Search This Blog

Showing posts with label Cybersecurity. Show all posts

6 Simple Tricks to Prevent your Smartphone from Hackers


If hackers trespass into your smartphones, they can send fake emails, fake alerts using your camera, and even control user activity. According to Denise DeRosa, founder of Cyber Sensible, if even a minute thing in your smartphone is not secured, it makes the device vulnerable to cyber attackers.

The basic problem is that your smartphones are connected to the central hub, where all the data is managed and regulated. If this is ever exposed, your complete digital information is at risk. Regrettably, your smartphone is not safe from all these potential threats, and it is frightening.


But there's no need to worry, follow these six simple steps to ensure the safety of your smartphone.


1. Create a secure password by using a set of random arrangements from different dictionaries. Hackers have always used algorithms to predict the patterns of your password. Experts recommend having at least a 12 character password with capital letters and unique characters. In this way, hackers can never predict your password.

2. Avoid using the same password for different platforms. 
The hacker can have access to all your accounts if you keep the same passwords. For instance, if you visit a malicious website and supply your login credentials, the hacker can steal it.

3. Update every smart device connected to your smartphone. 
It can be an android tv, Alexa, or other smart devices. Use a password manager to keep track of all your passwords. Password managers are helping to keep all your passwords in one place, especially if you have various accounts, which is hard to remember. 

4. Avoid giving privacy permissions to unnecessary apps. 
Every app asks for access permission to user data, gallery, mic, location, and camera. But they don't need all the agreements. 

5. Always use 2 step verification, wherever possible. 
It gives an additional layer of security as the user would then require both the passwords and verification through text, mail or smartphone. 

6. Inform people having access to your account to follow these security measures too. 
Google recommends to set up a family account where the user doesn't need to share his password with other members.

Russian Security Services Track Down Colossal Credit Card Fraud Ring


Russian Security Services (RSB) has tracked down and charged an international credit card fraud ring arresting 25 accused. The carding kingpin is suspected to be linked with dozens of carding shops and with some of the most significant data breaches plaguing the Western World. FSB, the Russian Federal System, issued a statement this week stating they arrested 25 individuals accused of circulating illegal means of payment tied with around 90 websites that sold stolen credit cards. Though the FSB did not release a list of names, a blog LiveJournal by cybersecurity blogger Andrey Sporov leaked the details of the raid and exposed that the infamous hacker Alexey Stroganov, who goes by the hacker names "Flint" and "Flint24" was also among the arrested.


According to Intel 471, a cyber intelligence firm Stroganov is with some of the major cyber threats since 2001. Stroganov and his associate Gerasim Silivanon (a.k.a. "Gaborik ") were also sentenced to six years of imprisonment in Russia in 2006 but were out in two years. "Our continuous monitoring of underground activity revealed despite the conviction, Flint24 never left the cybercrime scene," reads an analysis by Intel 471. "You can draw your conclusions [about why he was released early]," Sporaw wrote, hinting at the use of unfair means to get out of jail early. Flint is one of the big players of the stolen credit card market, working as a wholesaler of credit card data with cyber crooks who bought these cards from him in bulk - 100,000 pieces at once.

Various cyber forums say that Stroganov and his guys were caught because they broke "the golden rule" of hackers from Soviet countries- never target your country people or bank. Flint's "Trust Your Client" These carding sites had a standard scheme they supported to earn trust and loyalty from those who bought these stolen cards. This system allowed their customers to get instant refunds on bad cards without proving that the tickets were canceled by the bank before they could be used. So, these sites installed money-back insurance called "checkers," which can be used by their customers to check the cards (accessible only for a few minutes of buying the tickets) by giving extra money, few cents per card. But slowly, it was claimed that these checkers gave inaccurate results to benefit the card shops.

So, Flint and his gang came up with a policy "Trust your client," through which if the customer claimed that the card was fraudulent, they would get a refund no question asked but only within six hours of buying the ticket. But they probably had their checkers too for checking bad cards.

Why Hackers are Taking Advantage of COVID-19?


Cybersecurity threats have seen a massive upsurge since the outbreak of the COVID-19 pandemic that forced a majority of people to work from home which now is leading to attacks on remote workforces. Amid the anxiety it created, hackers have devised multiple ways to take advantage of the coronavirus and continued to exploit the fear amongst people in a number of ways, one being the distribution malware in the facade of Covid-19 or Corona related emails.

The threat posed by the Coronavirus has been seen to be scaling beyond human health, job losses and the collapsing global economy as it also set the stage for hackers to scam people for monetary and other gains. The urgency revolving around the novel biological virus robbed tech vendors and corporate systems of their ability to effectively tackle the risks. Scammers are well aware of the overwhelmed state of cybersecurity groups that led to a dramatic rise in phishing attempts and cyberattacks. Notably, hackers are exploiting the Covid-19 charged environment in various ways such as malicious infiltration of organizations, voice phishing, WhatsApp phishing, email phishing, social media, fake apps, and websites. As per the warnings given by WHO, criminals are also acting as WHO officials in order to scam people for financial gains or sensitive data.

Problems Arising with Security Operation Centers (SOC)? 

Security Operation Center is a centralized function set up across a company's IT infrastructure. The objective of the security operation team here is to detect and then respond to cybersecurity risks in order to safeguard important assets such as business systems, employee data, and intellectual property. Upon detecting a confirm threat, the SOC immediately isolates endpoints in an attempt to terminate harmful actions such as execution or deletion. It does do while ensuring no disruption is faced by the business continuity or lessening the impact to the best of its ability.

However, as the process of strengthening an organization's security requires sophisticated infrastructure (SIEM system), coordinated efforts and continuous monitoring by people and technology-with limited staff and people made to work from home, it has become difficult to prevent, detect, analyze and respond to cybersecurity incidents.

The SOC relies upon cybersecurity tools whose operations require complete understanding and expertise making the overall workflow complex, therefore the prevention and security can not take place whilst being at home.

Adverse Impact on IT Sector

IT sector is the lifeline of almost every global economy, it plays a vital role in the functioning of nearly every other major sector including human resources, manufacturing, finance, security, and health care. It's a well-known fact how heavily IT organizations rely on manpower to function, however, due to the lockdowns, quarantine periods and stringent curbs in the movement of people, many businesses are being shut down as the global supply chains of manufacturing are being heavily disrupted. IT professionals are not able to deliver on the projects, as a result of which production dropped by a significant margin and is expected to drop even further.

The coronavirus situation worsens with the security vendors not being paid timely and as a result of halted work, gates are being left unmanned providing potential hackers with an opening. Companies are advised to stay prepared for security breaches and individuals should consider sticking to strong passwords and keeping their systems updated as the number of scams is expected to rise amid the tremendous uncertainty of the crisis.

Amid COVID-19 Pandemic and Scams, FTC Alarms Public


Amid the coronavirus epidemic and panic among the public, FTC (Federal Trade Commission) has urged the public to stay aware of the hackers that might try to attack their devices during these vulnerable times. FTC has generated a list of hacking tricks and strategies that the hackers use to attack susceptible users amid the coronavirus epidemic. Cybersecurity has become FTC's primary concern on its 2nd alert notification about various ways the hackers are using to launch cyberattacks for their profits because of the coronavirus outbreak.


According to cybersecurity experts, in one of the latest incidents, hackers are sending users fake emails claiming that they have the necessary supplies of groceries or that they have the cures for coronavirus. In another widespread episode, hackers sent users fake WHO advisory about the 'safety tips to follow to prevent yourself from COVID-19.' According to FTI's caution, if the users download information using the given links or open any websites via these phishing emails, malware gets installed in the systems. The hackers can steal critical personal information and also control the target's access. "Last month, we alerted you to Coronavirus scams we saw at the time. Earlier this month, we sent warning letters to seven sellers of scam Coronavirus treatments. So far, all of the companies have made significant changes to their advertising to remove unsupported claims. But scammers don't take a break," says FTC on its website.

But all of this is just a needle in the haystack. The hackers are also targeting victims via false claims of refund and relief organizations by asking the users donations. "Other scammers have used real information to infect computers with malware. For example, malicious websites used the real Johns Hopkins University interactive dashboard of Coronavirus infections and deaths to spread password-stealing malware," said FTC.

How to stay safe?
Follow these simple steps to prevent yourself from frauds and scams: 

  • Keep your smartphones and computers updated. 
  • Use 2 step verification for all your accounts and back up your data. 
  • Research online before making donations, don't trust frauds claiming to be any health organization. Avoid wired transactions. 
  • Avoid calls by scammers and hang up immediately. 
  • Don't forward and share unverified information, even if it comes from trusted individuals.

Is WhatsApp the new Coronavirus of Facebook?


The health officials and government authorities are trying their best to inform the public about the safety precautions amid the Coronavirus epidemic. But these health initiatives taken by the government and medical experts are constantly being threatened by one of the largest social media messaging platform. These messaging platforms are steadily spreading misinformation and fake remedies about the Coronavirus. Facebook-owned messaging platform WhatsApp has received harsh criticisms over its handling of the Coronavirus situation because of the spreading of fake news and misinformation using WhatsApp about the Coronavirus epidemic, which has caused more than 8000 death and affected more than 2,00,000 people across the globe.


WhatsApp users send messages that most of the time are inaccurate and lack any legitimacy, say the medical experts. The problem has now become so troublesome that global health organizations and world leaders have asked people to stop forwarding and sharing unverified claims about Coronavirus and its cures using WhatsApp. Irish president Leo Varadkar on twitter asked the people to avoid sharing unverified news in WhatsApp groups. According to him, the WhatsApp messages are frightening and ambiguous. People should only trust official information from health and government sectors, he says.

The misinformation shared on WhatsApp mostly comes from forwarded messages by a friend of a friend or supposedly a doctor. Not all messages are incorrect, for instance, washing your hand to stay safe. One of the most circulated false claims on WhatsApp is 'drinking warm water every 15 minutes will prevent you from Coronavirus.' Because WhatsApp messages have end-to-end encryption, health officials and the government can't trace the source of misinformation. Even WhatsApp can't trace the source of messages.

"It is clear ... that a lot of false information continues to appear in the public sphere. In particular, we need to understand better the risks related to communication on end-to-end encryption services," said Vice President Věra Jourová, Europen Commission, on Tuesday. He also surveys the alliance's work to stop misinformation. "There are over a dozen [local fact checkers] so far, and we want more to be able to do their important work so rumors are identified and countered," said Will Cathcart, the head of WhatsApp, on Wednesday in a tweet.

Hackers take advantage of Coronavirus panic, launch Cyberattacks


The whole world is in high alert with coronavirus COVID-19, as being declared a pandemic and every government is making a tremendous effort to get the virus under control and protect its citizens. The virus already has everyone in a panic with the loss of life, tumbling economy and the global shutdown but one group is seemingly using this chaos and panic to its advantage. As the virus makes headlines daily, people heed to every information they can get to beat COVID-19, and hackers are using this to their gain. Several cybersecurity firms have reported cases and attacks in various forms by hackers using COVID-19 to lure their victims into spreading malware and falling into other traps. People are staying indoors and working from home and increasingly using the internet which presents as a sweet cake for hackers.


Here is how hackers are exploiting the global panic from the virus

Phishing Mails and Malwares
FireEye a cybersecurity company, has learned about cybersecurity threats coming from China, North Korea, and Russia. Chinese hacking group attacks East Asia, the North Korean groups are targeting South Korean Non-governmental Organizations and Russian groups are attacking parts of Ukraine. These use phishing emails and spams to spread malware but they are not just limited to malware, some mails are business mails to fish out money from the receiver.

Stealing Personal Information
A Chinese group named Vicious Panda by the security firms has tricked people into sharing sensitive personal information using a document from Mongolian Health Ministry. Other hackers are using maps and dashboards for stealing personal information reports Reason Labs. The most common one is the abuse of the dashboard created by John Hopkins University. People rely on these to track the spread of the virus and know the infected number.

Fake Apps, Websites Imposters, and Misinformation 
Among other methods are - Fake Apps to track the spread of coronavirus and the infected patient, where they went, where not to go, virus hotspots. These apps are filled with malware and could be asking you to pay money. Then there are the Fake websites, where the actors imposter global organizations like the World Health Organization. Some social media campaigns and accounts are also responsible for sharing misinformation about the virus that it's a conspiracy of rival countries.

The crux is, as long as COVID-19 remains a threat, hackers will continue to take its advantage, so we need to be diligent and smart while surfing the net to avoid being scammed. A few steps like only trusting variable sources for information on the virus life

  • Use a trustable source of information on the virus. 
  • Not installing apps from unverified sources. 
  • Don't pay anything to any website or application, only trust government sources. 
  • Don't open spam emails or any attachment if it's not known.

Microsoft shuts down World's Largest Botnet Army


According to Microsoft, the company was part of a team that took down the global network of zombie bots. Necurs is one of the largest botnets globally and is also responsible for attacking more than 9 million computers. It is infamous for multiple criminal cyberattacks that include sending phishing emails like fake pharmaceuticals e-mail and stealing personal user data. The hackers use Botnets for taking over remote access of internet-connected systems to install malware and dangerous software. The hackers then use the installed malicious software to steal personal user data like user activity on the computer, send spams and fake e-mails, modify or delete user information without the knowledge of the owner.


The taking down of the Necurs happened after 8 years of consistent hard work and patience along with co-ordinated planning with 35 counties across the world, says Tom Burt, VP of customer security and trust, Microsoft. According to Tom, now that the botnet network is down, hackers will no longer be able to execute cyberattacks with the help of the botnet network.

About Botnet

Botnets are systems of the web-connected computers that run on self-automated commands. Hackers use this network of systems to send malware (malicious software) that allows them remote access to a computer. If the malware is installed or starts affecting the computer, hackers steal personal user information or use the infected device as a host to launch more cyberattacks by sending spams and malware. When the device is infected through malware, it's called Zombie.

Origin of Botnet Network

The news of the 1st Necurs attack appeared in 2012. According to experts, Necurs is said to have affected more than 9 million computers. Necurs used domain generation algorithms to grow its network. It turned arbitrary domain names into websites and used them to send spams or malware to the attacked computers. Fortunately, Microsoft and the team deciphered the algorithm pattern and predicted the next domain name that Necurs would have used to launch another cyberattack, and prevented the attack from happening.

Signs your computer might be affected

  • Systems run slow and programs load slowly 
  • Computer crashes frequently 
  • Suspicious filling up of storage 
  • Your account sends spam emails to your contacts

Hackers Attack Amazon Web Services Server


A group of sophisticated hackers slammed Amazon Web Services (AWS) servers. The hackers established a rootkit that let them manually command the servers and directed sensitive stolen corporate date to its home servers C2 (command and control). The attackers breached a variety of Windows and Linux OS within the AWS data center. A recent report published by Sophos (from Britain) last week has raised doubts and suspicions among the cybersecurity industry.


According to Sophos reports, the hackers were able to avoid Amazon Web Services SG (security groups) easily. Security Groups are supposed to work as a security check to ensure that no malicious actor ever breaches the EC2 instance (it is a virtual server used by AWS to run the application). The anonymous victim of this attack had already set up a perfectly tuned SG. But due to the rootkit installed in AWS servers, the hackers obtained remote access meanwhile the Linux OS was still looking for inbound connections, and that is when Sophos intervened. Sophos said that the victim could have been anyone, not just the AWS.

The problem was not with AWS, this piggybacking method could have breached any firewall, if not all. According to cybersecurity experts' conclusion, the hackers are likely to be state-sponsored. The incident is named as "Cloud Snooper." A cybersecurity expert even termed it as a beautiful piece of work (from a technical POV). These things happen all the time, it only came to notice because it happened with a fancy organization, he says. There are still unanswered questions about the hack, but the most important one that how the hackers were able to manage this attack is cleared.

About the attack 

“An analysis of this system revealed the presence of a rootkit that granted the malware’s operators the ability to remotely control the server through the AWS SGs. But this rootkit’s capabilities are not limited to doing this in the Amazon cloud: It also could be used to communicate with, and remotely control, malware on any server behind any boundary firewall, even an on-premises server. By unwinding other elements of this attack, we further identified other Linux hosts, infected with the same or a similar rootkit," said Sophos.

A vulnerability that Allows Hackers to Hijack Facebook Accounts


A cybersecurity expert recently found a vulnerability in FB's "login with the Facebook feature." According to the expert, the vulnerability allows hackers to steal "Access Token," and the hacker can also hijack the victim's FB account. FB uses "OAuth 2.0" as a verification process that helps exchange FB tokens and also gives 3rd parties access permission. To know more about OAuth 2.0, the readers can find information on the internet.

The vulnerability exists in the "Login with Facebook" option that eventually lets hackers make a phony website which they used for exchanging Access Tokens for other applications that include Spotify, Netflix, Instagram, Tinder, Oculus, etc besides the hijacked FB profiles. Once the hacker succeeded in hijacking the targeted FB accounts using the Access Tokens, he had access to personal data that includes private messages, photos, videos, and also the account setup credentials.


According to Amol Baikar, an Indian cybersecurity expert who found this vulnerability in the first place, the FB flaw allows hackers to exploit user accounts that include Tinder, FB, Oculus, Spotify, Instagram, Netflix, etc. Meanwhile, along with this account hijack, the hacker can also get 3rd party access to the mentioned apps via "Login with Facebook option." Facebook first received this vulnerability in December 2019 and immediately issued a security fix. Along with this, the company Facebook also announced a $55,000 bounty upon finding the person responsible through the Bug Bounty Program. This is said to be the biggest bounty ever issued for a client suite hack vulnerability founded on Facebook.

Cybersecurity organization GBHackers have made the following observations regarding Facebook vulnerability: 

  1. All Fb apps and 3rd party apps login credentials (Access Token) could be exposed within a few seconds, at the same time. 
  2. The vulnerability allows the hacker to take over the Facebook account of the user. Moreover, the hacker can read, write, edit, and delete your data. 
  3. The hacker also has the option to modify your privacy settings in the FB account. 
  4. If a user visits the malicious website set up by the hackers, he/she can lose their 1st party Access Tokens. 
  5. The stolen 1st party Access Tokens never lapse. 
  6. The attacker has control over the hijacked Facebook account even after the user changes the login credentials.

Hackers Exploit Vulnerabilities in Pulse VPN and Android Devices to Launch Heavy Cyberattack


The vulnerability named CVE-2019-1150 has affected Pulse VPN's network and is regarded as highly 'severe.' Whereas vulnerability named CVE-2019-2215 targets unpatched android smartphones. As we all know, in the world of cybersecurity, it becomes highly unsafe when the hackers target unpatched devices and systems as they can have terrible consequences. Recently, it has become a trend among hackers to target unpatched Android smartphones. Attackers were also found exploiting the flaws in Pulse Secure VPN in an attempt to compromise the cybersecurity of various organizations and individuals.


The flaw in Pulse Secure VPN

According to Kevin Beaumont, who is a Uk based cybersecurity expert, the assertion that 'Revil' is big-time ransomware and at least 2 companies are affected after the hackers exploited the vulnerability in Pulse Secure's VPN flaw. Many hackers are now exploiting this flaw to launch ransomware attacks. As per the latest information, the organization that is said to be affected by this cyber attack is a currency exchange and travel insurance company 'Travelex.' According to cybersecurity experts, the attack was launched using the Revil ransomware. The consequences of this cyberattack compelled Travelex to shut down all of its online mode of operations.
As a result, the company shut down its system offline and had to manually operate its nationwide branches.

The vulnerability known as CVE-2019-1150 is regarded as highly 'hazardous' by the cybersecurity experts. CVE-2019-1150, an uncertain read data vulnerability attacks different versions of Pulse Secure VPN named Pulse Connect Secure and Pulse Policy Secure. The vulnerability allows hackers access to Https and connects the hackers to the company's network without the hackers having to enter login credentials such as id and password. By exploiting this vulnerability, hackers can view confidential files, download files, and launch various malicious codes to disrupt the company's entire network. Pulse Secure VPN had released a security patch last year in April, and the users are requested to update to the latest security patch.

The flaw in Android Devices

Hacking group 'SideWinder APT' exploited vulnerabilities via 3 apps in the Google play store named as Camera, FileCrypt, and CallCam. “These apps may be attributed to SideWinder as the C&C servers it uses are suspected to be part of SideWinder’s infrastructure. Also, a URL linking to one of the apps’ Google Play pages is found on one of the C&C servers,” says Trend Micro cybersecurity experts.

Hackers launch DDoS Attacks to Target Australian Banks


Hackers threatening banks in Monero to pay large amounts of money, and if the demands are not met, hackers have blackmailed to launch DDoS attacks against the banks. Since last week, bank corporations and different organizations in the financial sector in Australia have become the target of DDoS extortion campaigns.

A hackers group is blackmailing the victims to pay heavy amounts as a ransom. The attackers threaten to conduct a DDoS (Distributed Denial of Service) attack unless they are paid with XMR cryptocurrency in Monero. A security threat has been sent out by ACSC (Australian Cyber Security Centre) to inform the public about the attack. According to ACSC, none of the hackers have launched any attacks, nor has there been any news of DDoS attacks. The current evidence serves as proof of this claim.


DDoS Campaign Began in 2019 

The Global Ransom Denial of Service (DDoS), a campaign that started in October 2019, is responsible for launching the attacks on Australian financial organizations. According to ZDNet, earlier ransom efforts targeted financial companies and the banking sector. But over time, these attacks expanded and reached out to other industries. The list of nations who were the victims of the ransom threat is the banking sector in South Africa and Singapore, the telecom sector in turkey, ISP providers in South Africa and gambling websites in South Asian countries.

The ransom demands kept going on, and the attackers systematically extended the campaigns to 10 different countries across the world. Some of the attacks were successful but not all of them, as it would have been near to impossible to launch an all-out DDoS resource attack against each party. According to claims of ZDNet, it confirms that numerous attacks launched against the parties as a part of the campaign were successful.

The Group keeps changing names 

The group responsible for these attacks kept changing their identity to prevent being identified by the authorities. At first, they used Fancy Bear, the Russian hackers' group responsible for the 2014 White House Attack and 2016 DNC hack. After that, they used Cozy Bear, another Russian hacking group which is also infamous for the 2016 DNC attack.

Hackers made $82 Million through Bug Bounties in 2019


Hacking as a profession has now become a viable option for the hackers out there. Yes, you've heard it right, ethical hackers have made more than $82 Million in Bug Bounties held at HackerOne. To top that, the ethical hacking community on HackerOne has now reached over 600,000, with around 850 new hackers joining every day. According to a '2020 Hacker Report' published by HackerOne, a Bug Bounty platform in San Francisco, around 18% of the members are full-time hackers, whose job is to find vulnerabilities and assure that internet becomes a safe place for everyone.


On the HackerOne platform, hackers from across the world, 170 countries to be accurate, which includes India too, are working every day to ensure the cybersecurity of 1700 organizations, which include Zomato and OnePlus also. The US tops the 2109 list in the earnings made by hackers through Bug Bounty with 19%, India comes second with 10%, Russia has 8%, China a 7%, Germany 5%, and at last Canada with 4%. These countries are the top 6 highest earning ones on the list.

According to Luke Tucker, who is the Senior Director of Global Hacker Community, Hackers are a global power working for a good cause to ensure the safety the connected society on the internet. The motivations for hacking may differ, but it is good to see that global organizations are embracing this new change and providing hackers a new platform to compete and grow as a community, making the internet a safe place for everyone, all together. Hackers from various countries earned a lot more than compared to what they did last year.

Hackers from Switzerland and Austria made more than 950% earnings than last year. Similarly, hackers belonging to Singapore, China, and other Asian countries made more than 250% compared to their earnings of 2018. Competitions like these Bug Bounty programs have helped Hackers land into respectful expert knowledge, as 80% of the hackers use this experience to explore a better career or jobs. According to the reports, these hackers spent over 20 hours every week to find vulnerabilities.

Betting and Gambling Websites under Cyberattack from Chinese Hackers


Since last year's summers, Chinese hackers have been targeting South Asian companies that own online gambling and betting websites. The gambling companies in South Asia have confirmed the hacks, whereas rumors of cyberattacks on betting websites have also emerged from Europe, and the Middle East, however, the rumors are yet to confirm, says the reports of cybersecurity group Trend Micro and Talent-Jump. Cybersecurity experts claim that no money was stolen in these hacks against the gambling websites. However, hackers have stolen source codes and databases. The motive of the attack was not a cybercrime, but rather espionage intended attack to gain intelligence.


According to the experts, a group named 'DRBControl' is responsible for the cyberattack. According to the reports of Trend Micro, the hacking techniques used in this particular cyberattack incident is similar to methods done by Emissary Panda and Winnti. All of these hacking groups are from China that has launched cyberattack campaigns in the benefits of the Chinese state. As of now, it is not confirmed whether DRBControl is launching these cyberattacks in the interests of the Chinese government. According to the cybersecurity group FireEye, not all the attacks have been state-sponsored, as a side business, hackers have been launching these attacks for profits and money.

How did the attacks happen?

The techniques used by DRBControl is not very uncommon or unique. Rather, the attacking techniques used to target victims and steal their data were pretty simple. The hackers send phishing emails that contain backdoor entries malware, and if the user is lured into opening these mails, the system gets infected with backdoor Trojans. However, these backdoor Trojans are not the same as the others.

This kind of Trojan relies on Dropbox file service for hosting and sharing to be used as C&C (control-and-command), to store stolen data and 2nd level payloads. Hence the name, DropBox Control. The Chinese hackers usually use the backdoor Trojans to install other hacking malware and tools so that they can roam through the network and trace the path to the source codes and databases to steal the user data.

US Intelligence Reveals Malware, Blames North Korea


The FBI (Federal Bureau of Investigation), US Cyber Command, and DHS (Department of Homeland Security) recently discovered a hacking operation that is supposed to originate from North Korea. To inform the public, the agencies issued a security statement which contains the information of the 6 malware that the North Korean Hackers are currently using.


US Cyber Command's subordinate unit, Cyber National Mission Force (CNMF), on its official twitter account published that the North Korean hackers are spreading the malware via phishing campaigns. The tweet says, "Malware attributed to #NorthKorea by @FBI_NCIJTF just released here: https://www.virustotal.com/gui/user/CYBERCOM_Malware_Alert …. This malware is currently used for phishing & remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions. #HappyValentines @CISAgov @DHS @US_CYBERCOM."

According to the US Cyber Command, the malware allows the North Korean hackers to sneak their way into infected systems and steal money. The funds stolen are then transferred back to North Korea, all of it done to avoid the economic sanctions imposed upon it. It is not the first time that the news of the North Korean government using hackers to steal money and cryptocurrency to fund its nuclear plans and missile programs, and avoid the economic sanctions have appeared. According to the reports of the US agencies, the 6 malware are Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie, and Buffet line. The official website and twitter account of DHS, US Cyber Command, have complete details about the malware.

The US Alleges Lazarous Group for the Attack 

Cybersecurity and Infrastructure Security Agency (CISA) claims that the attack was carried away by the North Korean hacker group Lazarus. The group also works under an alias, Hidden Cobra, and is one of the largest and most active hackers' groups in North Korea. According to the DOJ (Department of Justice), Lazarus was also involved in the 2014 Sony hack, 2016 Bangladesh Bank Attack, and planning the 2017 WannaCry ransomware outbreak.

A new 'Name and Shame' approach 

Earlier, the US used to avoid issuing statements when it faced cybersecurity attacks. However, in the present times, it has adopted a new name and shame approach to deal with this issue. The US cybercommand, as observed, publishes about the malware publicly on its Twitter handle, along with the nation responsible. This didn't happen earlier.

Apple Doubles Microsoft by 2:1 in Cybersecurity Threats


According to a fresh report on malware that further sinks deep into the debate of cyberattacks, research company Malwarebytes has used data from various fields to analyze the cybersecurity attacks that effected either the consumers or the business in 2019. But the most surprising thing is the platforms on which these attacks happened: Apple vs Microsoft. Surprisingly, the report tells us that the cybersecurity threats had a larger effect on Apple than that of Microsoft.


An insight into State of Malware Reports- 

The 2020 Malwarebytes research looked into the following fields for the potential cybersecurity threats: macOS and Windows, iOS and Android users, attacks based on web browsers, and attacks that happened on Windows or Mac PCs. After calculating the cybersecurity threats and analyzing the data, the 'State of Malwares' report revealed that cybersecurity threats against Apple increased by 400% in the year 2019. It also concludes that Apple outnumbers Microsoft by 2:1 in terms of cybersecurity threats.

The ratio shouldn't be ignored as Malwarebyte's Apple has a larger user base than Microsoft. Further, the report reveals that Mac files tend to have more malicious behavior (front and center) throughout the years, allowing more space for hackers to deploy evading techniques to escape iOS discovery. As the malware signs of progress keep affecting the iOS, users should rethink if they should install antivirus in their phones or not, as it opens up the space for cyber attacks.

Does it raise concern over Mac Security- 

If you look back in the past media coverage on cybersecurity, the reports would suggest that there were more attacks to Microsoft or Windows users than to Apple or iOS. But simply having fewer reports than Microsoft doesn't mean that Apple has better cybersecurity. There have been a few prominent incidents that raised suspicion over Apple's commitment to security. For instance, the iPhone specific threats, or the Siri feature that left encrypted emails encrypted, or the apps that could tell if "your iPhone was hacked," or to ensure the security of the Apple Smartwatch 5. The Malwarebytes report suggests that one shouldn't ignore this while moving into 2020, as 2019 showed it was a bad year for Apple.

China Alleges India for Cyber-attacks Amid the Coronavirus Outbreak. Demands International Cooperation.


China, who is currently battling against the deadly coronavirus epidemic said last Friday that it needs international support from countries across as it is in the midst of an 'exceptional' and 'full-on war' against the deadly virus. The statement arrived after reports of local media claimed that cybercriminals from India had attacked the Chinese hospitals during the coronavirus epidemic. "It appears that Indian hackers had attacked regional health institutes and Chinese hospitals while China was busy fighting the coronavirus epidemic," said a Chinese cybersecurity firm in a statement.


"We have proof that hackers from India attacked Chinese health institutes using 'phishing' e-mails technique," said 360 Technology, a Chinese tech company, in a conversation with a national newspaper, Global Times. In acknowledgment of the comments made, the foreign ministry of China said: "We have to come to this conclusion after considering various reports of local media." "A country which is strictly opposed to cyber hacking of any kind, China, a significant cybersecurity nation, has currently become a victim of hacking," said Hua Chunying, spokesperson, Foreign Ministry of China, last Friday, without mentioning India in the statement.

"It is in these times of misery, that we believe all the countries across the globe should come together as one to fight against this major problem of cyber attacks and hacking. It is only after this would we be able to maintain a safe, secure and helpful cyber world," said Chunying via an e-press conference. She further says: "It is a matter of great concern for China as we are currently amid a crisis of battling a deadly epidemic. Witnessing the current public health emergency, the nations should cooperate to battle this issue."

"Indian hackers have been launching APTs (Advanced Persistent Threat) and attacking Chinese health institutes by sending phishing e-mail schemes," said the company to Global Times. "A suspected group of hackers from India named 'Bitter' have launched APT cyberattacks since March 2019, targeting the Chinese health institutes and research centers, and also the Ministry of Foreign Affairs," said an opinion column from Global Times.

Japan Ups Its Cyber-Warfare Game; Becomes a Member of NATO.

p

Cautiously judging China for possible cyber threats, on December 2, Japan in actuality became a new contributor in NATO’s cyber-security war strategies by becoming a member.

Up till 2018, only an observer, Japan moved up its status in the field of “cyber-warfare”.

The Defense Ministry of Japan reportedly mentioned that it has very little experience when it comes to international exercises. There are several things and issues they need to work on, the language barrier being on the list.

The Cyber defenses Japan had to offer so far have always been a matter of criticism compared especially with those of the western nations which made them wonder about any possible cyber-suffrage that could be caused.

China’s infamous cyber-history includes several hacker organizations that are clearly blossoming. From attacks on the government to corporate servers, they’ve done it all.

Reportedly, China is feared to have massive cyber-attack efficacies to match that of Russia’s and that’s what’s causing the U.S and the other European countries to lose sleep.

Pondering over data breaches, Washington has urged other nations to shun Chinese-made telecommunication gear for their “fifth-generation wireless infrastructure”.

The NATO’s Cyber Coalition has its command center in Estonia and proposes one of the world’s greatest exercises of its type. It’s in full swing, with participants like Ukraine, the European Union, and the U.S. totaling up to over 30.

As part of the cyber-security exercise, the “Cyber Coalition” drills model situations that vary from “state compromised computer systems” to the role of cyber-attacks in cross-border battles and even defense against virtual enemies.

A Security Researcher Discovers A Fully Unprotected Server On An Aerospace Company’s Network




A security researcher for security firm IOActive, discovered a completely unprotected server on an aerospace company’s network, apparently loaded with code designed in a way to keep running on the company's giant 737 and 787 passenger jets, left openly available and accessible to any individual who found it.

After a year Ruben Santamarta, the security researcher guarantees that the said leaked code has led him to further discover security flaws in one of the 787 Dreamliner's segments, somewhere down in the plane's multi-tiered system. Which he recommends that for a hacker, abusing those bugs could 'represent' one stage in a multi­stage attack that begins in the plane's in-flight entertainment system and stretches out to the highly protected, safe-critical systems like flight controls and sensors.

Despite the fact that the aerospace company Boeing, straight out denies that such an attack is even conceivable, it even rejects Santamarta's claims of having found a potential way to pull it off. Despite the fact that Santamarta himself concedes that he doesn't the possess the right evidence to affirm his claims, yet he along with the various avionics cybersecurity researchers who have inspected and reviewed his discoveries argue that while an all-out cyberattack on a plane's most sensitive frameworks 'remains a long way' from a material threat, the flaws revealed in the 787's code regardless speak to a rather troubled lacking of attention regarding cybersecurity from Boeing.


We don't have a 787 to test, so we can't assess the impact, we’re not saying it’s doomsday, or that we can take a plane down. But we can say: This shouldn’t happen," says Santamarta at the Black Hat security conference on the 8th of August in Las Vegas.

When Boeing investigated IOActive's claims they reasoned that there doesn't exist any genuine danger of a cyberattack and issued an announcement with respect to the issue ,” IOActive’s scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system," the company's statement reads.

"IOActive reviewed only one part of the 787 network using rudimentary tools, and had no access to the larger system or working environments. IOActive chose to ignore our verified results and limitations in its research, and instead made provocative statements as if they had access to and analyzed the working system. While we appreciate responsible engagement from independent cybersecurity researchers, we’re disappointed in IOActive’s irresponsible presentation."

The company spokesperson even said that while investigating IOActive's claims, Boeing had even put an actual Boeing 787 in "flight mode" for testing, and after that had its security engineers attempt to misuse the vulnerabilities that Santamarta had uncovered.

Boeing says it likewise counselled with the  Federal Aviation Administration and the Department of Homeland Security about Santamarta's attack. While the DHS didn't react to a solicitation for input, a FAA spokesperson wrote in a statement that it's  "satisfied with the manufac­turer’s assessment of the issue."

However there are quite a few security researchers who accept that, in light of Santamarta's discoveries alone, a hacker could make any impending threat to an aircraft or its passengers, other than that Santamarta's research, in spite of Boeing's dissents and affirmations, as indicated by them ought to be a reminder to everybody that aircraft security is a long way from a 'solved area of cybersecurity research.'

Authors of GandCrab Ransomware Terminating their Operations after Making $2 Billion in Ransom Payments



The operators of Gandcrab ransomware are continuously maintaining and developing the ransomware and have released five different variants with no major difference between any two versions and the ransomware is known to be extra secured as it uses the “.bit” top-level domain which is not sanctioned by ICANN.

Gandcrab was distributed via various vectors that include exploit kits, spam mail, affiliated malware campaign and other social engineering methods. Along with plenty of malicious spam emails, attackers resort to ‘GrandSoft’ and ‘RIG’, two of the most popular exploit kits in order to distribute GandCrab. These spam emails are configured to befool users and make them download a script which further will download the ransomware and execute it.

Researchers have found that Gandcrab authors have made over $2billion from ransom payments, averaging around 2.5 million dollars per week. As per the observations made by David Montenegro and Damian, the owners of the ransomware told that they are to put their operations to an end now, after earning huge chunks of money (more than 150 million dollars a year) and cashing it out through legitimate sources.

The operators have discontinued the promotions of the ransomware and asked the concerned affiliates to terminate the distribution of the ransomware within the next 20 days. They have also asked the victims to pay the ransom; otherwise, the key will be deleted. However, it’s still a matter of question that whether the keys will be released after the authors shut down their operations.

Although, ransomware has been a constant threat in the field of cybersecurity for a long time but now it’s even deadlier due to the efforts invested by the threat actors in its development. Users are advised to stay equipped with products like ‘Acronis True Image 2019’ in order to stay protected against such ransomware attacks.



Justdial Smacked By a Subsequent Security Breach in Two Weeks; Poor OpSec To Blame!


Justdial is a renowned Indian hyper-local search engine which recently became prone to two security breaches in the span of two weeks.

Only a few weeks ago, the database of all the customers of Justdial was laid bare on the dark web and now the reviewers’ data got on the line.

The company that has beyond 134 million QUA can’t afford to make such reckless mistakes.

April 18th saw the private data including names, addresses, email IDs etc. of over 100 million users which was stored in the search engine’s database to be laid out in the open.

The organization owed the breach to an expired API which allowed anyone to access the data of users. Major percentage of the affected included the hotline number users.

Security researchers were the first to discover the breaches that so thrashed Justdial. They also cited that no specific actions against them were taken.

These claims were denied by Justdial mentioning that the data was stored in a double-encrypted format.

The same group of researchers again found out a lacuna in the API of Justdial on April 29th.

Herein the people who post reviews were harmed in the form of their data being exposed.

Reportedly, the API connected to Justdial’s reviewers’ database had been unprotected since the company’s foundation.

Hence, the reviewers’ names, mobile numbers, locations and all became easily accessible thanks to the loophole.

But this issue was immediately fixed, according to the reporters.

No matter what happened, the unprotected database and the loophole contributed largely to the data breaches.

Justdial employs a humongous database and hence has large number of data stored within it.

Weak API and poor “Operation Security” is majorly to blame for all the breaches Justdial saw in these couple of weeks.

According to security researchers, API handlers and managers should be employed. Also easily implemented software switch could help in protecting the access points.


Also the first breach should have been taken seriously and used as a means of learning to help secure the system from future attacks.

It is evident that the company needs to strengthen their operational security and up their game in terms of securing the present loopholes and possible lacunae.