Search This Blog

Showing posts with label Hackers. Show all posts

Patrons Become Victim to Depop Hacks

 

Since the lockdown started in March, there has been a significant spike in online shopping. This has become a big attraction for people looking for items on famous sites and apps. However, like every online shopping app, there could be issues for consumers, such as hacking, data breach, cyber fraud, etc. And this pandemic came out as a golden opportunity for the Scammers since they have managed to continue plaguing a variety of internet resources. 

One "have a go" tactic of the hackers is "credential stuffing" which requires the use of automated software to log into accounts repeatedly, entering previously uncovered usernames and login information from data breaches of other common online services. However, this dupe won't work if a person doesn't have the same password on many sites or has changed their passwords after being subjected to a data breach. 

One such incident of hacking and data breach has happened with 21 years old, Birmingham based law student, Amelia Strike who was unknowingly logged out of her Depop social shopping app account in October. Regarding which she said that "I thought I had just forgotten my password when I couldn't get back in, but a couple of days passed and I realized something wasn't right”, further adding, "I just felt so violated”. 

Later she received a post from a stranger on Instagram, alerting that her account had been taken over by a hacker auctioning Apple Air Pod headphone for £50. She also figured out that the hacker was scamming a lot of Depop customers under her name. The hacker was instructing the patrons to make the payment via PayPal’s “Friend and Family” option. Well, this method of payment overrides Depop's fees and does not offer any protection to buyers. 

She was fast enough to act against the scammer by using her brother’s Depop account and commenting on the offending post and contact for help from the app firm. Her query was noticed, and the firm removed the posts done by the hacker, within few hours and her password was reset. Amelia Strike notices at least three Depop patrons who had made payment by the unauthorized method to the hacker. 

In Amelia Strike's case, to get users to believe scam listing, the hacker even uploaded a picture of her name to a post-it note next to the headphones that were allegedly for sale. This is a common technique used by people selling second-hand goods online to show that images have not been taken from another listing. 

Nevertheless, she is not only the one whose Depop account was hacked, other 14 users have also reported similar cases. And in all such cases, the fraudsters insisted that they be charged directly rather than via the app. Further Depop has requested the patrons to pay via the authentic method and has stated, “We consistently communicate this to our community and reinforce that the only safe way to purchase is on the Depop app or website via the buy button.”

Remote Images Used by Hackers to Evade Email Filters

 

Phishing emails impersonating well-known brands like Microsoft or PayPal need visual content to be successful. From brand logos to colorful pictures, images give a visual cue to the recipient that the email is innocuous and authentic. However, pictures add a visual component of authenticity to in any case fake emails: they likewise make the work of filtering emails a lot harder. Image spam has consistently been a very mainstream strategy for evading an email's textual content analysis, as there is no important content that can be separated from the text email parts. 

On the off chance that the detection of identical images is moderately simple—thanks to signatures based on cryptographic hashing algorithms, for example, MD5—the detection of similar pictures requires complex and costly algorithms. Without a doubt, to evade detection, phishers manipulate the pictures marginally, changing the compression level, colorimetry, or geometry to bypass email filters. They will probably make each picture unique to evade signature-based technologies.

Remote pictures have emerged as the most recent filter bypassing method by hackers hoping to exploit shortcomings in email security technology. In contrast to embedded images, which can be analysed progressively by email filters, remote pictures are facilitated on the web and accordingly should be fetched prior to being analysed. In 2020, the utilization of remote image-based dangers surged. In November 2020 alone, Vade Secure broke down 26.2 million remote pictures and hindered 262 million emails highlighting noxious remote pictures. 

Analyzing a remote picture requires getting it over a network. Exploiting this shortcoming, cybercriminals utilize extra strategies to make the process more cumbersome for security scanners, such as:

 • Multiple redirections

 • Cloaking techniques

 • Abuse of high-reputation domains 

The way towards blocking picture-based threats requires Computer Vision, a scientific field that manages how PCs can acquire a high-level understanding of visual content. Vade Secure implemented the first Computer Vision technology dependent on Deep Learning models (VGG-16, ResNet) in mid-2020 to distinguish brand logos in emails and sites. The Deep Learning models have been trained on a combination of gathered pictures and artificially created pictures. 

The outcome is that large numbers of these emails go undetected. For clients, this regularly implies accepting a phishing email and reporting it, just to get it once more, and sometimes, on numerous occasions.

Hackers Hijacked Smart Devices and Live-Streamed Swatting Incidents

 

Technology is ameliorating at a great pace and here we are becoming the victims of our doings. In the current modern era, our reliance on technology is bound to skyrocket, however, various other factors need to be checked to ensure a durable sense of security and privacy. Several misconceptions and lack of knowledge among users are what allow hackers to make gigantic gains. 

In light of that, recently, one such incident took place where the hackers hijacked various smart home devices and live-streamed police raids simultaneously on various innocent natives of the settlement. Then, hackers made a hoax call to the police and authorities on 911, which lead to “Swatting”. In this regard, the FBI confirmed that these hackers have even spoken to the acknowledging officers operating via the hacked kit. 

What is “Swatting”?

The hackers are aggravating Swatting attacks, which is an offense. The operators attempt to befool authorities by 
making a hoax telephonic call and falsely stating that the current state of affair is an emergency and they should straight away be at their disposal at the said residence with armed forces. 

It should be noted that this was not the first time an incident of such sort has taken place. The FBI had clearly stated that there are “deadly” risks and appalling outcomes of such attacks. One such fake hoax call costed the life of an innocent person three years back when the police shot that man in Kansas over the information handed over to them by the hackers. 

Why such incidents happen where the hackers easily enter the secured digital systems of owners? 

Following the incident and investigating the matter at hand, the FBI has given valuable insights about the subject, the officials clarified that such “pranks” become a success because the victims have reused the watchwords from other devices and services for setting up the same smart home device as well, making attackers' work exceedingly simple.

On the hub of confidential information, the Dark Web, such credentials of devices are easily hacked and sold and concurrently bought; and when we use the same watchwords for multiple devices and services, as a consequence, it becomes easy for hackers to enter the security system and break the firewall. 

“The [perpetrators] call emergency services to report a crime,” the FBI told. 

“The offender watches the Livestream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms.”

With an upsurge in similar cases, the FBI has urged the victims as well as the owners of the smart devices/services that they must change their watchwords immediately and should also update the same regularly.

Finland MP’s Faces Dire Cyber Intrusion

 

The parliament of Finland verified on Monday that some hackers had procured entry into the internal IT system of Finland and have also retrieved some personal as well as confidential information by accessing into the email accounts of some of the Member of the Parliament (MPs).

In a statement the government officials confirmed that the incident took place in the autumn season of 2020 and was turned up in the month of December by the IT staff of the Parliament after they felt that something suspicious is happening. This occurrence is being investigated under the examination of the Finnish Central Criminal Police (KRP) .

Although the Crime Commissioner Tero Muurman in an official statement said that “The act is not accidental”, on the other hand the police in investigation are not unveiling any detail about the case. Instead they quoted that they are investigating the security breach as a “suspected gross hacking and espionage” incident. Though after flicking through all the recorded statement one thing is clear that the intrusion did no harm to the internal IT System of the Parliament.

 “At this stage , one alternative is that unknown factors have been able to obtain Information through the hacking, either for the benefit of a foreign state or to harm Finland” , Muurman further added. The larceny of the hackers has affected a lot of individuals of the country though obviously the number is unsure. 

The thing that requires the maximal gravity here is that, during the same time, in the fall, some Russian hackers have also accessed the emails of various Parliamentary personnel and representative of Norway to acquire some information. Both the hacks were quite indistinguishable in nature and can be thought to be linked as well. 

The officials in command stated, “This case is exceptional in Finland serious due to the quality of the target and unfortunate for the victims”. Proffering a sense of placidity to the victims the KRP Tero Muurman also made a statement claiming that “International cooperation has taken place in the investigation” and the drudges would be behind the bars for the felony. 

City of Cornelia Witnessed Fourth Ransomware Attack

                   

It seems like now the city of Cornelia has gotten quite used to the horrors of ransomware attacks as on Saturday, they witnessed their 4th ransomware attack within the last 2 years, the City Manager Donald Anderson on Tuesday. A day after Christmas eve, on the pleasant morning of the 26th of December 2020 the city of Cornelia got their Christmas gift as a malware attack. Experts say that this may not be the last incident but it is a part of the aggravated trend that the city may witness in the near future. 

Though the city has spent almost $ 30,000 for the upgradation of the firewall after the last attack that happened in September 2019 for better shielding of the system, still the hackers were able to take over the state’s administration and the data system offline.  

In a statement, the city’s manager said that they have “anticipated such situations in and out with abundance of caution”, moreover they have also “taken down our network while we investigate the situation and restore our data.” The aforementioned situation, owing to its gravity, is not only being monitored by officials from the state, but experts from outside have also stepped in to investigate the matter. 

According to Anderson the local services of the city like the emergency phone lines, garbage pickups and the utility work, etc, are not disturbed at all and are functioning properly. The email services and the city hall phones are also operating under normal conditions. However, since the city’s software data system is down, the employees and the natives are in a stalemate condition as they can neither lookup for the bill balances nor can accept any sort of credit card payments for the city services.  

Though the majority of the city functionalities are unaffected by this attack, still the operators behind the ransomware attack were able to incapacitate the newly installed water treatment plant of the city of Cornelia.  

“According to them the business model of those behind the ransomware is typically NOT to profit off of selling the personal information of the city employees or our citizens on the internet – it is to extract a payment from the city .” Anderson further added. Meanwhile, the city officials denied disclosing any further information and asked for cooperation and support from the city natives, telling them to stay patient and keep their calm until things are being resolved. 

Manchester United Hit By a Cyber Attack on their Systems

 

Manchester United affirmed the hacking on the club and revealed systems required for the match remained secure.

Have been hit by a cyber-attack on their systems however state they are not “currently aware of any breach of personal data associated with our fans and customers”. 

In a statement, United stated: “Manchester United can confirm that the club has experienced a cyber-attack on our systems. The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimize the ongoing it disruption.

Paul Pogba 'significant for us' says Solskjær after Deschamps comments, “Although this is a sophisticated operation by organized cybercriminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality.

Our cyber defenses identified the attack and shut down affected systems to contain the damage and protect data. Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers. 

We are confident that all critical systems required for matches to take place at Old Trafford remain secure and operational and that tomorrow’s game against West Bromwich Albion will go ahead.”




The club told the British authorities about the incident, including the information commissioner's office. 

The united likewise dispatched a forensic investigation into the incident. 

A spokesperson for the club added: “These types of attacks are becoming more and more common and are something you have to rehearse for.” 

United have informed the information commissioner's office and added that forensic tracing is being completed by carrying out an attempt to set up additional insight regarding the attack.


Decentralized Finance (Defi) Protocol Akropolis Hacked For $2 Million In DAI

 


Decentralized finance (defi) protocol Akropolis was recently hacked for $2 million in DAI, in the most recent flash loan attack to hit the 'nascent defi industry'. 
When the attack occurred, (GMT timezone) Akropolis admins stopped all transactions on the platform to forestall further losses. In a statemen on Nov. 12, Akropolis revealed that the hack was executed over an assemblage of s contracts in its "savings pools". 

The attacker stole the platform's Ycurve pool in batches of $50,000 in the stablecoin DAI. This specific pool permits investors to trade stablecoins and procure interest.

Despite the fact that Akropolis says that it recruited two firms to further investigate the incident, yet unfortunately neither one of the companies were able to pinpoint the attack vectors utilized in the exploit.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the Ycurve and sUSD pools,” revealed Akropolis. 

The hacker though was still able to discover loop holes to exploit, wiring his 'loot' to this address. Akropolis clarified additionally: “The attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with Dydx flash loan origination.”

Flash loan attacks have gotten rather common against cryptocurrency services running DeFi (decentralized financed) platforms that enables users to either borrow or loan 'using cryptocurrency, speculate on price variations, and earn interest on cryptocurrency savings-like accounts.' 

These attacks are noticed to have been on a quite steady rise since early February this year, and one of the biggest flash loan attacks occurred just a month ago, in October, when hackers stole $24 million worth of cryptocurrency assets from DeFi service Harvest Finance. 

Others pools were fortunately not affected. These included compound DAI, compound USDC, AAVE sUSD, AAVE bUSD, curve bUSD, curve sBTC. Native AKRO and ADEL staking pools were also left untouched. 

Nonetheless, the Akropolis group said that it is still looking for approaches to repay the affected user “in a way that is sustainable for the project”. All stable coin pools have been put on a hold currently, it added.

Russia A Suspect of Norwegian Parliament Cyber Attack?

 

In September, Norwegian authorities said that email accounts of a few authorities had been undermined during a cyber-attack, and some data had been downloaded. In any case, the full extent of the harm brought about by the hack was not yet not revealed. 

Now the nation outrightly blames Russia for this cyber-attack on the email system in the Norwegian parliament. 

Earlier this year in a report, Norway's military intelligence agency had already warned that Russia was attempting to cause more friction in the nation through purported influence operations, aimed toward debilitating public trust in the government, election process as well as the media. 

National legislatures are a 'key source’ of policy-related data, as are oftentimes targeted by hacking campaigns. In August, Norway ousted a Russian diplomat on suspicion of spying. Russia fought back similarly by removing a Norwegian diplomat just days later. 

Foreign Minister Ine Eriksen Soreide took it a serious occurrence influencing the nation's "most important democratic institution” “Based on the information available to the government it is our assessment that Russia stood behind this activity" she said without giving any evidence. Although Moscow rejected the claim, calling it a "serious and wilful provocation." 

Ms. Soreide of course said in a statement that Norway's security and intelligence services were "co-operating closely to deal with this matter at the national level." Because of it, Russia's embassy in Oslo hit back at the "unacceptable" declaration, saying no proof had been introduced. 

However, when we look at things from Norway’s perspective, it is very clear as to to to why they did what they did. The evidence of which lies in the past events that involved both the countries. 

One being when Norway had arrested a Russian national in 2018 who was said to have been suspected of gathering information on the country's parliamentary network. 

Although the individual was later released due to an of. Likewise, in January this year, the personal details of several German politicians, including Chancellor Angela Merkel, were stolen and published online. 

And just the previous year, Australia's cyber intelligence agency accused China after hackers had attempted to break into the Australian parliament, something which the Chinese authorities had denied.

Warning Issued to End Cyberattacks Risk Running Afoul of Sanctions Rules by The U.S. Treasury Department

 

The U.S. Treasury Department recently issued a warning to cyber insurers and other financial institutions that 'facilitate payments' to hackers to end cyberattacks hazard crossing paths with sanctions rules. 

The warnings, referred to as 'malignant programs' known as ransomware and came in from Treasury's Office of Foreign Assets Control (OFAC)and Financial Crimes Enforcement Network (FinCEN).

The warnings also added to the additional worries of the cyber insurers, who have been 'ramping up' rates and attempting to control the exposure to vulnerable customers on account of flooding exorbitant ransomware claims as of late.

Hackers utilized ransomware to bring down frameworks that control everything from hospital billing to manufacturing and halted simply in the wake of accepting 'hefty payments', commonly paid in cryptocurrency.

Ransomware payment requests have seen quite a rise amidst the pandemic as people have chosen to work remotely and hackers target online systems. 

The normal ransomware payments bounced by 60% to $178,254 between the first and second quarters, as per Coveware, a firm that arranges and negotiates cyber ransom payoffs. The cyber policies frequently cover such ransoms, data recovery, legitimate liabilities, and arbitrators fluent in hackers' local dialects. 

Sumon Dantiki, a King and Spalding LLC legal advisor who exhorts on national security and cyber matters says that advanced insurers and financial establishments are now mindful of the sanctions concern. “Will victims who are insured still decide to make the payments?” Dantiki said. “This type of public advisory could affect the calculus there.” 

A subsequent FinCEN report even highlighted a developing industry of forensic firms that assist associations with responding to cyberattacks, including handling the payments.

OFAC referred to cyberattacks dating to 2015 that were traced back to hackers in sanctioned nations, like North Korea and Russia.

Nonetheless, while it is clearly evident that the US can force economic and trade sanctions on nations that support terrorism or disregard human rights, it will be the financial institutions that ultimately draw in with them or a few individuals can confront prosecution and penalties in the end.


White House To Update U.S’s Approach To Its Maritime Cybersecurity Strategy In Coming Months

 

With hopes to upgrade the U.S. government's approach to deal with its maritime cybersecurity strategy in the coming months, the Trump administration is presently attempting to improve and further secure down the United States' ability to 'project power at sea' and guard against adversarial cyberattacks. 
Their plan incorporates re-evaluating the national approach to deal with data sharing and better emphasizing the utilization of operational technologies in ports, as per one senior administration official. 

When two officials were approached to comment they declined on revealing any particular data about the administration's plans, saying more info would be very soon be made public. 

Yet, hackers have already begun their work, they have been for long focusing on shipping firms and the maritime supply chain to steal any data associated with the U.S. government or intrude on cargo operations and activities. 

Utilizing a strain of ransomware known as Ryuk, the hackers have undermined computer networks at a maritime transportation office a year ago simultaneously disrupting tasks for 30 hours, as per the U.S. Coast Guard. 

This declaration comes in the midst of a few endeavors at the Department of Defense to test preparedness and readiness against cyberattacks in the maritime domain. 

The Pentagon's offensive unit, Cyber Command, duplicated a cyberattack a year ago on a seaport. The Army is likewise taking an interest in an activity intended to 'simulate adversaries' focusing on U.S. ports this month. 

As of late, the Trump administration has been worried about a ransomware attack focused explicitly on a transportation organization, “affected COVID-19 supply chains in Australia,” which one senior organization official said.

 “Adversaries frequently interfere with ship or navigation systems by targeting position or navigation systems through spoofing or jamming, causing hazards to shipping,” one senior administration official said.

Paytm Mall Suffers Data Breach, Hackers Demanded Ransom


Paytm has allegedly suffered a huge data breach after a hacker group targeted the company's PayTM Mall database and demanded a ransom in return for the data. 
The hacker group, dubbed as 'John Wick' and has been known for hacking the database of companies under the pretense of helping them fix bugs in their frameworks. 

Global cyber intelligence agency Cyble stated that the John Wick hacker group had 'unhindered' access to Paytm Mall's whole production database through indirect access, which potentially influences all accounts and related info at Paytm Mall.

An official update Cyble states, “According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hacker's demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid..” 

The volume of info breached is presently unknown however, Cyble claims that attackers have made demands for 10 ETH, which is equivalent to USD 4,000. 

Paytm Mall spokesperson comments, "We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies." 

Nonetheless, 'John Wick' is known to have been broken into numerous Indian companies and collected ransom from different Indian organizations including OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through different aliases, like 'South Korea' and 'HCKINDIA'.

Uber's Former Chief Security Officer Charged for Covering up A Massive Data Breach

Uber's former chief security officer, Joe Sullivan, was very recently charged by the federal prosecutors in the United States for covering up an enormous data breach that the company had endured in 2016.

Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that additionally included paying hackers $100,000 ransom to keep the incident a secret, according to the press release published by the U.S. Department of Justice. 

It said, "A criminal complaint was filed today in federal court charging Joseph Sullivan with obstruction of justice and misprision of a felony in connection with the attempted cover-up of the 2016 hack of Uber Technologies.” 

The 2016 Uber's data breach exposed names, email addresses, phone numbers of 57 million Uber riders and drivers, and driving license numbers of around 600,000 drivers. 

The company revealed this data out in the open almost a year later in 2017, following Sullivan's exit from Uber in November. 

Later it was reported for, that two hackers, Brandon Charles Glover of Florida and Vasile Mereacre of Toronto, were the ones responsible for the incident and were the ones to whom Sullivan ‘approved’ paying cash in return for the promises to delete information of the clients that they had stolen.

The problem initially began when Sullivan, as a representative for Uber, in 2016 was reacting to FTC inquiries with respect to a previous data breach incident in 2014, and at the same time, Brandon and Vasile reached him in regards to the new data breach. 

"On November 14, 2016, approximately 10 days after providing his testimony to the FTC, Sullivan received an email from a hacker informing him that Uber had been breached again and his team was able to confirm the breach within 24 hours of his receipt of the email. Rather than report the 2016 breach, Sullivan allegedly took deliberate steps to prevent knowledge of the breach from reaching the FTC." 

As indicated by court archives, the ransom amount was paid through a bug bounty program trying to document the blackmailing payment as ‘bounty’ for white-hat hackers who highlight the security issues however have not compromised information. 

The federal prosecutors said, “After Uber personnel were able to identify two of the individuals responsible for the breach, Sullivan arranged for the hackers to sign fresh copies of the non-disclosure agreements in their true names. The new agreements retained the false condition that no data had been obtained. Uber's new management ultimately discovered the truth and disclosed the breach publicly, and to the FTC, in November 2017." 

However just last year, the two hackers were pleaded guilty to a few counts of charges for hacking and blackmailing Uber, LinkedIn, and various other U.S. corporations. In 2018, English and Dutch data protection regulators had likewise fined Uber with $1.1 million for neglecting to secure its clients' personal data during a 2016 cyber-attack.

As of now, if Sullivan is found guilty of cover-up charges, he could expect at least eight years in prison along with potential fines of up to $500,000.

Hackers Can Now Clone Your Key Using Just a Smartphone Microphone and a Program

Earlier this year researchers at the National University of Singapore came up and published a paper enumerating how, utilizing just a smartphone microphone and a program designed by them, a hacker can clone your key.

The key, named SpiKey, is the sound made by the lock pins as they move over a typical key's edges. 

The paper written by Soundarya Ramesh, Harini Ramprasad, and Jun Han, says that “When a victim inserts a key into the door lock, an attacker walking by records the sound with a smartphone microphone." 

And with that recording alone, the hacker/thief can utilize the time between the audible clicks to determine the distance between the edges along with the key. 

Utilizing this info, a 'bad actor' could then figure out and afterward come up with a series of likely keys. 

 So now, rather than messing around with lock-picking tools, a thief could basically attempt a few pre-made keys and afterward come directly in through the victim's door. 

However of course there are some shortcomings to carrying out this attack as well like the attacker would need to comprehend what kind of lock the victim has or the speed at which the key is placed into the lock is thought to be constant. 

But the researchers have thought of this as well, and they concocted the clarification that, "This assumption may not always hold in [the] real-world, hence, we plan to explore the possibility of combining information across multiple insertions” 

The study authors further clarified, "We may exploit other approaches of collecting click sounds such as installing malware on a victim’s smartphone or smartwatch, or from door sensors that contain microphones to obtain a recording with the higher signal-to-noise ratio. We may also exploit long-distance microphones to reduce suspicion. Furthermore, we may increase the scalability of SpiKey by installing one microphone in an office corridor and collect recordings for multiple doors." 

Taking the case of the supposed 'smart locks' which despite everything still present their own security issues, the Amazon's Ring security cameras, for example, are hacked constantly, so as it were, as the researchers hypothesize, the hacker could, in principle, utilize the microphone embedded in such a camera to capture the sounds your key makes and afterward utilize the SpiKey procedure to create physical keys to your home.

Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack



The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. 

The test had been hit by a distributed denial of service (DDoS) attack, which includes a hacker or group endeavoring to bring down a server by overpowering it with traffic according to ExamSoft, one of the three vendors offering the exam that certifies potential attorneys. 

The incident marked the first DDoS attack the organization had encountered at a network level, ExamSoft said, and it worked with the Michigan Board of Law Examiners to give test-takers more time to take the test after it was ready for action once more. 

The company noted that "at no time" was any information compromised, and that it had the option to “thwart the attack, albeit with a minor delay” for test-takers. 

The Michigan Supreme Court tweeted preceding the organization's statement that a "technical glitch" had made the test go down, and those test takers were “emailed passwords and the test day will be extended to allow for the delay for some test takers to access the second module.” 

As per the court, those taking the test with provisions from the Americans with Disabilities Act were not affected by the episode.

 “All exam takers were successfully able to start and complete all modules of the Michigan Bar exam,” the organization wrote. 

“This was a sophisticated attack specifically aimed at the login process for the ExamSoft portal which corresponded with an exam session for the Michigan Bar,” ExamSoft said in a statement on Tuesday. 

United for Diploma Privilege, a national gathering of law students, graduates, professors, and lawyers pushing for the bar exam to be postponed during the COVID-19 pandemic, raised worries about data privacy issues associated with the cyberattack.  

Numerous states have opted to offer the bar exam in-person this month, while others will offer the test online in early October. 

A spokesperson for the National Conference of Bar Examiners (NCBE), which drafts a segment of the test, told 'The Hill' just earlier this month that states and jurisdiction could decide to offer the test through vendors such as ExamSoft, Extegrity and ILG Technologies.


The First Ransomware Attack and the Ripples It Sent Forward In Time


What was once a simple piece of malware discovered just 20 years ago this month exhibited its capacity which transformed the entire universe of cyber-security that we know of today?

Initially expected to just harvest the passwords of a couple of local internet providers, the malware, dubbed as 'LoveBug' spread far and wide, infecting more than 45 million devices to turn into the first piece of malware to truly take businesses offline.

LoveBug was the shift of malware from a constrained exposure to mass demolition. 45 million compromised devices daily could rise to 45 million daily payments.

Be that as it may, eleven years before anybody had known about LoveBug, the IT industry saw the first-ever main case of ransomware, as AIDS Trojan. AIDS Trojan which spread through infected floppy disks sent to HIV specialists as a feature of a knowledge-sharing activity.

The 'lovechild' of LoveBug and AIDS Trojan was the ransomware that followed, with GPCoder and Archievus hitting organizations around the globe through which the hackers additionally bridled ecommerce sites to discover better ways to receive payments.

The protection industry responded by taking necessary steps with 'good actors' cooperating to decipher the encryption code on which Archievus depended, and sharing it broadly to assist victim with abstaining from paying any ransom.

From that point forward the 'cat and mouse' game has proceeded with viruses like CryptoLocker, CryptoDefense, and CryptoLocker2.0 constructing new attack strategies, and the protection industry executing new defenses. Presently ransomware has become increasingly sophisticated and progressively prevalent as targets today are more averse to be individuals since large businesses can pay enormous sums of cash.

And yet, data protection has become progressively sophisticated as well, with certain four areas that should now be a part of each business' ransomware strategy: protect, detect, respond, and recover. Social engineering and phishing are also presently becoming progressively central to the success of a ransomware attack.

The LoveBug was effective in a scattergun fashion, yet at the same time depended on social engineering.

Had individuals been less disposed to open an email with the subject line ‘I love you', the spread of the malware would have been 'far more limited'.

Nevertheless, the users presently ought to be more alert of the increasingly diverse threats in light of the fact that inexorably, hackers are expanding their threats data exfiltration or public exposure on the off chance that they feel that leaking data may be progressively 'persuasive' for their targets.

Thus so as to react to the issue, it's essential to have backup copies of data and to comprehend the nature and estimation of the information that may have been undermined in any way.

Best Practice Tips for Password Administration from Tech Security Insiders



Passwords have been an industry-standard as well as industry headache for a considerable length of time and their administration henceforth has become the misery of end-users and IT administrators, yet there are alternatives to take advantage of the experience and reduce their headaches.

And so here are several industry experts discussing the challenges of and solutions to passwords.


  1. Matt Davey, COO at 1Password, an online password management provider; 
  2. Daniel Smith, head of security research at Radware, a security solutions provider; 
  3. Rick McElroy, principal security strategist at VMware Carbon Black, a virtual security platform; Matt Wilson, chief information security advisor at BTB Security, a security solutions provider; 
  4. And Ben Goodman, CISSP and senior vice president of global business and corporate development at identity platform provider ForgeRock.


The first issue discussed was the current challenges faced with passwords, Matt Davey was of the view that “Even though for many years we've relied on passwords to securely access the apps and services we use daily, both at home and at work. Today, as many of these services move to the cloud and breaches become bigger and more frequent, password authentication is even more critical, particularly for enterprises.”

Whereas Matt Wilson says, “Since the dawn of the first password we've struggled with largely the same issues; selecting strong, unique, passwords, remembering and storing them, and changing them periodically. People pick bad passwords and share them across multiple accounts for a very simple reason: It's easier to remember.

As attackers have developed and refined their toolsets, they've increased their capabilities to attack our accounts. Their speed of attack, the volume of guesses, the ability to mask their location/identity, and the "intelligence" they've developed to make better guesses make protecting our accounts more difficult than ever before.”

The second topic of discussion was the remedies and as per Daniel Smith, “Password hygiene is one of the biggest problems that both organizations and individual users face today. One of the easiest ways to combat and remedy the issue with password hygiene is through the use of a password manager and the use of multi-factor authentication.

Using a password manager naturally encourages users to not reuse passwords, and there are plenty of user-friendly options available to both consumers and the enterprise. Multi-factor authentication simply creates an extra step for accessing any account, and can be the barrier needed to stopping unwanted access.”

But when the last question was addressed i.e. what will replace the password problem in the future. Rick McElroy was quick to answer by referring to the current state of pandemic observed by the world, he says, “Short term, it looks like hand and fingerprint biomarkers, two-factor authentication with a mobile device and, in a post-COVID-19 world, facial recognition will be rolled out faster than ever. At some point in the future, DNA will probably be used to verify identity in the medical field but may not be applied to say a laptop and windows login currently.

Long term, I could see a future where a combination of measurements like a heartbeat and brain waves could be used. These types of identification systems are already being beta tested on battlefields to ensure the right criminals and insurgents are being arrested and to protect innocent lives. I would not be shocked to see that deployed at some point in the future.”

And lastly, Ben Goodman was of the opinion that, “Passwords should become a thing of the past. Today, organizations can solve the challenges that come with passwords by leveraging technology that can provide a passwordless user journey.

By adopting a passwordless approach, organizations provide users with frictionless, secure digital experiences. With the use of biometrics or push notifications, organizations can bring the same effortless authentications users have experienced on their smartphones, with technologies like FaceID from Apple or Samsung's Ultrasonic Fingerprint scanner, to every digital touchpoint while ensuring security.”

And since as a feature of an intelligent authentication strategy, passwordless authentication empowers future-proof access so as to improve the customer experience and guaranteeing security by pushing suspicious users to 'additional verification'.

So it is clearly evident from this above discourse that organizations don't have to wait for any further to comprehend and solve password issues: If only they choose the correct arrangement, passwordless verification is conceivable even today.

How Coronavirus Panic Created a Perfect Opportunity for Cyberattacks in Crucial Sectors?


In tough times like this, there is always someone out there looking for a weak spot to attack their enemy. The impact of Coronavirus today has devastated the socio-economic and political sectors; it has disrupted the commercial industry entirely, which has led to the fall of global trade and commerce, and unmistakably the panic and the terror among the people. Few people are already aware of this, but unfortunately, there still exist several people who are not aware of the fact that hackers are using it as an opportunity to exploit this vulnerability by launching cyberattacks.


For instance, recently, the US Department of Health and Human Services suffered a cyberattack while it was dealing with the coronavirus situation. However, none of the website's data and information was compromised. Still, according to the officials, hackers responsible for the attack are state-sponsored, looking for it as an opportunity to attack the working of the US departments and institutions. In other incidents, cyberattacks under the name of 'Wuhan Coronavirus' were launched in many countries. According to Kaspersky experts, ten files with the names of 'coronavirus-spread' contain malware, and file-encrypting infections are barging into systems and corrupting them.

The Potential Target Areas

1. Political: Cyber attacks can be launched on prominent political infrastructures like government ministries and health departments with the use of false information and misinformation. The latest DDoS attack on the US Department of health is just a beginning. False reports of 'nationwide lockdown' or 'nationwide quarantine' appeared in many countries like India and the US. The government is continuously working to expose these fake news by launching an official caution advisory on their websites requesting the public not to trust or share unverified information.

2. Criminal: The hackers are looking at it as an opportunity to launch cyberattacks. According to Checkpoint's Global Threat Index, "hackers around the globe have found the Coronavirus serving them well as an enabler for their activities. They are still riding the wave of the epidemic. Our Global Threat Index for January 2020 shows cyber-criminals are exploiting interest in the global epidemic to spread malicious activity, with several spam campaigns relating to the outbreak of the virus."

The website of the Echo of Moscow radio station reported a two-week hacker attack


For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been hacked.

According to Sergey Buntman, First Deputy Editor-in-Chief of Echo, the radio station technically and actually proved that there are attacks not only on the Echo of Moscow website but also on the Echo office, and on computers, computer and Internet communications. Because of this, part of the telephone service is also affected.

"We asked for help wherever we could, both technical, political, and law enforcement agencies. We linked these attacks with certain information, programs. Law enforcement agencies, as I understand it, are now searching for the source of the attacks," said Alexey Venediktov, Editor-in-Chief of Echo.

He said that two weeks ago, powerful hacker attacks began. Their peculiarity was that they attacked not only the site but also the communication channels of Echo of Moscow when programs were broadcast with presenters who are located remotely," explained Venediktov.

In addition, office computers were unexpectedly attacked, due to which Echo Moscow could not receive news from news agencies. "It is very important that they attack Internet communication channels, including from the satellite from which our regional partners receive the signal. These are very experienced, very powerful DDoS attacks. As experts tell us, very large structures have such capabilities," he said, adding that the radio station's specialists have already learned to repel all these attacks.

However, according to Venediktov, the radio station is losing subscribers and advertisers. The Editorial Board drew the attention of the shareholders to this fact, and "the shareholders are worried".

Kaspersky Lab recorded an increase in attacks by Russian hackers on banks in Africa


Kaspersky Lab recorded a wave of targeted attacks on major banks in several Tropical African countries in 2020. It is assumed that the attacks are made by the Russian-speaking hacker group Silence.

According to the company's leading anti-virus expert, Sergey Golovanov, "hundreds and sometimes thousands of attempts to attack the infrastructure of banks in Africa are blocked every day."
According to Kaspersky Lab, the hacker group Silence has already penetrated the internal network of

African financial organizations, and the attacks are "in the final stages".
During the attack, hackers could gain access to a large amount of confidential data that can be used in the future, said Golovanov.

At the end of August 2019, Group IB calculated the amount of theft from banks by the group of Russian-speaking hackers The Silence. From June 2016 to June 2019, the amount of damage amounted to about 272 million rubles ($4.2 million). Hackers infected financial institutions in more than 30 countries in Asia, Europe and the CIS.

According to Kaspersky Lab, Silence attacks financial organizations around the world with phishing emails containing malicious files, often on behalf of real employees of organizations. Viruses use administrative tools, study the internal infrastructure of banks, and then attackers steal money (including through ATMs).

The director of the Positive Technologies security expert center, Alexei Novikov believes that Silence did not increase activity at the beginning of 2020, and attacks outside of Russia and the CIS countries are uncharacteristic for them.

Recall that in October, Group-IB reported five hacker groups that threaten Russian banks: Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

Russian hackers included in the US sanctions list may be associated with the criminal world


Russian hackers from the group Evil Corp, which the British intelligence services call the most dangerous in the world, can be associated with crime, in particular, with the thief in law Vyacheslav Ivankov, better known as Yaponchik ("the little Japanese").

On December 9, it became known that Maxim Yakubets, the alleged leader of the group, was married to Alena Benderskaya, who is the daughter of Eduard Bendersky, a veteran of the FSB special forces Vympel.

Journalists wrote that Benderskaya is the founder of companies associated with the security business of her father, as well as co-owner of two stores of the Italian brand Plein Sport. It's sportswear stores that Yakubets and his friends from Evil Corp liked to wear.

According to the database, the share in these stores belongs to Otari Sadov. Journalists call him "the son of an authoritative businessman Leni Assiriysky, the right hand and nephew of Yaponchik."
According to a source familiar with the details of the investigation, the hacker group was engaged in money laundering, including through real estate investments. He emphasized that Yakubets attracted a thief in law to Evil Corp.

Earlier it became known that one of the participants of the hacker group Evil Corp was Andrei Kovalsky, the son of Vladimir Strelchenko, the former mayor of the Moscow city of Khimki.

On December 5, the US government imposed sanctions against 17 Evil Corp hackers and companies associated with them. The US Treasury Department estimated the damage from their activities at $100 million.

The leader of the group Maxim Yakubets arrested in absentia. The US State department has announced a five-million-dollar reward for information leading to his arrest.