Search This Blog

Showing posts with label Federal Security Service. Show all posts

The FSB recorded an attempt to encrypt the data of patients in hospitals in Russia

The deputy director of the National coordination center for computer incidents (NCCI) Nikolay Murashov during a speech at the information security forum stated that for the first time in 2020, the Special Services recorded attempts by hackers to introduce malicious software into the information resources of Russian medical institutions in order to encrypt user data.

According to him, there were also hacker attacks on the information resources of the Central Election Commission and Civic Chamber of the Russian Federation.

Murashov said that the special services managed to prevent attacks on the services of state structures.

In total, over the past year, the NCCI has stopped the work of more than 132 thousand malicious resources. At the same time, according to Murashov, the main sources of cyber attacks on Russian resources are located outside the country: 67 thousand foreign malicious resources and 65 thousand such resources in Russia were blocked by the Center for the year. The attacks were carried out from Turkey, the Netherlands, and Estonia and were aimed at state authorities and industrial enterprises.

In general, according to Murashov, remote work has complicated the protection of personal data, as attacks began to be carried out through insufficiently protected remote access centers and vulnerable software. NCCI specialists also registered the sending of phishing messages, most often, card data were stolen through phishing.

The National coordination center for computer incidents has been recording for several years that the main sources of hacker attacks on Russian organizations are located abroad.

In late January, the NCCI center warned of possible cyberattacks from the United States. The threat of attacks in the Center was associated with accusations against Russia from Western countries of involvement in hacker attacks on American government resources, as well as with threats from them to carry out "retaliatory" attacks on Russian critical information infrastructure.

According to the Investigative Committee, in general, the number of cybercrimes over the past seven years in Russia has increased 20 times, and every seventh crime is committed using information technology or in cyberspace.

The NCCI was created in 2018 by order of the FSB to combat the threat of hacker attacks on Russia's infrastructure.

Russians Warned for US-led Cyberspace Threat Ensuing Solar Wind Orion

 

On Thursday evening, the Russian government released a security notice to Russian firms warning of possible US-led cyber-attacks following the SolarWinds incident. In retaliation for SolarWinds hacking which has breached networks of a variety of US federal agencies including the Defense Department and top-tech businesses, the Russian government has warned corporations around the world of an imminent cyberspace threat. 

At least 250 federal agencies and leading US businesses have suffered from Russian-backed hackers by filtering into the surveillance and control platform 'SolarWinds Orion.’ The response of the Russian government comes after earlier statements from the current Biden administration.

New officers from the White House said that they are reserved with the freedom to respond to cyberattacks, and they would want to do so in answer to the questions about their plans for SolarWinds. The secretary of the press said that “We’ve spoken about this previously… of course we reserve the right to respond at a time and manner of our choosing to any cyberattack.” 

The reaction from Moscow to this statement was given hours later by the Federal Security Service, an internal security and intelligence body in Russia, the National Coordinating Centre for Computer Accidents. It took the form of a protection newsletter. 

The brief statement included a list of 15 best practice safety measures that companies have to follow to remain safer online, and cited the statements of the Biden government which are considered as a threat. The best practice in the warning is to include factory safety guidance and few businesses and even the least qualified safety, as noted by the experts. 

In reaction to Biden's hostile declaration earlier in the day further security warnings were released. In the SolarWinds incident, Russia has declined its stance. Following the event of SolarWinds, the Biden administration has dedicated $9 billion to cyber defense. Recently, at least 24 large corporations, including tech giants including Intel, Cisco, VMware, and Nvidia have been hacked. 

In Orion applications sold by the IT management firm SolarWinds, the alleged Russian hackers built and collected the confidential data of a number of U.S. government departments and firms. The original report was that 18,000 government and private networks were hacked by Russian hackers.

Ticketmaster Fined $10 Million by Department of Justice for Unlawful Business

Ticketmaster had to pay €7.3 Million ($10M) fine compensation for intervening in a rival company's computer systems, says the US Department of Justice. Ticketmaster agreed to pay a fine amount after it faced allegations by the US DoJ that the company gained unlawful access into rival company's systems to obtain information about its business. According to DoJ, the US ticket sales and distribution company illegally used retained passwords of a former employee of a rival company to access their computer systems. Ticketmaster had done this as a scheme to wipe out the competitor's business. Responding to the action, Ticketmaster has said that it feels good now that the issue is resolved.


The DoJ in the released statement said that the unlawful activity happened in 2017. The scheme involved 2 company employees, both now dismissed. According to Ticketmaster, the employees' actions violated their company policies and conflicted with their organizational values. Federal officers alleged Ticketmaster of computer intrusion, wire fraud, and other illegal activities dating back to 2013. The federals have agreed to remove charges in 3 years if the company doesn't make any trouble as per the federal prosecution deal. The inquiry emphasized the company's (Ticketmaster) attempts to obtain information, specifically related to concert pre-sale tickets, says the court statements. 

The rival is a UK based company with headquarters in Brooklyn, New York, but the information in legal documents suggest it was Songkick. Songkick holds expertise in offerings performance artists digital widgets called "artist's toolbox," which allowed Songkick to pre-sell tickets to their events on its online websites separately from ticket blocks which were available to Ticketmaster, a company owned by Live Nation Entertainment Inc. 

Live Nation and Ticketmaster unlawfully took a former worker rival company to get details about its business operations, client details, and marketing plans. The employee gave Ticketmaster the login credentials of his former company, which Ticketmaster used several times to gain access to computer systems and get information about Songkick's pricing to develop their own competing platform. 

Bloomberg reports, "songkick sued Live Nation and Ticketmaster in Los Angeles federal court and reached a $110 million settlement in 2018 that included the sale of its ticketing assets to Live Nation. Other Songkick assets had been sold earlier to Warner Music Group."

The Federal security service of Russia stopped the activities of the largest group of hackers


More than 30 members of an interregional criminal group engaged in cloning and selling credit and payment cards of Russian and foreign banks were detained by the Federal security service (FSB). Hackers gained access to data by hacking user accounts and payment systems. The detentions took place immediately in 11 regions of Russia.

The group created more than 90 online stores where it was possible to buy data from other people's bank cards. The cards of both Russian and foreign banks, including credit cards, were compromised.
According to the FSB, the criminal group has been operating for at least the past three years. Criminals obtained the necessary data of real cardholders by accessing user accounts on the Internet and payment systems.

One of the most common ways to get them was to create websites selling various products at below-market prices. Customers interested in these cheap offers paid for the purchase directly on the site with a bank card. At the same time, using a special program, hackers gained access not only to its number but also to the pin code, as well as the CVC code of the cardholder. The seller immediately canceled the transaction itself, referring to the fact that the product is out of stock and the customer will be notified of its appearance by SMS.

After that, cloned Bank cards with a balance, usually, not less than several hundred thousand rubles or several thousand dollars or euros went on sale in one of the 90 online stores organized by members of the group in the Darknet. For example, a copy of the card with a balance of $3 thousand to $25 thousand fraudsters offered to buy for 30% of the face value. They even gave a 30-day guarantee for their product, promising to exchange the card in case of blocking. At the same time, courier delivery of cards with the entire package of documents was offered to any city in the world. Withdraw money was recommended as soon as possible so that its real owner did not have time to suspect anything.
25 detainees were charged under the article on illegal turnover of payment funds. Among the detainees are citizens of Ukraine and Lithuania.

Law enforcement officers seized more than $1 million and 3 million rubles during their detention, as well as weapons, drugs, gold bars and servers hosting fraudulent websites. According to the statement, the site hosting equipment was "liquidated". The FSB added that the seized property included fake documents, including fictitious Russian passports and law enforcement documents.

The Federal Security Service (FSB) of the Russian Federation purchased equipment for hacking smart devices - Hacker group Digital Revolution


Hacker group Digital Revolution published documents according to which the FSB ordered the creation of the Fronton program for organizing cyberattacks using the Internet of things devices.

According to the technical documentation published by hackers, there are three versions of the program — Fronton, Fronton-3D and Fronton-18. They allow infecting smart devices (from digital assistants to smart homes), integrate them into a network and “crash” the servers responsible for the stability of large Internet services and the Internet in entire countries.

It's interesting to note that the Moscow company 0day (LLC 0DT) could have participated in the development of the programs. Previously, the company also carried out orders of the Ministry of Internal Affairs.

According to the published documents, the Internet of things is "less secure, unlike mobile devices and servers." This is due to the fact that many users use smart devices instantly, without changing factory usernames and passwords.

FSB contractors cite the experience of Mirai, the largest network of infected IoT devices, which had 600,000 bots. In 2016, it disabled the DNS servers of the American company Dyn, which made PayPal, Twitter, Netflix and about 70 other services unavailable for some time. At the same time, the organizers of the attack did not use computers, but printers, children's monitors and IoT routers.
Hackers noted that Fronton can be used for "spying on the whole world". The BBC suggests that, most likely, the main targets of cyberattacks may be digital cameras.

The documents note that 95% of the botnet should consist of IP cameras and digital video recorders. Search server must find targets for hacking, which can be connected via a virtual private network or the Tor browser. Documentation also emphasizes that "the use of the Russian language and the connected Cyrillic alphabet is excluded". It is suggested to hack devices using a dictionary of typical passwords from the Internet of things devices.

In December 2018, Digital Revolution said that it hacked the server of the Kvant Scientific Research Institute, owned by the FSB, and found documents on the system of automatic monitoring of social networks for protest moods. In the summer of 2019, hackers said that they broke into the servers of the Moscow IT company Sitek, which carried out projects for Russian special services and agencies.