Forensic services firm pays ransom after cyber-attack

The UK's biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.

Eurofins Scientific was infected with a ransomware computer virus a month ago, which led British police to suspend work with the global testing company.

At the time, the firm described the attack as "highly sophisticated".

BBC News has not been told how much money was involved in the ransom payment or when it was paid.

The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

The agency, which is investigating the attack, said: "As there is an ongoing criminal investigation, it would be inappropriate to comment."

Eurofins previously said the attack was "well-resourced" but three weeks later said its operations were "returning to normal".

Cyber-attack hits police forensic work

It said it would also not comment on whether a ransom had been paid or not.

It added it was "collaborating with law enforcement" in the UK and elsewhere.

The ransomware attack hit the company, which accounts for over half of forensic science provision in the UK, on the first weekend in June.

Ransomware is a computer virus that prevents users from accessing their system or personal files. Messages sent by the perpetrators demand a payment in order to unlock the frozen accounts.

Eurofins deals with over 70,000 criminal cases in the UK each year.

It carries out DNA testing, toxicology analysis, firearms testing and computer forensics for police forces across the UK.

Forensic science work has been carried out by private firms and police laboratories in England and Wales since the closure of the government's Forensic Science Service in 2012.

'Court hearings postponed'

An emergency police response to the cyber-attack was led by the National Police Chiefs' Council (NPCC) to manage the flow of forensic submissions so DNA and blood samples which needed urgent testing were sent to other suppliers.

Fake Businesses On Google Maps; WSJ Outs The List!




Per Wall Street Journal’s latest report, Google Maps is brimming with scam campaigns imitating to be genuine businesses enterprises.


As of now there has been a listing approximately of 11 Million fake businesses on Google Maps and reportedly new numbers and addresses get added every month.

Motives behind Fake Listings
·       Creating fake profiles for competitors
·       Listing wrong phone numbers and addresses for rivals
·       Impersonating legitimate businesses to lure customers in
There have been several cases in one of which a woman was swindled off by a fake company contractor by doing a terrible job and charging twice.


The identified fake listings were in turn taken down by Google in addition to adding better safeguards for the “high-risk” categories in its business listings.

Allegedly, contractors and repair services are the most common fake business up there as customers hardly take any time to dig deep into their profiles.

Last year Google had to take down over 3 million fake business accounts and disable over 150,000 profiles which were used to make them.

Over 85% of the eradicated were flagged by Google’s internal systems and over 250,000 fake accounts were reported by the consumers.

Google very well understands how important it is for the users and how deep the need runs to make it as safe as possible because people will always try to create obstructions and hence it’s committed to it.

Creating a listing on Google Maps is sort of easy. Businesses could verify their listings’ address and phone number via SMS, a phone call or even their listed location.

Google My Business is currently home to around 150 million business enterprises probably owing to the ease of joining.


Big Bug Bounty Hunts by Cyber Giants Fetch Ethical Hackers Millions!





As a part of being more aware and secure in terms of cyber-crime and to stay clear off any possible hazards that may or may not come their way, organizations have started paying up millions to those people who find bugs in their systems.


Recently, a concerned cyber-space user received a message that allegedly said, “Hey, we’ve got some money for you. Do you want it?”

This message had come from Yahoo in response to a bug that the person had sent to the organization. As of now this bug-sending business has paid up a profit of $1.5m.

Yahoo like many companies pays up to people who find bugs and loopholes for them that could be potentially exploited by hackers or cyber-cons.

These ethical hackers sign-up with organizations like Bug Crowd, Synack, Hacker One etc. who conduct bug bounty programs on behalf of other organizations.

 To participate in this, a person need not even have a profound knowledge of coding and other technical skills cited the aforementioned user.

However, he had always been a part of the security industry where he learned deeply about the protocols regarding the swapping of data.

Nevertheless, there is a substantially enormous difference between the way professionals work on cyber issues and the way beginners do.




It’s been long since people actually felt inclined towards working in the cyber security industry even if they weren’t getting paid much.

Earlier and even now to some remote extent there exists an underlying need for more professionally oriented skillful hands in the cyber-security industry.

Many countries have government funded educational schemes for school kids to help them have a sense of the cyber-security.

With 25,000 school children as their intake UK’s scheme, Cyber Discovery had a fabulous first year. It’s an initiative to let kids know that the daily work of pros is fun.

Participants get points when they complete each section and the top performers get to attend residential courses that help them get better.

The big bug bounty hunts could be a great way to attract the attention of young minds and help them get a taste of what defeating bad guys feels like.

Anyone who wished to enter in the big bug bounties should contemplate the fact that it requires a lot more than sheer luck to work as an actual cyber-security guy.

“Also, companies should have their own set of defenses set against the cyber cons rather than letting the bounty hunters know what the inner situation is.”, said a source.

Nonetheless, it should always be more about being a concerned citizen, trying to solve problems, and make a better and safe cyber-world.


Your Profile Up For Sale Somewhere On The Dreadful Dark Web For Rs. 140/day?





After hacking feats, cyber cons have stooped to selling hacked profiles on the dreadful dark web for a minimal cost of Rs. 140/day.


What’s even more unsettling is the fact that organizations, market researchers and people looking for business related data could also be behind this profile marketing.

The corner of the “dreadful dark web” where these profiles are available is not accessible via regular browsers.

By way of tools like “Tor” which is an open source software that aids anonymous communication and access to a whole new world of stolen passwords, data and profiles.

According to researchers, other than cyber attackers the people tracking the consumer behavior are after free access to video streaming sites that have already been paid for by the victim.

It’s super disconcerting the way rival companies are buying profiles to get "Intel" on their competitors consumer base, sensitive data and even tracking key executives.

These hacking goons are working in groups where one sells encrypted data and the other quite conveniently decrypts all for dear money.

Then there’s a third group which stores a list of the decrypted passwords into a central server which provides data sets from these breaches.

WARNING! If you happen to use a single password or even passwords that are a teensy bit different for more than one log in sites and multiple websites you are in serious trouble.

Reportedly, the hackers have collected over 8000 databases from small websites singly. It’s only up to the imagination what kind would have been from major sites.

On the dark sites, the data is being sold in packages ranging from a minimal Rs.140 ($2) to a staggering Rs.4900 ($70).

Payment methods of Crypto-currencies like Bitcoin, Litecoin, Dash, Ripple, Zcash and Ethereum are all available to the users’ comfort.

If several passwords are bought from the website a profile could be fabricated within minutes, because quite foolishly users have the same passwords for multiple sites.

This makes the user’s behaviour extremely predictable and it becomes easy for the buyers to track the victim’s activities all over the internet.

The people who spend more time on the internet are more susceptible to such hazards because they are easier to track.

A normal user’s passwords are available for as little as a rupee but then the hot shot public figures like politicians’ or actors’ passwords’ cost ranges from Rs.500- Rs.2500/password.

QUICK TIP!
·       Try not to use common, mainstream passwords that are only easily hack-able and guess-able.

·       Especially after a company experiences a breach or a hacking feat they should make their security stronger.

·       The systems should be made more accountable than ever.

No company has faced any adversities as of yet due to this profile marketing freak-show.






Legitimate Apps That Could Be Exploited To Bypass The Windows Defender: Microsoft’s List



Microsoft recently, published a conspicuous list of application that are legitimate and yet could be exploited by hackers to bypass the Windows defender.


These hackers try to slide into the organizations’ networks and infect them via bypassing the security imparted by the defender.

The hackers usually make use of off-the-land attack tactics where they use the victim’s operating system features or authentic network administration tools to compromise the networks.

The major motive of this project was to comprehend the binaries that were being misused by the attacker.

·       LOLBins- Living Off The Land Binaries
·       LOLScripts- Living Off The Land Scripts
·       LOLLibs- Living Off The Land Libraries
·       GTFOBins- Unix Platform Binaries

The only point of fusing the legitimate app is to stay undetected in order to bypass the security measures of the network.

The LOTL tools are just a way to be as stealthy as possible as be as malignant as possible without even being easily caught.

The following applications are in the list that Microsoft published and recommend to do away with if not in use:
·       addinprocess.exe
·       addinprocess32.exe
·       addinutil.exe
·       bash.exe
·       bginfo.exe[1]
·       cdb.exe
·       csi.exe
·       dbghost.exe
·       dbgsvc.exe
·       dnx.exe
·       fsi.exe
·       fsiAnyCpu.exe
·       kd.exe
·       ntkd.exe
·       lxssmanager.dll
·       msbuild.exe[2]
·       mshta.exe
·       ntsd.exe
·       rcsi.exe
·       system.management.automation.dll
·       windbg.exe
·       wmic.exe

Along with the published list Microsoft has also highly recommended the users to download latest security updates.

In addition it has also provided the “deny file rules” for all apps.

Lateral movement and defense evasion happen to be the mostly used ways to exploit the authentic applications.


Is making hacking unprofitable the key to cyber-security?

Billions are being lost to cyber-crime each year, and the problem seems to be getting worse. So could we ever create unhackable computers beyond the reach of criminals and spies? Israeli researchers are coming up with some interesting solutions.

The key to stopping the hackers, explains Neatsun Ziv, vice president of cyber-security products at Tel Aviv-based Check Point Security Technologies, is to make hacking unprofitable.

"We're currently tracking 150 hacking groups a week, and they're making $100,000 a week each," he tells the BBC.

"If we raise the bar, they lose money. They don't want to lose money."

This means making it difficult enough for hackers to break in that they choose easier targets.

And this has been the main principle governing the cyber-security industry ever since it was invented - surrounding businesses with enough armour plating to make it too time-consuming for hackers to drill through. The rhinoceros approach, you might call it.

But some think the industry needs to be less rhinoceros and more chameleon, camouflaging itself against attack.

"We need to bring prevention back into the game," says Yuval Danieli, vice president of customer services at Israeli cyber-security firm Morphisec.

"Most of the world is busy with detection and remediation - threat hunting - instead of preventing the cyber-attack before it occurs."

Morphisec - born out of research done at Ben-Gurion University - has developed what it calls "moving target security". It's a way of scrambling the names, locations and references of each file and software application in a computer's memory to make it harder for malware to get its teeth stuck in to your system.

The mutation occurs each time the computer is turned on so the system is never configured the same way twice. The firm's tech is used to protect the London Stock Exchange and Japanese industrial robotics firm Yaskawa, as well as bank and hotel chains.

USA: Leading Servers Of Greenville Were Shutdown Owing It To A Ransomware Attack!



In the state of South Carolina, a city by the name of Greenville was attacked by a ransomware which blacked-out majority its servers.


The source of the ransomware and the infection is being conjectured upon by the help of the city staff and IT professionals.

As a basic ransomware works the organizations affected were asked for money. The IT team is working on getting the operation back online

The only servers that were separate and went unaffected were of the Greenville Utilities Commission and that of the emergency for and police department.

The infection first surfaced on the server of the Greenville Police Department. The IT division was immediately contacted and as result the servers were shutdown.

The shutdown hasn’t affected many of the operations and functions, just that the way things go about needed some adjusting.

Thanks to people not being too dependent on computers not much has been affected in the city except for people willing to do payments would need to do so in cash.

After CIRA’s free parking accident and the shutdown of Norsk Hydro, it’s evident that ransomware is an emerging hazard to cyber-security.