Hacker ordered to pay back £922k

A hacker who carried out cyber attacks on more than 100 companies has been ordered to pay back £922,978.14 of cryptocurrency.

Grant West had been jailed for fraud after carrying out attacks on brands such as Sainsbury's, Uber and Argos.

A police investigation, codename "Operation Draba", uncovered West's activity on the dark web under the moniker of "Courvoisier".

The confiscation order was made during a hearing at Southwark Crown Court.

West, from Sheerness, Kent, used phishing email scams to obtain the financial data of tens of thousands of customers.

He would then sell this personal data in different market places on the dark web, convert the profit made from selling financial details online into cryptocurrency, and store these in multiple accounts.

West, of Ashcroft Caravan Park, was jailed in May at Southwark Crown Court for 10 years and eight months.

Detectives had discovered evidence of West conducting cyber attacks on the websites of 17 major firms.

Following West's arrest, approximately £1m in cryptocurrency was seized from a number of his accounts. Taking currency fluctuations into account the currency is today valued at £922, 978.14.

The cryptocurrency will now be sold and the victims will receive compensation.

As well as financial data, he also sold cannabis which he shipped to customers, and "how to" guides instructing others how to carry out cyber attacks.

West also regularly used stolen credit card details to pay for items for himself, including holidays, food, shopping and household goods. West admitted conspiracy to defraud, possession of criminal property, unauthorised modification of computer material and various drugs offences.

A Security Researcher Discovers A Fully Unprotected Server On An Aerospace Company’s Network




A security researcher for security firm IOActive, discovered a completely unprotected server on an aerospace company’s network, apparently loaded with code designed in a way to keep running on the company's giant 737 and 787 passenger jets, left openly available and accessible to any individual who found it.

After a year Ruben Santamarta, the security researcher guarantees that the said leaked code has led him to further discover security flaws in one of the 787 Dreamliner's segments, somewhere down in the plane's multi-tiered system. Which he recommends that for a hacker, abusing those bugs could 'represent' one stage in a multi­stage attack that begins in the plane's in-flight entertainment system and stretches out to the highly protected, safe-critical systems like flight controls and sensors.

Despite the fact that the aerospace company Boeing, straight out denies that such an attack is even conceivable, it even rejects Santamarta's claims of having found a potential way to pull it off. Despite the fact that Santamarta himself concedes that he doesn't the possess the right evidence to affirm his claims, yet he along with the various avionics cybersecurity researchers who have inspected and reviewed his discoveries argue that while an all-out cyberattack on a plane's most sensitive frameworks 'remains a long way' from a material threat, the flaws revealed in the 787's code regardless speak to a rather troubled lacking of attention regarding cybersecurity from Boeing.


We don't have a 787 to test, so we can't assess the impact, we’re not saying it’s doomsday, or that we can take a plane down. But we can say: This shouldn’t happen," says Santamarta at the Black Hat security conference on the 8th of August in Las Vegas.

When Boeing investigated IOActive's claims they reasoned that there doesn't exist any genuine danger of a cyberattack and issued an announcement with respect to the issue ,” IOActive’s scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system," the company's statement reads.

"IOActive reviewed only one part of the 787 network using rudimentary tools, and had no access to the larger system or working environments. IOActive chose to ignore our verified results and limitations in its research, and instead made provocative statements as if they had access to and analyzed the working system. While we appreciate responsible engagement from independent cybersecurity researchers, we’re disappointed in IOActive’s irresponsible presentation."

The company spokesperson even said that while investigating IOActive's claims, Boeing had even put an actual Boeing 787 in "flight mode" for testing, and after that had its security engineers attempt to misuse the vulnerabilities that Santamarta had uncovered.

Boeing says it likewise counselled with the  Federal Aviation Administration and the Department of Homeland Security about Santamarta's attack. While the DHS didn't react to a solicitation for input, a FAA spokesperson wrote in a statement that it's  "satisfied with the manufac­turer’s assessment of the issue."

However there are quite a few security researchers who accept that, in light of Santamarta's discoveries alone, a hacker could make any impending threat to an aircraft or its passengers, other than that Santamarta's research, in spite of Boeing's dissents and affirmations, as indicated by them ought to be a reminder to everybody that aircraft security is a long way from a 'solved area of cybersecurity research.'


Forensic services firm pays ransom after cyber-attack

The UK's biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.

Eurofins Scientific was infected with a ransomware computer virus a month ago, which led British police to suspend work with the global testing company.

At the time, the firm described the attack as "highly sophisticated".

BBC News has not been told how much money was involved in the ransom payment or when it was paid.

The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

The agency, which is investigating the attack, said: "As there is an ongoing criminal investigation, it would be inappropriate to comment."

Eurofins previously said the attack was "well-resourced" but three weeks later said its operations were "returning to normal".

Cyber-attack hits police forensic work

It said it would also not comment on whether a ransom had been paid or not.

It added it was "collaborating with law enforcement" in the UK and elsewhere.

The ransomware attack hit the company, which accounts for over half of forensic science provision in the UK, on the first weekend in June.

Ransomware is a computer virus that prevents users from accessing their system or personal files. Messages sent by the perpetrators demand a payment in order to unlock the frozen accounts.

Eurofins deals with over 70,000 criminal cases in the UK each year.

It carries out DNA testing, toxicology analysis, firearms testing and computer forensics for police forces across the UK.

Forensic science work has been carried out by private firms and police laboratories in England and Wales since the closure of the government's Forensic Science Service in 2012.

'Court hearings postponed'

An emergency police response to the cyber-attack was led by the National Police Chiefs' Council (NPCC) to manage the flow of forensic submissions so DNA and blood samples which needed urgent testing were sent to other suppliers.

Chinese Cyber-attack Hit Telegram Amidst Hong Kong Protests


Telegram a secure messaging app was as of late literally bombarded by a network of computers in China following the protests started by the Hong Kong government's plans to authorize another law.

On Tuesday night, as the protesters assembled close to the Legislative Building of Hong Kong, the authorities arrested the administrator of a Telegram talk group with approx. 20,000 individuals, despite the fact that he was absent at the protest site.

This law thusly enacted by the Hong Kong Government is said to enable individuals in the city to be 'extradited' to Mainland China, where the court framework is closed off from open scrutiny and firmly constrained by the Communist Party.

The uncommon estimates taken up by the Hong Kong authorities propose that the police have made their own way against the protesters, by constraining the digital communication.

Since the protesters were utilizing the present systems networking tools to summon their positions, share wellbeing tips and arrange reserves of nourishment and beverages, even as they find a way to shroud their characters. The experts reacted by tracking them where they plan their moves, recommending that they are taking cues to the manners in which China polices the internet.

Protesters and police offers like have yet brought along carried another 'technological savvy to the standoff.

Lokman Tsui, a professor at the School of Journalism and Mass Communication at the Chinese University of Hong Kong, shared his opinions with respect to the entire circumstance by saying that, We know the government is using all kinds of data and trails to charge people later on, this is why people are minimizing their footprints as much as possible, they are being much more conscious and savvy about it.”

The police used tear gas as protesters came closer to the Legislative Council building in Hong Kong on Wednesday. Protesters used the app Telegram to organize, but the police were watching.

Telegram said on its Twitter account that it had the option to settle its administrations not long after the attack started. It portrayed the overwhelming traffic as a DDoS attack, in which servers are invaded with solicitations from a planned system of PCs.

A significant number of these protesters seem, by all accounts, to be college-eyed and carefully adroit. They went to considerable lengths to keep from being captured or carefully followed. To go to and from the protesters, many remained in lines to purchase single-ride subway tickets as opposed to utilizing their digital payment cards, which can be followed. Some even standing up to the police, securing their faces with caps and covers, giving them anonymity just as some protection from the tear gas.

Beijing however is the one nation that has been accused in the past for attacks that silence political speech outside mainland China's borders.

“The bottom line is whether to trust Beijing,” said Dr. Tsui, the communications professor. “This is a government that routinely lies to its own citizens, that censors information, that doesn’t trust its own citizens. You can’t ask us to trust you if you don’t trust us.”

“These kids that are out there, all the young people, they’re smart,” he added. “They know not to trust Beijing.”

The event however presents no new challenge for Telegram, for as it has been utilized for boundless protests previously too — and has confronted numerous administration as well as government crackdowns. Some of the leading examples of nations who prohibited or obstructed its utilization include Russia, Moscow and Iran.


Victoria health systems vulnerable to cyber attacks: Report

An audit by the office of the Auditor-General found patient data stored in Victoria's public health system is highly vulnerable to cyber-attacks, and many health agencies have low risk awareness of the security flaws.

The audit exploited weaknesses in four audited agencies and accessed patient data to demonstrate the multitude of risks to the security of patient data and hospital services.

The report found deficiencies in how health services manage user access to digital records, including unused and terminated employee accounts still enabled, and failure to keep user access forms as proof that users have had their access approved.

The work also uncovered a lack of any formal, regular user access review to ensure only staff who need access have it—only one audited health service was found to provide mandatory cyber and data security training to all staff.

“Given that staff actions can undermine ICT and physical controls, it is vital that all staff—including clinical staff—can identify and manage the risks to patient data,” the audit reported.

The report stated that Victoria’s public health system is “highly vulnerable” to the kind of cyber attacks recently a Melbourne-based cardiology provider, which resulted in stolen or unusable patient data and disrupted hospital services.

The audited health services are not proactive enough, and do not take a whole-of-hospital approach to security that recognises that protecting patient data is not just a task for their IT staff,” the report concluded.

The Auditor-General Andrew Greaves examined Barwon Health (BH), the Royal Children’s Hospital (RCH), and the Royal Victorian Eye and Ear Hospital (RVEEH), and also examined how two areas of the Department of Health and Human Services (DHHS), the Digital Health branch and Health Technology Solutions (HTS), are supporting health services.

“This weak security culture among government staff is a significant and present risk that must be urgently addressed,” the report said. “At one site, we accessed discarded, sensitive information too easily.

Google’s security tools can shield from cyber-attacks

Google has long been asking users to enable its security tools for shielding all its services - from Gmail to Google Photos - from hacking attempts.

The search giant has been pretty vocal about the importance of these features, but now, instead of urging users, it has released hard stats revealing how useful these capabilities can really be.

Let's take a look.

Advantage

Adding phone number can fend off bot-based attacks.

Researchers from New York University and the University of California, San Diego partnered with Google to assess at the impact of its security tools in preventing hijack attempts.

The results, presented recently at The Web Conference, revealed that simply adding a recovery phone number to Google account helped block a 100% bot-based attacks, 99% of automated phishing attacks, and 66% of targeted attacks.

Protection

Two-factor authentication offers highest security.

Google has been saying this for years and the stats prove it - two-step verification is the securest offering right now.

The studies reveal that using phone number-based 2SV (SMS verification) blocked 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks.

Meanwhile, on-device prompts prevented 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.

Security key offers strongest shield.

Notably, among all two-step verification methods, using a physical security key proved to be the strong account shield. It blocked all kind of attacks with a 100% success rate.

Risk

Google also showed what happens when you don't use 2SV.

The same study also measured the effectiveness of default sign-in verification techniques, like last location signed-in or your secondary email.

These knowledge-based methods are used when the company detects a suspicious sign-in attempt, say from a new device/location, and you don't have a 2SV on.

The results showed these methods can block bot-based attacks but can fail miserably against phishing or targeted hijack.

Cyberattacks can even take human lives

Cyberattacks by nation-states will soon kill people, either deliberately or unintentionally, a senior security researcher told attendees at the RSA Conference this week.

The May 2017 WannaCry attacks by North Korea and the NotPetya attacks by the Russian military in June 2017 shut down hospitals, disrupted shipping and cost hundreds of millions of dollars in losses — much of it in the form of collateral damage.

It is inevitable, she said during her RSA presentation yesterday (March 5), that future nation-state attacks on such scale will cause loss of life.

"I rarely get to stand up in front of groups and tell them that the news is getting better," Joyce told the crowd. "But if you have purely destructive malware backed by a nation-state, then where does that leave us?"

NotPetya, which targeted tax-collection software that every business in Ukraine was obliged to run, masqueraded as ransomware, Joyce explained. But it was impossible to decrypt the affected data even if a ransom was paid. The goal of NotPetya was purely destructive, and the destruction streamed outward from Ukraine to infect companies and other institutions in 65 other countries.
Part of the collateral damage was at U.S. hospitals, Joyce said, where some patients could not be immediately treated as a result.

"A friend of mine who was suffering from throat cancer was turned away and told to come back next week," Joyce said.

"If you have purely destructive malware backed by a nation-state, then where does that leave us?"
—Sandra Joyce, FireEye senior vice president


Had anyone died as a result of NotPetya, that would have been an unintended consequence of a specific attack on Ukraine's economy. But nation-state malware already exists that is designed to deliberately kill people, according to Joyce.

Hackers Now Utilizing SS7 Attacks to Steal Money from Bank Accounts


As indicated by yet another research cyber hackers have now shifted their attention towards taping the phone network by means of the misuse of the SS7 protocol in order to steal money from the bank accounts directly by intercepting the messages.

Since the protocol is utilized by Internet service providers and telecom company to control the telephone calls and instant text messages across the world, the SS7 attacks performed by the said cyber criminals uses a current 'structure blemish' i.e. a flaw in it and exploits it accordingly so as to perform different perilous attacks, that are very much similar to the acts of data theft, eavesdropping, text interception and location tracking.

UK's Metro Bank has already fallen victim to this attack. In view of the affirmation given by the National Cyber Security Center (NCSC), the 'defensive' arm of the UK's signals intelligence agency GCHQ, SS7 attacks are consistently utilized by cybercriminals to intercept the messages in order to steal the code that is additionally utilized for bank transactions.

NCSC said that “We are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA).”

Due to this two factor authentication, by having a SS7 network access the cybercriminals can intercept the messages even after they gain access to the internet banking login credentials by the means of phishing attacks and then initiate the verification code through text message. Later they can without much of a stretch block it through SS7 attack and use it to finish their transaction procedure.

 “Something that members of the general public don’t necessarily have to worry about. An SS7 attack is unlikely to be effective if the bank uses a form of 2FA that doesn’t rely on text messages, such as an authenticator app.”

When approached some of the notable Telecom Service Providers to get to know their thoughts regarding this matter of concern, Vodafone says “We have specific security measures in place to protect our customers against SS7 vulnerabilities that have been deployed over the last few years, and we have no evidence to suggest that Vodafone customers have been affected.”

Likewise they express that, they are working with GSMA, banks and security specialists so as to alleviate and further protect their clients.


Attention Binge-Watchers! A New Netflix Scam Is On the Loose






Netflix users, become the target of yet another cyber-attack, this time as a phishing scam email requesting for the users to update their billing information so as to unlock their accounts.

The email scam says that the user account has been briefly suspended because of a few issues in the "automatic verification process" in this way, to unlock their accounts, the users would need to update their billing information i.e. the details of their payment method and credit/debit cards.

Since the user will have to login to their respective Netflix accounts they will be in danger of having their 'identity' stolen and their bank account will be at risk of being cleared.

This kind of scam isn't new though, particularly for huge brands, such as Netflix.

"Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information," a Netflix spokesperson said.

The email security service responsible for detecting the Netflix phishing email and releasing an announcement advising users to be alert was MailGuard ,which is known to detect and block the "criminal intent" messages.

Despite the fact that Netflix utilizes various proactive measures to distinguish such fake exercises, a spokesperson from the 'streaming giant'  told media and the users who need to figure out how to guard their Netflix personal data from scams to visit netflix.com/security or contact customer service directly when situations similar to these arise.

What's more, in the event that if the user has already entered their details on the phishing page, he prompted them to change passwords for the account being referred to, be it Netflix or some other service.

Furthermore, on the off chance that they've entered the payment information, then immediately contact their bank to block their cards and along these lines prevent any exchanges.


Most Common Types of Cyberattacks as Seen Today





As cyber-attacks are on a continuous rise they have resulted in being one of the major threats to the world. Since 2008 there has never been much concern given about the imminent threat of cyber-attacks but the steady and rapid evolution of time and technology has changed it. It is a major wake up call to the various existing companies and organisation to secure themselves as well as their customers to not fall victim to such attacks.

Therefore in order to comprehend different ways through which an attacker might resort to for hacking into an organisation, here’s an overview of some of the most common types of attacks seen today:
  • MALWARE

Alluding to the different types of harmful software, for example, viruses and ransomware. Once the malware enters the computer system it is more than capable of causing quite havoc. From taking control of the PC to observing your activities, to quietly sending a wide range of classified information from your PC or system to the attacker's home base.

Attackers will utilize a miscellany of techniques to get the malware into your PC; however at some stage it regularly requires the user to make a move to install the malware. This can incorporate clicking a link to download a document, or opening an attachment that may look safe but in reality it has a malware installer hidden inside.
  •   PHISHING

At the point when an attacker needs the user to install the malware or unveil any sensitive data, they frequently resort to phishing attacks, an attacker may send you an email that will appear to be rather legitimate, it will contain an attachment to open or a link to click. When you do so it'll thereby install malware in your computer. There is likewise a probability that the link will connect you to a website that appears quite legitimate and requests you to sign in, in order to access a critical document—with the exception of the website actually being a trap used to capture your credentials when you attempt to sign in.
  •  CROSS-SITE SCRIPTING

When the attacker specifically focuses on a specific site's users it settles on Cross-Site Scripting attack. The attack includes infusing malignant code into a site; however for this situation the site itself isn't being attacked. Rather, the pernicious code the assailant has infused just keeps running in the user's program when they visit the infected site, and it pursues the user directly and not the site.

Cross-webpage scripting attacks can altogether harm a website's notoriety by setting the users' data in danger without any sign that anything pernicious even happened. Any sensitive data a user sends to the website, for example, their qualifications, credit card information, or other private information—can be captured by means of cross-site scripting without the site owners acknowledging there was even an issue in the first place.

  • CREDENTIAL REUSE

When it comes to credentials, variety is always essential. Users today however have so many logins and passwords to remember from that it's very tempting to reuse some of them to make life somewhat less demanding. Now despite the fact that it is suggested that you have interesting passwords for every one of your applications and sites, numerous individuals still reuse their passwords which unfortunately is a fact that attackers heavily rely upon. Once these attackers have a compilation of these usernames and passwords from an already breached site, they then utilize these same credentials on different sites where there's a shot they'll have the chance to sign in.

This nonetheless, is only a small selection of some very common attack types and methods as likewise with the advancement in time and innovation, new techniques will be developed by attackers. The users however are advised to be aware of such attacks and fundamentally try at enhancing their available security.


Hackers try to attack German parliament Bundestag


The officials of Bundestag, lower house of German parliament, on May 15 confirmed that its IT system has been attacked by hackers.  

Ernst Hebeker, spokesperson at the Bundestag, said in Berlin, that the hackers targeted on the IT systems of the parliament.

He added that the experts, associated with Bundestag administration and the government office for Information Technology Security (BSI) are working to fend off the hackers.

According to Spiegel Online, the IT specialists from the parliament noticed several days ago that someone was trying to gain access to the Bundestag’s internal network in a serious attack.

However, there is no information about, whether any computers containing sensitive information were penetrated or not.

MPs and their assistants from several parties, who were already warned about the attack on Friday morning, were told that the network would be shut down in the afternoon (May 15).

The Bundestag’s computers were temporarily switched off, including systems containing information on the inquiry into spying by the U.S. National Security Agency (NSA) in Germany.

Earlier in January, the Bundestag and Chancellery were attacked from hackers which resulting both institutions paralysed for several hours.

According to the officials, a pro-Russian hacker group in Ukraine claimed responsibility.

Cyberattack on Premera puts 11 million users at risk

Cyberattack on Premera has potentially exposed sensitive financial and medical records of roughly 11 million of its users.

The sophisticated cyberattack has affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions, Inc. and members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska. Even individuals who conduct business with Premera have been affected.

Premera, a leading health insurance company stores information like member or applicant’s name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information.

The attack on its IT systems was discovered on January 29, 2015, but the initial attack had occurred long back on May 5, 2014. The company kept the information under wraps in order to safeguard its users against aggravated attack from the hackers. 

Premera is working closely with Mandiant, one of the world’s leading firms in cybersecurity to investigate the case and to remove the infection caused by the attack on the systems. The Federal Bureau of Investigation who has been notified are also investigating the case.

The attack has left the attackers with a goldmine of information. Initial investigations have revealed that no data has been removed from the system or been put to inappropriate use till now. 

Premera President and CEO, Jeff Roe has issued a statement saying that the company is committed towards protection of the information of its users and as a part of the commitment, Premera will be providing two years of free credit monitoring and identity theft protection services through Experion to the affected individuals, starting March 17, 2015.

They will be contacting people only by letter and no emails or phone calls would be made asking for information. The company has warned individuals against unsolicited phone calls seeking information.

In addition Premera has also established a dedicated call center for enquiries on the matter. For users of Premera , who feel they have been affected but have not received a letter form the company by April 20, 2015 are urged to call the company at 1-800-768-5817.

Biggest Cyber attack in India's history, 10k Indian government emails hacked


Indian Government have suffered one of the biggest cyber attack in the country's history. Hackers managed to compromise more than 10,000 email address of top government officials.The attack occurred on July 12 this year.

The cybercriminals managed to steal email IDs belong to official working at the Prime Minister's office, Defence, external affairs, finance ministries and Intelligence agencies.

The attack occurred on July 12 this year, four days after the government was warned by the National Critical Information Infrastructure Protection Centre (NCIIPC).

According to Indian Express, News of the attack was confirmed by officials of intelligence and enforcement agencies at a day-long NCIIPC meeting in New Delhi this week.