1 billion.
On Wednesday, The New York Times, Reuters and The Wall Street Journal reported that the investigation does not exclude the possibility of connecting JetBrains with one of the largest acts of cyberespionage in recent times. The publications contained hints that hackers could have hacked JetBrains or one of its products, the TeamCity testing, and code-sharing service, in order to then gain access to the systems of SolarWinds, which used this service.
As a result of the attack, hackers compromised one of the SolarWinds tools and used it to break into the networks of customers, including government departments and major US IT companies. Among the victims of the cyberattack were the US Department of Justice, which announced that 3% of its messages sent through Office 365 were compromised, as well as the US Department of Energy and Treasury, Microsoft, Cisco and other organizations. The US claims that the attacks are linked to Russia. The Kremlin denies any involvement.
It is noted that the reputation of JetBrains can be seriously damaged if it is proved that its employees are involved in compromising the software and its misuse.
DarkMarket, purportedly the world's biggest dark web marketplace, has been taken down by a Europol-coordinated international operation, as indicated by authorities. Europol upheld the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the nations.
Korea is a country where incidents of data breach have significantly risen in number, becoming the new normal. Due to this, Data Protection has become a subject of concern in Korea. Massive-scale data leakage incidents have caused the residents great trouble as their resident registration numbers are easily accessible on the internet. For instance, while using various online platforms for shopping a person provides the required information that is not regarded safe as small business owners pay little attention to the protection of the database while on the other hand big business owners at times lack efficient data control system.
Phishing emails are scams where the actors try to befool the user by sending emails that may concern the user. Generally, these emails are received in the name of a bank or some trusted company, that asks for your personal information. The entire process appears to be legitimate but it's designed to trick the user into extracting their personals information.
The Federal Court of the Southern District of New York sentenced Russian Andrey Tyurin to 12 years in prison for committing a number of cybercrimes. In addition, he was ordered to pay the United States 19 million dollars
The Russian Consulate General in New York is in contact with law enforcement agencies in the United States in the case of the Russian Andrei Tyurin, who was sentenced by the court to 12 years in prison for cybercrime, said the press secretary of the diplomatic mission Alexey Topolsky.
According to him, the conditions of detention of the Russian citizen were difficult in the context of the COVID-19 pandemic. Topolsky recalled that Tyurin contracted the coronavirus in an American prison.
"The Russian Consulate General in New York is monitoring the case of Andrei Tyurin and is in contact with US law enforcement agencies," said Topolsky.
In his last speech, Tyurin said that he sincerely repents for what he did.
According to the judge, Tyurin must reimburse the United States 19 million 214 thousand 956 dollars, this is the profit that he derived from his criminal activities.
By US standards, a 12-year sentence is not the harshest for such a crime, says international lawyer Timur Marchani.
"In the United States, for crimes related to cybersecurity, for crimes that entail hacking the banking system, some of the harshest penalties are provided. Here, the court took into account first of all the hacker's remorse and, most importantly, cooperation with the preliminary investigation authorities and then with the court," said Mr. Marchani.
Recall that the Russian was detained in Georgia at the request of the United States in December 2017. In September 2018, he was extradited to the United States. In September 2019, the Turin pleaded guilty to six counts of the indictment.
According to the investigation, Tyurin participated in a "global hacking campaign" against major financial institutions, brokerage firms, news agencies and other companies, including Fidelity Investments, E-Trade Financial and Dow Jones & Co.
Prosecutor Jeffrey Berman said that Tyurin ultimately collected client data from more than 80 million victims, "which is one of the largest thefts of American client data for one financial institution in history."
As per a report delivered by AT&T Alien Labs, various cyber criminals are utilizing Ezuri crypter to pack their malware and dodge antivirus detection. Although Windows malware has been known to deploy similar tactics, cybercriminals are currently utilizing Ezuri for penetrating Linux systems too. Written in Golang, Ezuri acts both as a crypter and loader for ELF (Linux) binaries. Utilizing AES, it encrypts the malware code and, on decoding, executes the noxious payload directly inside memory without producing any records on the disk.
This week, ESTsecurity Security Response Center (ESRC) gave an account of a North Korean hacking group altering a private stock investment messaging application to deliver malevolent code. The gathering known as Thallium delivered a Windows executable utilizing Nullsoft Scriptable Install System (NSIS), a famous script-driven installer authoring tool for Microsoft Windows. This North Korean hacking group Thallium, colloquially known as APT37 has targeted clients of a private stock investment courier service in a software supply chain attack, as indicated by a report distributed recently. Not long ago, the group essentially depended on phishing assaults, for example, using Microsoft Office records, to focus on its victims. Thallium is presently utilizing different ways, for instance, transporting infected Windows installers and macro-laden Office records to go after investors.
NameSouth is by all accounts the most recent casualty of the ransomware group that surfaced at some point in 2019. NetWalker's objectives range across different enterprises, with archives of purloined information from around a hundred exploited organizations openly posted on the gang's darknet site to date. NameSouth LLC, a provider of veritable, OE, and OEM trade car parts for German-brand vehicles is situated in Mooresville, North Carolina. Set up in 2004, the organization distributes replacement parts for vehicles fabricated by Audi, BMW, Mercedes, Porsche, Saab, Volkswagen, and Volvo across North America.
Technology is ameliorating at a great pace and here we are becoming the victims of our doings. In the current modern era, our reliance on technology is bound to skyrocket, however, various other factors need to be checked to ensure a durable sense of security and privacy. Several misconceptions and lack of knowledge among users are what allow hackers to make gigantic gains.
Not only a programmer but also just a specialist with a good knowledge of mathematics can become a hacker in Russia, said the head of Group-IB Ilya Sachkov. The entrepreneur believes that for such people money is a priority.
"This is a talented young man, whose task is to earn money and that's all. He is not always well-educated in the humanities, not someone who will cause you sympathy. The priority is money, expensive cars, expensive watches, holidays abroad," said Sachkov.
Ten years ago, the career of a hacker was chosen exclusively by students, mostly children from disadvantaged families. However, the situation has changed: this profession is now chosen by those who "live in very rich families, with normal relations between parents".
A typical Russian hacker "tries to play Don Corleone", communicates with former or current law enforcement officers, and also looks for political assistants who will explain to him that real Russian hackers steal money from foreigners because of the "war with America".
He noted that the creators of viruses are often people with special needs, autistic children who have fallen into an aggressive environment. At the same time, the opinion that Russian-speaking hacker groups are leading in the world is already outdated. Today, all of them are mixed by nationality, although in the 90s, it was people from the post-Soviet space who were among the first to engage in such things, who communicated among themselves in Russian.
Group-IB specializes in products that help protect against cyber attacks and fight online fraudsters. In particular, the company investigates cybercrimes and helps to monitor attacking hackers. The group cooperates with Europol and Interpol.
According to Positive Technologies, in 2020, cybercriminals have become increasingly interested in hacking sites: in seven out of ten cases, the purpose of an attack is to gain access to a resource, including for its further sale to another attacker.
The company's experts, to find out the most popular targets of hacking sites, examined more than 80 million messages on the ten most active forums in the shadow segment of the Internet, which provide services for hacking sites, buying and selling databases, and accessing web resources.
According to Positive Technologies analyst Yan Yurakov, since March 2020, interest in the topic of hacking sites has been identified. He also explained that this trend could lead to an increase in the number of companies represented on the Internet, which was provoked by the pandemic.
In seven out of ten requests related to hacking sites, the main goal is to gain access to a web resource. Attackers can not only steal confidential information but also sell access to a web application.
In another 21% of cases, the purpose of hacking a site is to extract and obtain databases of users or clients of the attacked resource. According to Positive Technologies, competitors and spammers who collect lists of addresses for targeted thematic mailing lists aimed at a specific audience are primarily interested in acquiring such information.
For about 4% of hackers, the main goal is not to hack the site itself, but to place malware on it. About 3% of customers are looking for a hacker to remove certain data from the site after hacking, and 2% sell ready-made programs and scripts for hacking.
Recently it became known that the list of pre-installed Russian software for smartphones, tablets, computers and Smart TV will include an application that combines sites with free access. Since April 1, the Ministry of Digital Industry has been conducting an experiment to provide residents of Russia with free access to 371 sites.
Police officers of the Chuvash Republic, with the assistance of BI.ZONE experts detained the organizers of a criminal group that stole money from customers of Russian banks using the FakeToken malicious software. The group operated for more than 5 years, the damage from its activities exceeds 20 million rubles ($272 200,00).
During a search at the addresses of one of the fraudsters, network devices, communication devices and computer equipment containing clear traces of the development and distribution of Trojan Banker.AndroidOS.FakeToken were found and seized. Also, employees of the Ministry of Internal Affairs found SIM cards of various telecom operators and electronic correspondence in Telegram, which confirms the involvement of the detainee in illegal activities.
According to BI.ZONE experts, the attackers used Trojan Banker.AndroidOS.FakeToken for stealing money from users of mobile devices based on the Android OS. The program infected devices, intercepted SMS messages from the Bank and transmitted them to the server of criminals, as well as collected Bank card data. The fraudsters used this information to transfer money from the victims' mobile and Bank accounts. "Over the past five months, the hacker group has gained access to more than 5,000 phones and data from at least 2,500 Bank cards," said experts.
"In February 2020, we recorded the activation of the FakeToken malware, which infected more than 2,000 victims every day. The group that manages this software is considered one of the most active in the Russian Federation, and we are glad that we were able to help stop the criminals," said Evgeny Voloshin, director of the BI.ZONE expert services unit.
It's important to note that the FakeToken Banking Trojan has been known since 2016. It is able to attack more than 2 thousand financial applications, its victims of steel of about 16 thousand users in 27 countries, including Russia, the Ukraine and Germany.
The Russian Embassy in the United States has already called the accusations against Moscow baseless. They recalled that Vladimir Putin offered to restore bilateral relations in the field of international information security, but Russia did not receive a response from the United States
According to Reuters and the Washington Post, Russian hackers broke into the systems of the US Department of the Treasury and the National Telecommunications and Information Administration, a division of the US Department of Commerce.
According to media reports, a group of hackers Cozy Bear, close to Russian intelligence, was involved in the attack. After breaking into the system, the hackers gained access to Microsoft Office and read the Ministry of Finance's e-mail for several months.
The New York Times has already called this hack the largest in the last five years. The data leak was confirmed only by the Department of Commerce. According to Reuters, a meeting of the national security Council was held at the White House on Saturday. The investigation is just beginning, the amount of data that hackers received is unknown.
"Unfortunately, publications in the press have ceased to be a reliable source of information for us. As for why these hacks continue or why they allow them to be hacked, it seems to me that this is an endless race of the security system. Among other things, this is a huge business," comments Yuri Rogulev, Director of the Franklin Roosevelt Foundation for the study of the United States.
"Again, there is no evidence that Russian hackers are involved", said Roman Romachev, General Director of the R-Techno intelligence technology agency.
According to him, everything is aimed at once again increasing tensions in the first place in cyberspace in relation to Russia. And in order for taxpayers to understand where their billions are going, the US authorities periodically whip up such hysteria against alleged Russian hackers.
The Russian Embassy in the United States has already called the accusations against Moscow baseless. They recalled that Vladimir Putin offered to restore bilateral relations in the field of international information security, but Russia did not receive a response from the United States.
According to the Kaspersky Fraud Prevention report, in 2020, attackers most often tried to make unauthorized money transfers by using a compromised account (in 36% of cases) or by infecting the device with malware (31%).
In 2019, malware attacks were the absolute leader, 63% of the total number was recorded. The share of incidents related to money laundering increased fourfold this year and amounted to 12%.
Hackers use complex and multi-stage money laundering schemes: they change accounts, companies, presentation, currency, and jurisdiction many times. In this regard, financial organizations need to build a cybersecurity system in such a way as to minimize the possibility of hacking, as well as to promptly monitor any illegitimate actions.
In e-commerce, the most common form of fraud is the abuse of welcome bonuses in loyalty programs. The scheme is quite simple: attackers massively register accounts in the marketplace, receive welcome bonus points, and buy products with a discount under the bonus program. For example, in one case, a fraudster bought diapers and candy and then sold the purchased goods at a profit on popular trading platforms. In the future, the created accounts were not used, their average life was 1-2 days.
"As before, one of the most common methods of fraud is the use of applications with remote access tools. Also, the attackers have mastered the scheme of spoofing numbers for incoming calls. Bank customers, unfortunately, are often deceived, because they are used to the fact that a real call from a financial institution can be made from different numbers. The Kaspersky Fraud Prevention platform, aimed specifically at banks and other financial institutions, allows tracking the activity of hackers by analyzing a variety of parameters, including user behavior, device parameters, and the presence of malicious or dangerous programs," said Ekaterina Danilova, Business Development Manager at Kaspersky Fraud Prevention.
Cyber attack prevention experts recorded a sharp increase in the number of cyber threats and outlined the main trends in computer crimes during the COVID-19.
The report was presented at the international forum of the Academy of Management of the Ministry of Internal Affairs of the Russian Federation "Strategic development of the system of the Ministry of Internal Affairs of Russia: state, trends, prospects".
The main conclusion of the study is the rapid growth of computer crime, primarily financial fraud using social engineering, as well as the exploitation of the COVID-19 theme in malicious mailings, switching operators of encryption viruses to large targets, as well as active recruitment of new participants to criminal communities.
According to the Ministry of Internal Affairs, one of the main trends of digital transformation is the development of remote methods of committing crimes, crimes have gone from offline to online. Almost 70% of registered crimes related to illegal arms trafficking in 2020 were committed using the Internet - remotely and anonymously. The same applies to the illegal sale of drugs, counterfeit money, securities and documents.
Throughout 2020, Group-IB recorded an increase in the number of financial scams using social engineering - vishing, phishing -the victims of which were mainly Bank customers.
At the same time, the fraud implementation schemes themselves have not actually changed. The main motive of cybercriminals is the same: stealing money or information that can be sold. Now it is popular to sell fake digital passes, send messages about fines for violation of quarantine, fake courier sites, fraudulent mailings on behalf of the Zoom video conferencing service.
This year has given birth to even more groups and partner programs, as well as new collaborations. So the operators of the QakBot banking Trojan joined Big Game Hunting, and recently the FIN7 group, which actively attacked banks and hotels, joined the REvil ransomware partner program. The size of the ransom has also increased significantly: cryptolocker operators often ask for several million dollars, and sometimes tens of millions.
The Russian Embassy in Washington denies US accusations against Russian citizens of hacking and destabilizing activities around the world
Russia has not been and is not engaged in carrying out cyberattacks in the world, said the Russian Embassy in Washington. The Department believes that the accusation of Russians in hacking is aimed at warming up Russophobic sentiments.
Earlier, the US Department of Justice and the FBI brought charges against six Russians of involvement in a series of hacker attacks and the spread of malware in order to attack the infrastructure of other countries. In particular, they are charged with spreading the NotPetya virus in 2017. It is alleged that these individuals are GRU employees.
The Russian Embassy said that Russia "has no intention of engaging in any destabilizing operations around the world", as this does not correspond to foreign policy and national interests.
"It is quite obvious that such information occasions have nothing to do with reality and are aimed only at warming up Russophobic sentiments in American society, at deploying a "witch hunt" and espionage,” said the Embassy. According to the document, the US authorities are destroying Russian-American relations and artificially imposing on the Americans "a toxic perception of Russia and everything connected with it."
According to the US Department of Justice, the damage to the United States from the actions of Russian hackers amounted to more than $1 billion. They attacked companies and hospitals in the United States, Ukraine's energy systems, the French presidential election, and the Winter Olympics in Pyeongchang. US Secretary of State Mike Pompeo said this shows Russia's disregard for public security and international stability in cyberspace.