Search This Blog

Showing posts with label FSB. Show all posts

Criminals Targeted Security Gaps at Financial Services Firms as Employees Moved to WFH

 

According to a report released on Tuesday by the international Financial Stability Board (FSB), criminals targeted security flaws at financial services organizations as their employees switched to working from home. The Financial Stability Board (FSB) was established after the G20 London meeting in April 2009 to offer non-binding recommendations on the global financial system and to coordinate financial policies for the G20 group of nations. 

“Working from home (WFH) arrangements propelled the adoption of new technologies and accelerated digitalization in financial services,” the report states. Phishing, spyware, and ransomware were used to target workers at home. Between February 2020 and April 2021, the number of crimes increased from less than 5000 per week to more than 200,000 per week. 

On July 8, 2021, the Cyber Security Agency of Singapore (CSA) released data suggesting that cybercrime accounted for 43% of all crime in the city-state in 2020. "Although the number of phishing incidents remained stable and website defacements declined slightly, malicious cyber activities remain a concern amid a rapidly evolving global cyber landscape and increased digitalization brought about by the COVID-19 pandemic," said the agency. 

Ransomware attacks increased by 154% from 35 in 2019 to 89 in 2020, ranging from "indiscriminate, opportunistic attacks" to "Big Game Hunting," according to the CSA. They also used leak and shame techniques, as well as RaaS (Ransomware-as-a-Service) models. Between 2019 and 2020, the number of hostile command-and-control servers increased by 94%, with Emotet and Cobalt Strike malware accounting for one-third of the total. 

As IT departments tried to secure remote workers, increased dependence on virtual private networks and unsecured WiFi access points “posed new types of hurdles in terms of patching and other cyber security issues,” according to the FSB assessment. External providers, according to the research, also built cracks for hackers to exploit. According to the report, "While outsourcing to third-party providers, such as cloud services, seems to have enhanced operational resilience at financial institutions, increased reliance on such services may give rise to new challenges and vulnerabilities." 

Working from home isn't going away any time soon. According to Gartner, nearly half of knowledge employees will be working remotely by 2022. Even Apple's retail team follows a hybrid work schedule. Institutions' cyber risk management systems, incident reporting, response and recovery efforts, and how they manage cloud and other third-party services should all be adjusted properly, according to the FSB.

The FSB recorded an attempt to encrypt the data of patients in hospitals in Russia

The deputy director of the National coordination center for computer incidents (NCCI) Nikolay Murashov during a speech at the information security forum stated that for the first time in 2020, the Special Services recorded attempts by hackers to introduce malicious software into the information resources of Russian medical institutions in order to encrypt user data.

According to him, there were also hacker attacks on the information resources of the Central Election Commission and Civic Chamber of the Russian Federation.

Murashov said that the special services managed to prevent attacks on the services of state structures.

In total, over the past year, the NCCI has stopped the work of more than 132 thousand malicious resources. At the same time, according to Murashov, the main sources of cyber attacks on Russian resources are located outside the country: 67 thousand foreign malicious resources and 65 thousand such resources in Russia were blocked by the Center for the year. The attacks were carried out from Turkey, the Netherlands, and Estonia and were aimed at state authorities and industrial enterprises.

In general, according to Murashov, remote work has complicated the protection of personal data, as attacks began to be carried out through insufficiently protected remote access centers and vulnerable software. NCCI specialists also registered the sending of phishing messages, most often, card data were stolen through phishing.

The National coordination center for computer incidents has been recording for several years that the main sources of hacker attacks on Russian organizations are located abroad.

In late January, the NCCI center warned of possible cyberattacks from the United States. The threat of attacks in the Center was associated with accusations against Russia from Western countries of involvement in hacker attacks on American government resources, as well as with threats from them to carry out "retaliatory" attacks on Russian critical information infrastructure.

According to the Investigative Committee, in general, the number of cybercrimes over the past seven years in Russia has increased 20 times, and every seventh crime is committed using information technology or in cyberspace.

The NCCI was created in 2018 by order of the FSB to combat the threat of hacker attacks on Russia's infrastructure.

Russian Security Services Track Down Colossal Credit Card Fraud Ring


Russian Security Services (RSB) has tracked down and charged an international credit card fraud ring arresting 25 accused. The carding kingpin is suspected to be linked with dozens of carding shops and with some of the most significant data breaches plaguing the Western World. FSB, the Russian Federal System, issued a statement this week stating they arrested 25 individuals accused of circulating illegal means of payment tied with around 90 websites that sold stolen credit cards. Though the FSB did not release a list of names, a blog LiveJournal by cybersecurity blogger Andrey Sporov leaked the details of the raid and exposed that the infamous hacker Alexey Stroganov, who goes by the hacker names "Flint" and "Flint24" was also among the arrested.


According to Intel 471, a cyber intelligence firm Stroganov is with some of the major cyber threats since 2001. Stroganov and his associate Gerasim Silivanon (a.k.a. "Gaborik ") were also sentenced to six years of imprisonment in Russia in 2006 but were out in two years. "Our continuous monitoring of underground activity revealed despite the conviction, Flint24 never left the cybercrime scene," reads an analysis by Intel 471. "You can draw your conclusions [about why he was released early]," Sporaw wrote, hinting at the use of unfair means to get out of jail early. Flint is one of the big players of the stolen credit card market, working as a wholesaler of credit card data with cyber crooks who bought these cards from him in bulk - 100,000 pieces at once.

Various cyber forums say that Stroganov and his guys were caught because they broke "the golden rule" of hackers from Soviet countries- never target your country people or bank. Flint's "Trust Your Client" These carding sites had a standard scheme they supported to earn trust and loyalty from those who bought these stolen cards. This system allowed their customers to get instant refunds on bad cards without proving that the tickets were canceled by the bank before they could be used. So, these sites installed money-back insurance called "checkers," which can be used by their customers to check the cards (accessible only for a few minutes of buying the tickets) by giving extra money, few cents per card. But slowly, it was claimed that these checkers gave inaccurate results to benefit the card shops.

So, Flint and his gang came up with a policy "Trust your client," through which if the customer claimed that the card was fraudulent, they would get a refund no question asked but only within six hours of buying the ticket. But they probably had their checkers too for checking bad cards.

The Federal Security Service (FSB) of the Russian Federation purchased equipment for hacking smart devices - Hacker group Digital Revolution


Hacker group Digital Revolution published documents according to which the FSB ordered the creation of the Fronton program for organizing cyberattacks using the Internet of things devices.

According to the technical documentation published by hackers, there are three versions of the program — Fronton, Fronton-3D and Fronton-18. They allow infecting smart devices (from digital assistants to smart homes), integrate them into a network and “crash” the servers responsible for the stability of large Internet services and the Internet in entire countries.

It's interesting to note that the Moscow company 0day (LLC 0DT) could have participated in the development of the programs. Previously, the company also carried out orders of the Ministry of Internal Affairs.

According to the published documents, the Internet of things is "less secure, unlike mobile devices and servers." This is due to the fact that many users use smart devices instantly, without changing factory usernames and passwords.

FSB contractors cite the experience of Mirai, the largest network of infected IoT devices, which had 600,000 bots. In 2016, it disabled the DNS servers of the American company Dyn, which made PayPal, Twitter, Netflix and about 70 other services unavailable for some time. At the same time, the organizers of the attack did not use computers, but printers, children's monitors and IoT routers.
Hackers noted that Fronton can be used for "spying on the whole world". The BBC suggests that, most likely, the main targets of cyberattacks may be digital cameras.

The documents note that 95% of the botnet should consist of IP cameras and digital video recorders. Search server must find targets for hacking, which can be connected via a virtual private network or the Tor browser. Documentation also emphasizes that "the use of the Russian language and the connected Cyrillic alphabet is excluded". It is suggested to hack devices using a dictionary of typical passwords from the Internet of things devices.

In December 2018, Digital Revolution said that it hacked the server of the Kvant Scientific Research Institute, owned by the FSB, and found documents on the system of automatic monitoring of social networks for protest moods. In the summer of 2019, hackers said that they broke into the servers of the Moscow IT company Sitek, which carried out projects for Russian special services and agencies.

Hacker from Novovoronezh was convicted of a cyber attack on the library

A resident of Novovoronezh received a year of imprisonment for a cyber attack on the Kurgan Regional Universal Scientific Library. The crime was solved by employees of the FSB of the Voronezh region.

According to the Press Service of the Voronezh Prosecutor's Office, in February 2018, 24-year-old Mikhail Nazarov installed malicious software on his PC with which allowed him to destroy, block, modify or copy the information and to bypass its protection. The guy found the Internet resource of the Government of the Kurgan region, namely the Library and committed a series of cyber attacks. Why the young man chose this resource is not specified.

However, hacker came to the attention of the FSB, whose officers seized cyber attacks and detained the attacker. Law enforcement authorities opened a criminal case under the article “Creating, using and distributing malicious computer programs”. The maximum penalty under this article is 4 years of imprisonment.

The Court found the young man guilty and sentenced him to one year in prison conditionally. Nazarov received a shorter sentence since he admitted his guilt.

We will remind that earlier the Court of the Voronezh region has sentenced a 30-year-old local resident to one and a half years of imprisonment and 10 thousand roubles a fine for hacker attacks on State sites of Siberia and the Far East. Moreover, the hacker managed to hack the websites of commercial organizations. The man used the hacked services for personal mercenary purposes, including mining.

The Head of the FSB appealed for the creation of international rules on the Internet


The Head of the FSB of Russia Alexander Bortnikov stated the need to create international rules on the Internet. In particular, to make encrypted messages in mobile applications open to intelligence agencies.

If the international community can come to a consensus on this issue, the terrorists will actually lose the list of opportunities, such as propaganda, recruitment, financing, communication, management, said Bortnikov at an International Conference on Countering Terrorism on 18 April 2019 in St. Petersburg.

He noted that the use of cryptography in services for communication prevents the effective fight against terror. According to him, Russia has developed a concept for the creation of "the system of the deposit of encryption keys generated by mobile applications, which will be open for control” to solve this problem. Bortnikov proposed to the world community to realize this idea together and to provide intelligence agencies with legal access to important encrypted information of the terrorists.

In addition, Bortnikov noted that at the moment there are more than 10 thousand sites of existing international terrorist structures and thousands of accounts in social networks. The information is published in more than 40 languages, but the leading positions are occupied by Arabic, English and Russian languages.

Bortnikov added that the ability to hide data in IP-telephony and foreign e-mail servers leads to an increase in the spread of false reports of terrorist attacks, as well as the sale of weapons and explosives.

According to one of the amendments to the law on Autonomous RUnet (http://www.ehackingnews.com/2019/02/the-kremlin-told-about-hacker-attacks.html), IT-companies were obliged to use Russian cryptography for all traffic in the Russian segment. It is assumed that the Government will determine the issuance and use of codes and encryption.

In addition, in April 2018 Russia tried to block the Telegram messenger for refusing to provide the FSB with the encryption key of the negotiations of suspected terrorists (http://www.ehackingnews.com/2018/04/russian-court-orders-to-block-telegram.html).