Search This Blog

Showing posts with label Hackers. Show all posts

Russia A Suspect of Norwegian Parliament Cyber Attack?

 

In September, Norwegian authorities said that email accounts of a few authorities had been undermined during a cyber-attack, and some data had been downloaded. In any case, the full extent of the harm brought about by the hack was not yet not revealed. 

Now the nation outrightly blames Russia for this cyber-attack on the email system in the Norwegian parliament. 

Earlier this year in a report, Norway's military intelligence agency had already warned that Russia was attempting to cause more friction in the nation through purported influence operations, aimed toward debilitating public trust in the government, election process as well as the media. 

National legislatures are a 'key source’ of policy-related data, as are oftentimes targeted by hacking campaigns. In August, Norway ousted a Russian diplomat on suspicion of spying. Russia fought back similarly by removing a Norwegian diplomat just days later. 

Foreign Minister Ine Eriksen Soreide took it a serious occurrence influencing the nation's "most important democratic institution” “Based on the information available to the government it is our assessment that Russia stood behind this activity" she said without giving any evidence. Although Moscow rejected the claim, calling it a "serious and wilful provocation." 

Ms. Soreide of course said in a statement that Norway's security and intelligence services were "co-operating closely to deal with this matter at the national level." Because of it, Russia's embassy in Oslo hit back at the "unacceptable" declaration, saying no proof had been introduced. 

However, when we look at things from Norway’s perspective, it is very clear as to to to why they did what they did. The evidence of which lies in the past events that involved both the countries. 

One being when Norway had arrested a Russian national in 2018 who was said to have been suspected of gathering information on the country's parliamentary network. 

Although the individual was later released due to an of. Likewise, in January this year, the personal details of several German politicians, including Chancellor Angela Merkel, were stolen and published online. 

And just the previous year, Australia's cyber intelligence agency accused China after hackers had attempted to break into the Australian parliament, something which the Chinese authorities had denied.

Warning Issued to End Cyberattacks Risk Running Afoul of Sanctions Rules by The U.S. Treasury Department

 

The U.S. Treasury Department recently issued a warning to cyber insurers and other financial institutions that 'facilitate payments' to hackers to end cyberattacks hazard crossing paths with sanctions rules. 

The warnings, referred to as 'malignant programs' known as ransomware and came in from Treasury's Office of Foreign Assets Control (OFAC)and Financial Crimes Enforcement Network (FinCEN).

The warnings also added to the additional worries of the cyber insurers, who have been 'ramping up' rates and attempting to control the exposure to vulnerable customers on account of flooding exorbitant ransomware claims as of late.

Hackers utilized ransomware to bring down frameworks that control everything from hospital billing to manufacturing and halted simply in the wake of accepting 'hefty payments', commonly paid in cryptocurrency.

Ransomware payment requests have seen quite a rise amidst the pandemic as people have chosen to work remotely and hackers target online systems. 

The normal ransomware payments bounced by 60% to $178,254 between the first and second quarters, as per Coveware, a firm that arranges and negotiates cyber ransom payoffs. The cyber policies frequently cover such ransoms, data recovery, legitimate liabilities, and arbitrators fluent in hackers' local dialects. 

Sumon Dantiki, a King and Spalding LLC legal advisor who exhorts on national security and cyber matters says that advanced insurers and financial establishments are now mindful of the sanctions concern. “Will victims who are insured still decide to make the payments?” Dantiki said. “This type of public advisory could affect the calculus there.” 

A subsequent FinCEN report even highlighted a developing industry of forensic firms that assist associations with responding to cyberattacks, including handling the payments.

OFAC referred to cyberattacks dating to 2015 that were traced back to hackers in sanctioned nations, like North Korea and Russia.

Nonetheless, while it is clearly evident that the US can force economic and trade sanctions on nations that support terrorism or disregard human rights, it will be the financial institutions that ultimately draw in with them or a few individuals can confront prosecution and penalties in the end.


White House To Update U.S’s Approach To Its Maritime Cybersecurity Strategy In Coming Months

 

With hopes to upgrade the U.S. government's approach to deal with its maritime cybersecurity strategy in the coming months, the Trump administration is presently attempting to improve and further secure down the United States' ability to 'project power at sea' and guard against adversarial cyberattacks. 
Their plan incorporates re-evaluating the national approach to deal with data sharing and better emphasizing the utilization of operational technologies in ports, as per one senior administration official. 

When two officials were approached to comment they declined on revealing any particular data about the administration's plans, saying more info would be very soon be made public. 

Yet, hackers have already begun their work, they have been for long focusing on shipping firms and the maritime supply chain to steal any data associated with the U.S. government or intrude on cargo operations and activities. 

Utilizing a strain of ransomware known as Ryuk, the hackers have undermined computer networks at a maritime transportation office a year ago simultaneously disrupting tasks for 30 hours, as per the U.S. Coast Guard. 

This declaration comes in the midst of a few endeavors at the Department of Defense to test preparedness and readiness against cyberattacks in the maritime domain. 

The Pentagon's offensive unit, Cyber Command, duplicated a cyberattack a year ago on a seaport. The Army is likewise taking an interest in an activity intended to 'simulate adversaries' focusing on U.S. ports this month. 

As of late, the Trump administration has been worried about a ransomware attack focused explicitly on a transportation organization, “affected COVID-19 supply chains in Australia,” which one senior organization official said.

 “Adversaries frequently interfere with ship or navigation systems by targeting position or navigation systems through spoofing or jamming, causing hazards to shipping,” one senior administration official said.

Paytm Mall Suffers Data Breach, Hackers Demanded Ransom


Paytm has allegedly suffered a huge data breach after a hacker group targeted the company's PayTM Mall database and demanded a ransom in return for the data. 
The hacker group, dubbed as 'John Wick' and has been known for hacking the database of companies under the pretense of helping them fix bugs in their frameworks. 

Global cyber intelligence agency Cyble stated that the John Wick hacker group had 'unhindered' access to Paytm Mall's whole production database through indirect access, which potentially influences all accounts and related info at Paytm Mall.

An official update Cyble states, “According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hacker's demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid..” 

The volume of info breached is presently unknown however, Cyble claims that attackers have made demands for 10 ETH, which is equivalent to USD 4,000. 

Paytm Mall spokesperson comments, "We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies." 

Nonetheless, 'John Wick' is known to have been broken into numerous Indian companies and collected ransom from different Indian organizations including OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through different aliases, like 'South Korea' and 'HCKINDIA'.

Uber's Former Chief Security Officer Charged for Covering up A Massive Data Breach

Uber's former chief security officer, Joe Sullivan, was very recently charged by the federal prosecutors in the United States for covering up an enormous data breach that the company had endured in 2016.

Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that additionally included paying hackers $100,000 ransom to keep the incident a secret, according to the press release published by the U.S. Department of Justice. 

It said, "A criminal complaint was filed today in federal court charging Joseph Sullivan with obstruction of justice and misprision of a felony in connection with the attempted cover-up of the 2016 hack of Uber Technologies.” 

The 2016 Uber's data breach exposed names, email addresses, phone numbers of 57 million Uber riders and drivers, and driving license numbers of around 600,000 drivers. 

The company revealed this data out in the open almost a year later in 2017, following Sullivan's exit from Uber in November. 

Later it was reported for, that two hackers, Brandon Charles Glover of Florida and Vasile Mereacre of Toronto, were the ones responsible for the incident and were the ones to whom Sullivan ‘approved’ paying cash in return for the promises to delete information of the clients that they had stolen.

The problem initially began when Sullivan, as a representative for Uber, in 2016 was reacting to FTC inquiries with respect to a previous data breach incident in 2014, and at the same time, Brandon and Vasile reached him in regards to the new data breach. 

"On November 14, 2016, approximately 10 days after providing his testimony to the FTC, Sullivan received an email from a hacker informing him that Uber had been breached again and his team was able to confirm the breach within 24 hours of his receipt of the email. Rather than report the 2016 breach, Sullivan allegedly took deliberate steps to prevent knowledge of the breach from reaching the FTC." 

As indicated by court archives, the ransom amount was paid through a bug bounty program trying to document the blackmailing payment as ‘bounty’ for white-hat hackers who highlight the security issues however have not compromised information. 

The federal prosecutors said, “After Uber personnel were able to identify two of the individuals responsible for the breach, Sullivan arranged for the hackers to sign fresh copies of the non-disclosure agreements in their true names. The new agreements retained the false condition that no data had been obtained. Uber's new management ultimately discovered the truth and disclosed the breach publicly, and to the FTC, in November 2017." 

However just last year, the two hackers were pleaded guilty to a few counts of charges for hacking and blackmailing Uber, LinkedIn, and various other U.S. corporations. In 2018, English and Dutch data protection regulators had likewise fined Uber with $1.1 million for neglecting to secure its clients' personal data during a 2016 cyber-attack.

As of now, if Sullivan is found guilty of cover-up charges, he could expect at least eight years in prison along with potential fines of up to $500,000.

Hackers Can Now Clone Your Key Using Just a Smartphone Microphone and a Program

Earlier this year researchers at the National University of Singapore came up and published a paper enumerating how, utilizing just a smartphone microphone and a program designed by them, a hacker can clone your key.

The key, named SpiKey, is the sound made by the lock pins as they move over a typical key's edges. 

The paper written by Soundarya Ramesh, Harini Ramprasad, and Jun Han, says that “When a victim inserts a key into the door lock, an attacker walking by records the sound with a smartphone microphone." 

And with that recording alone, the hacker/thief can utilize the time between the audible clicks to determine the distance between the edges along with the key. 

Utilizing this info, a 'bad actor' could then figure out and afterward come up with a series of likely keys. 

 So now, rather than messing around with lock-picking tools, a thief could basically attempt a few pre-made keys and afterward come directly in through the victim's door. 

However of course there are some shortcomings to carrying out this attack as well like the attacker would need to comprehend what kind of lock the victim has or the speed at which the key is placed into the lock is thought to be constant. 

But the researchers have thought of this as well, and they concocted the clarification that, "This assumption may not always hold in [the] real-world, hence, we plan to explore the possibility of combining information across multiple insertions” 

The study authors further clarified, "We may exploit other approaches of collecting click sounds such as installing malware on a victim’s smartphone or smartwatch, or from door sensors that contain microphones to obtain a recording with the higher signal-to-noise ratio. We may also exploit long-distance microphones to reduce suspicion. Furthermore, we may increase the scalability of SpiKey by installing one microphone in an office corridor and collect recordings for multiple doors." 

Taking the case of the supposed 'smart locks' which despite everything still present their own security issues, the Amazon's Ring security cameras, for example, are hacked constantly, so as it were, as the researchers hypothesize, the hacker could, in principle, utilize the microphone embedded in such a camera to capture the sounds your key makes and afterward utilize the SpiKey procedure to create physical keys to your home.

Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack



The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. 

The test had been hit by a distributed denial of service (DDoS) attack, which includes a hacker or group endeavoring to bring down a server by overpowering it with traffic according to ExamSoft, one of the three vendors offering the exam that certifies potential attorneys. 

The incident marked the first DDoS attack the organization had encountered at a network level, ExamSoft said, and it worked with the Michigan Board of Law Examiners to give test-takers more time to take the test after it was ready for action once more. 

The company noted that "at no time" was any information compromised, and that it had the option to “thwart the attack, albeit with a minor delay” for test-takers. 

The Michigan Supreme Court tweeted preceding the organization's statement that a "technical glitch" had made the test go down, and those test takers were “emailed passwords and the test day will be extended to allow for the delay for some test takers to access the second module.” 

As per the court, those taking the test with provisions from the Americans with Disabilities Act were not affected by the episode.

 “All exam takers were successfully able to start and complete all modules of the Michigan Bar exam,” the organization wrote. 

“This was a sophisticated attack specifically aimed at the login process for the ExamSoft portal which corresponded with an exam session for the Michigan Bar,” ExamSoft said in a statement on Tuesday. 

United for Diploma Privilege, a national gathering of law students, graduates, professors, and lawyers pushing for the bar exam to be postponed during the COVID-19 pandemic, raised worries about data privacy issues associated with the cyberattack.  

Numerous states have opted to offer the bar exam in-person this month, while others will offer the test online in early October. 

A spokesperson for the National Conference of Bar Examiners (NCBE), which drafts a segment of the test, told 'The Hill' just earlier this month that states and jurisdiction could decide to offer the test through vendors such as ExamSoft, Extegrity and ILG Technologies.


The First Ransomware Attack and the Ripples It Sent Forward In Time


What was once a simple piece of malware discovered just 20 years ago this month exhibited its capacity which transformed the entire universe of cyber-security that we know of today?

Initially expected to just harvest the passwords of a couple of local internet providers, the malware, dubbed as 'LoveBug' spread far and wide, infecting more than 45 million devices to turn into the first piece of malware to truly take businesses offline.

LoveBug was the shift of malware from a constrained exposure to mass demolition. 45 million compromised devices daily could rise to 45 million daily payments.

Be that as it may, eleven years before anybody had known about LoveBug, the IT industry saw the first-ever main case of ransomware, as AIDS Trojan. AIDS Trojan which spread through infected floppy disks sent to HIV specialists as a feature of a knowledge-sharing activity.

The 'lovechild' of LoveBug and AIDS Trojan was the ransomware that followed, with GPCoder and Archievus hitting organizations around the globe through which the hackers additionally bridled ecommerce sites to discover better ways to receive payments.

The protection industry responded by taking necessary steps with 'good actors' cooperating to decipher the encryption code on which Archievus depended, and sharing it broadly to assist victim with abstaining from paying any ransom.

From that point forward the 'cat and mouse' game has proceeded with viruses like CryptoLocker, CryptoDefense, and CryptoLocker2.0 constructing new attack strategies, and the protection industry executing new defenses. Presently ransomware has become increasingly sophisticated and progressively prevalent as targets today are more averse to be individuals since large businesses can pay enormous sums of cash.

And yet, data protection has become progressively sophisticated as well, with certain four areas that should now be a part of each business' ransomware strategy: protect, detect, respond, and recover. Social engineering and phishing are also presently becoming progressively central to the success of a ransomware attack.

The LoveBug was effective in a scattergun fashion, yet at the same time depended on social engineering.

Had individuals been less disposed to open an email with the subject line ‘I love you', the spread of the malware would have been 'far more limited'.

Nevertheless, the users presently ought to be more alert of the increasingly diverse threats in light of the fact that inexorably, hackers are expanding their threats data exfiltration or public exposure on the off chance that they feel that leaking data may be progressively 'persuasive' for their targets.

Thus so as to react to the issue, it's essential to have backup copies of data and to comprehend the nature and estimation of the information that may have been undermined in any way.

Best Practice Tips for Password Administration from Tech Security Insiders



Passwords have been an industry-standard as well as industry headache for a considerable length of time and their administration henceforth has become the misery of end-users and IT administrators, yet there are alternatives to take advantage of the experience and reduce their headaches.

And so here are several industry experts discussing the challenges of and solutions to passwords.


  1. Matt Davey, COO at 1Password, an online password management provider; 
  2. Daniel Smith, head of security research at Radware, a security solutions provider; 
  3. Rick McElroy, principal security strategist at VMware Carbon Black, a virtual security platform; Matt Wilson, chief information security advisor at BTB Security, a security solutions provider; 
  4. And Ben Goodman, CISSP and senior vice president of global business and corporate development at identity platform provider ForgeRock.


The first issue discussed was the current challenges faced with passwords, Matt Davey was of the view that “Even though for many years we've relied on passwords to securely access the apps and services we use daily, both at home and at work. Today, as many of these services move to the cloud and breaches become bigger and more frequent, password authentication is even more critical, particularly for enterprises.”

Whereas Matt Wilson says, “Since the dawn of the first password we've struggled with largely the same issues; selecting strong, unique, passwords, remembering and storing them, and changing them periodically. People pick bad passwords and share them across multiple accounts for a very simple reason: It's easier to remember.

As attackers have developed and refined their toolsets, they've increased their capabilities to attack our accounts. Their speed of attack, the volume of guesses, the ability to mask their location/identity, and the "intelligence" they've developed to make better guesses make protecting our accounts more difficult than ever before.”

The second topic of discussion was the remedies and as per Daniel Smith, “Password hygiene is one of the biggest problems that both organizations and individual users face today. One of the easiest ways to combat and remedy the issue with password hygiene is through the use of a password manager and the use of multi-factor authentication.

Using a password manager naturally encourages users to not reuse passwords, and there are plenty of user-friendly options available to both consumers and the enterprise. Multi-factor authentication simply creates an extra step for accessing any account, and can be the barrier needed to stopping unwanted access.”

But when the last question was addressed i.e. what will replace the password problem in the future. Rick McElroy was quick to answer by referring to the current state of pandemic observed by the world, he says, “Short term, it looks like hand and fingerprint biomarkers, two-factor authentication with a mobile device and, in a post-COVID-19 world, facial recognition will be rolled out faster than ever. At some point in the future, DNA will probably be used to verify identity in the medical field but may not be applied to say a laptop and windows login currently.

Long term, I could see a future where a combination of measurements like a heartbeat and brain waves could be used. These types of identification systems are already being beta tested on battlefields to ensure the right criminals and insurgents are being arrested and to protect innocent lives. I would not be shocked to see that deployed at some point in the future.”

And lastly, Ben Goodman was of the opinion that, “Passwords should become a thing of the past. Today, organizations can solve the challenges that come with passwords by leveraging technology that can provide a passwordless user journey.

By adopting a passwordless approach, organizations provide users with frictionless, secure digital experiences. With the use of biometrics or push notifications, organizations can bring the same effortless authentications users have experienced on their smartphones, with technologies like FaceID from Apple or Samsung's Ultrasonic Fingerprint scanner, to every digital touchpoint while ensuring security.”

And since as a feature of an intelligent authentication strategy, passwordless authentication empowers future-proof access so as to improve the customer experience and guaranteeing security by pushing suspicious users to 'additional verification'.

So it is clearly evident from this above discourse that organizations don't have to wait for any further to comprehend and solve password issues: If only they choose the correct arrangement, passwordless verification is conceivable even today.

How Coronavirus Panic Created a Perfect Opportunity for Cyberattacks in Crucial Sectors?


In tough times like this, there is always someone out there looking for a weak spot to attack their enemy. The impact of Coronavirus today has devastated the socio-economic and political sectors; it has disrupted the commercial industry entirely, which has led to the fall of global trade and commerce, and unmistakably the panic and the terror among the people. Few people are already aware of this, but unfortunately, there still exist several people who are not aware of the fact that hackers are using it as an opportunity to exploit this vulnerability by launching cyberattacks.


For instance, recently, the US Department of Health and Human Services suffered a cyberattack while it was dealing with the coronavirus situation. However, none of the website's data and information was compromised. Still, according to the officials, hackers responsible for the attack are state-sponsored, looking for it as an opportunity to attack the working of the US departments and institutions. In other incidents, cyberattacks under the name of 'Wuhan Coronavirus' were launched in many countries. According to Kaspersky experts, ten files with the names of 'coronavirus-spread' contain malware, and file-encrypting infections are barging into systems and corrupting them.

The Potential Target Areas

1. Political: Cyber attacks can be launched on prominent political infrastructures like government ministries and health departments with the use of false information and misinformation. The latest DDoS attack on the US Department of health is just a beginning. False reports of 'nationwide lockdown' or 'nationwide quarantine' appeared in many countries like India and the US. The government is continuously working to expose these fake news by launching an official caution advisory on their websites requesting the public not to trust or share unverified information.

2. Criminal: The hackers are looking at it as an opportunity to launch cyberattacks. According to Checkpoint's Global Threat Index, "hackers around the globe have found the Coronavirus serving them well as an enabler for their activities. They are still riding the wave of the epidemic. Our Global Threat Index for January 2020 shows cyber-criminals are exploiting interest in the global epidemic to spread malicious activity, with several spam campaigns relating to the outbreak of the virus."

The website of the Echo of Moscow radio station reported a two-week hacker attack


For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been hacked.

According to Sergey Buntman, First Deputy Editor-in-Chief of Echo, the radio station technically and actually proved that there are attacks not only on the Echo of Moscow website but also on the Echo office, and on computers, computer and Internet communications. Because of this, part of the telephone service is also affected.

"We asked for help wherever we could, both technical, political, and law enforcement agencies. We linked these attacks with certain information, programs. Law enforcement agencies, as I understand it, are now searching for the source of the attacks," said Alexey Venediktov, Editor-in-Chief of Echo.

He said that two weeks ago, powerful hacker attacks began. Their peculiarity was that they attacked not only the site but also the communication channels of Echo of Moscow when programs were broadcast with presenters who are located remotely," explained Venediktov.

In addition, office computers were unexpectedly attacked, due to which Echo Moscow could not receive news from news agencies. "It is very important that they attack Internet communication channels, including from the satellite from which our regional partners receive the signal. These are very experienced, very powerful DDoS attacks. As experts tell us, very large structures have such capabilities," he said, adding that the radio station's specialists have already learned to repel all these attacks.

However, according to Venediktov, the radio station is losing subscribers and advertisers. The Editorial Board drew the attention of the shareholders to this fact, and "the shareholders are worried".

Kaspersky Lab recorded an increase in attacks by Russian hackers on banks in Africa


Kaspersky Lab recorded a wave of targeted attacks on major banks in several Tropical African countries in 2020. It is assumed that the attacks are made by the Russian-speaking hacker group Silence.

According to the company's leading anti-virus expert, Sergey Golovanov, "hundreds and sometimes thousands of attempts to attack the infrastructure of banks in Africa are blocked every day."
According to Kaspersky Lab, the hacker group Silence has already penetrated the internal network of

African financial organizations, and the attacks are "in the final stages".
During the attack, hackers could gain access to a large amount of confidential data that can be used in the future, said Golovanov.

At the end of August 2019, Group IB calculated the amount of theft from banks by the group of Russian-speaking hackers The Silence. From June 2016 to June 2019, the amount of damage amounted to about 272 million rubles ($4.2 million). Hackers infected financial institutions in more than 30 countries in Asia, Europe and the CIS.

According to Kaspersky Lab, Silence attacks financial organizations around the world with phishing emails containing malicious files, often on behalf of real employees of organizations. Viruses use administrative tools, study the internal infrastructure of banks, and then attackers steal money (including through ATMs).

The director of the Positive Technologies security expert center, Alexei Novikov believes that Silence did not increase activity at the beginning of 2020, and attacks outside of Russia and the CIS countries are uncharacteristic for them.

Recall that in October, Group-IB reported five hacker groups that threaten Russian banks: Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

Russian hackers included in the US sanctions list may be associated with the criminal world


Russian hackers from the group Evil Corp, which the British intelligence services call the most dangerous in the world, can be associated with crime, in particular, with the thief in law Vyacheslav Ivankov, better known as Yaponchik ("the little Japanese").

On December 9, it became known that Maxim Yakubets, the alleged leader of the group, was married to Alena Benderskaya, who is the daughter of Eduard Bendersky, a veteran of the FSB special forces Vympel.

Journalists wrote that Benderskaya is the founder of companies associated with the security business of her father, as well as co-owner of two stores of the Italian brand Plein Sport. It's sportswear stores that Yakubets and his friends from Evil Corp liked to wear.

According to the database, the share in these stores belongs to Otari Sadov. Journalists call him "the son of an authoritative businessman Leni Assiriysky, the right hand and nephew of Yaponchik."
According to a source familiar with the details of the investigation, the hacker group was engaged in money laundering, including through real estate investments. He emphasized that Yakubets attracted a thief in law to Evil Corp.

Earlier it became known that one of the participants of the hacker group Evil Corp was Andrei Kovalsky, the son of Vladimir Strelchenko, the former mayor of the Moscow city of Khimki.

On December 5, the US government imposed sanctions against 17 Evil Corp hackers and companies associated with them. The US Treasury Department estimated the damage from their activities at $100 million.

The leader of the group Maxim Yakubets arrested in absentia. The US State department has announced a five-million-dollar reward for information leading to his arrest.

Indian Govt Bans Foreign Firms from Conducting IT Security Audits


The Indian Government directs the ministries and departments responsible of India's basic infrastructure to abstain from employing foreign firms to conduct IT security audits of its frameworks and systems; this was brought to light following the cyber-attack on Kudankulam Nuclear Power Plant.

From now onwards Indian firms empanelled for inspecting will require a clearance from domestic spy agency, Intelligence Bureau (IB) to preclude any foreign link. Security reviews in every one of the ministries and critical sectors are done to guarantee that nation's information infrastructure isn't vulnerable against attacks by hackers and that every one of the systems have a protected government firewall.

As per the reports looked into by Firstpost, Computer Emergency Response Team (CERT-IN) — under the domain of the Ministry of Electronics and Information Technology — has arranged a rundown of evaluating firms in consultation with the IB.

It has been additionally observed that certain critical segments are confronting dangers from numerous sources and increasing attacks on the frameworks are organised and targeted with the assistance of criminals and state actors to thusly receive monstrous rewards out of 'information compromise or espionage'.

The cyber criminals may indulge in fraud, conduct espionage to steal state and military mysteries and disturb critical infrastructures by misusing the vulnerabilities in any framework.

The administration archives state that, “The public sector, although increasingly relying on information technology, has not fully awakened to the challenges of security. Economic stability depends on uninterrupted operations of banking, finance, critical infrastructure such as power generation and distribution, transport systems of rail, road, air, and sea which are critically reliant on information technology.

Even though the focus has been on improving systems and providing e-governance services by various institutions, the IT networks and business processes have not placed the desired emphasis on information security," Aside from this there are a couple of different directives which have been issued for critical areas for protective observing of sensitive data and risk radiating from terrorist groups or enemy state.

Workers taking care of sensitive servers will be required to unveil the phone they are carrying, its serial number, model number alongside subtleties like security abilities and vulnerabilities and the critical segments will claim all authority to control official information on the said employee's mobile, including the privilege to back up, retrieve, modify, decide access or erase the organization's information without an early notice.

Likewise, people or specialists employed for security reviews of government frameworks will have to sign a non-disclosure agreement to anticipate spillage of sensitive information.

Hackers on behalf of the Lithuania issued false news about the deployment of nuclear weapons


Hackers on behalf of the Ministry of Foreign Affairs of Lithuania spread the news about the request of the President of the country Gitanas Nauseda to the United States to establish a military base in Lithuania and transfer nuclear weapons to the country from the Incirlik base in Turkey.

The report also said that in October about 500 US troops will arrive in Lithuania to build the necessary infrastructure. A battalion of this size is really sent to Lithuania for a period of six months to conduct joint exercises with local military units.

According to the media reports, the Lithuanian Foreign Ministry denied the information about the intention of the country's leadership to create an American base.

The Foreign Ministry believes that they were subjected to an Internet attack, which is being investigated by law enforcement agencies, in particular, the National Center for Cyber Security.

The spokesman for the Lithuanian Foreign Ministry Rasa Yakilaitene informed the international community that several media, institutions of NATO member countries, and diplomatic missions received fake news. Moreover, the information was sent from the address of the Department of Communication and Cultural Diplomacy of the Ministry of Foreign Affairs of Lithuania - media@urm.lt.

In turn, the representative of the Armed Forces of the Republic of Lithuania Laimis Bratikas linked the hacker attack with the arrival of the US battalion in Lithuania and stressed that this topic will be repeatedly raised in order to discredit the military cooperation of Vilnius and Washington.

This month, the press service of the Russian Embassy in Riga reported that the postal system of the Russian Embassy in Latvia was attacked by hackers. As a result of the attack, there was an automatic mass mailing of spam letters allegedly on behalf of the Russian diplomatic mission.

Earlier, E Hacking News published information that, according to FSB Director Alexander Bortnikov, international terrorist organizations are actively developing their own cyber units. Increasingly, hackers under their control are able to provoke conflicts between countries.

The Rise of the DDoS Attacks and the Abuse of the WS-Discovery Protocol


A new type of attack that feeds on vulnerabilities in the usage of the Web Services Dynamic Discovery protocol has been discovered recently by analysts from Akamai's DDoS mitigation service Prolexic.

The attackers here are said to have had used a moderately new strategy—one that can possibly yield more than 15,000 per cent rate of return for the junk data it heaves at a victim.

Since WS-Disclosure provides devices on a similar network a chance to communicate, and guides them all to ping one area or address with insights concerning themselves, attackers can control WS-Discovery by sending uniquely crafted pernicious protocol requests to vulnerable devices like CCTV cameras and DVRs, which is extremely simple for them to do as WS-Discovery is intended to be utilized internally on local access networks and Akamai gauges that approximately 800,000 gadgets exposed on the web can receive WS-Discovery commands.

“There's a huge pool of vulnerable devices sitting out there waiting to be abused” says Chad Sailor, senior specialist on Akamai's security insight reaction group.

"DDoS attacks abusing the WS-Discovery protocol have increased," says security researcher Troy Mursch.
 "The notable thing here is the amount of vulnerable hosts that can be abused and the large amplification factor that enables crippling attacks."

Video game platforms are the most well-known targets for DDoS attacks, during the beginning of September, for instance, Blizzard's hugely famous World of Warcraft Classic went down sporadically for a considerable length of time as a result of a DDoS attack.

"With gaming, they are one of our most frequently attacked industries," Akamai's Seaman says. "We have a handful of different gaming customers that we protect and we basically see the full gamut of all the different attack vectors and exploratory attacks through them. So it’s not surprising to see them being the first ones being targeted with a new vector."

In any case the dread about WS-Discovery DDoS attacks, however, is that the gaming industry won't be the last target as the researchers caution once more that the industries should be prepared for greater versions in the future.


Zwift hackers expose next generation of cycling doping


Cyber security experts proved they can hack into Zwift and boost their performance on the indoor cycling gaming platform.

The hack works by intercepting and manipulating data sent between smart trainers and Zwift.

It underscores the need to tighten security in e-racing, a growing field with UCI-sanctioned events and Olympic ambitions.

By his own admission, cyber security consultant Brad Dixon is a bit of a cycling hack. He rides his bike for fitness and recreation, but he’s better at cracking computer codes than cranking out pro-level wattage on two wheels.

Dixon’s lack of high-end fitness might keep him off the podium IRL, but his ability to game virtual reality could help him rise through the ranks in the ever-growing arena of e-sports, where cyclists compete, often for actual cash and real-world prizes, on stationary trainers via platforms like Zwift.

Last month, Dixon gave a 40-minute presentation at DEF CON, a popular computer security conference, called Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks. He detailed how, with some standard hardware and an Xbox controller, he tricked the system into thinking he was humming around Watopia at race pace while doing nothing more strenuous than cracking open a beer.

“The game limits you to 2,000 watts of power, but for a recreational rider like me, that’s infinity,” said Dixon, who works at the New York-based consulting firm Carve Systems. “I can easily cruise around at 30-40 mph in the game at those watts, if not more.”

Such high speeds might immediately cause suspicion among anyone getting their Zwift kit blown off by a pixelated competitor. But smaller boosts, like a 5-10 watt gain here or there—enough to beat someone up a climb or to the line for a sprint—would be far less noticeable.

In the end, these numbers are all that determine how quickly your little cartoon cyclist pedals around the island. And numbers are exactly what gave Carve Systems CEO Mike Zusman, a former Cat 1 mountain bike racer, the notion for this particular hack.

These legit looking iPhone cables allow hackers to take charge of your computer

When they said you should be wary of third-party accessories and unbranded cables for charging your smartphone, they were serious. And the latest example of what a cable that isn’t original can do, should be enough to scare you. There is apparently a Lightning Cable that looks just as harmless as an iPhone cable should. But it has a nasty trick up its sleeve, which allows a hacker to take control of your computer, the moment you plug this in to the USB port. This cable has been dubbed the OMGCable.

A security researcher with the Twitter handle @_MG_ took a typical USB to Lightning cable and added a Wi-Fi implant to it. The moment this gets plugged into the USB port on a PC, a hacker sitting nearby with access to the Wi-Fi module hidden inside the cable can run a malicious code and take charge of a PC or remotely access data without the user even noticing.

“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types. Apple just happens to be the most difficult to implant, so it was a good proof of capabilities,” said MG, as reported by the TechCrunch website.

The thing with phone charging cables is that no one really gives them a second look. You see one, you plug it in and you let it be. At the same time, a lot of users are wary about using USB drives, also known as pen drives or thumb drives, because they are popular as carriers of malware and viruses that can pretty much ruin your PC.

Vulnerability in allows hackers to steal private pictures from digital cameras




The International Imaging Industry Association has devised a 'standardised protocol' known as  Picture Transfer Protocol  (PTP) to move digital pictures from camera to PC seeing as Modern Cameras which connect with a PC by means of USB or WiFi systems are said to have been vulnerable against ransomware and malware attacks.

A research report from Check Point Research ascribes the danger to Picture Transfer Protocol (PTP) used to transfer digital pictures from camera to PC.

For their research, Check Point utilized Canon's EOS 80D DSLR camera which supports both USB and WiFi, and basic vulnerabilities in the PTP were found. Given that the protocol is standardized and installed in other camera brands, it is reasonable for expect that comparable vulnerabilities can be found in cameras from different sellers too.

The transfer protocol was at first centered around picture transfer, but it evolved further to incorporate many various commands that support anything from taking a live picture to overhauling the camera's firmware.

Eyal Itkin, Security Researcher, Check Point Software Technologies says that, “Any ‘smart’ device, including the DSLR camera, is susceptible to attacks; cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. The photos could end up being held hostage until the user pays the ransom for them to be released.”

Here are some important measures the camera owners can take in order to avoid being infected:

  • Ensure your camera is utilizing the most recent firmware version, and install a patch if available.
  • Turn off the camera's WiFi when not being used
  • When utilizing Wi-Fi, take a stab at utilizing the camera as the Wi-Fi___33 access point (basically, design the camera to go about as a Wi-Fi hotspot), instead of connecting your camera to an open Wi-Fi network.


Your home wi-fi isn't safe: Hackers know router trick to access bank accounts, card details

Next time when you connect smartphone or a laptop to relatively secure home Wi-Fi, you might actually be surprised how easy it is to hack into your home Wi-Fi network, courtesy that router installed by your Internet Service Provider (ISP). A small vulnerability in the home Wi-Fi network can give a criminal access to almost all the devices that access that Wi-Fi. This could spell trouble for bank accounts, credit card details, child safety and a whole lot of other concerns.

Trouble could come in the form of a neighbourhood kid who piggybacks on your Internet service. While he plays video games online and talks to his friends over VOIP (Internet-based) telephone service, your Internet service may become sluggish.

But an unsecured home wireless system can also be used to commit crime.

According to the US Department of Justice, law enforcement officers will come knocking on your door if someone uses your Internet connection to upload or download child pornography.

And the bad guys don't have to live next door. Powerful Wi-Fi antennas can pull in a home network's signal from as far away as over 4 kms.

According to Finnish cyber security firm F-Secure, for very little money, a hacker can rent a Cloud-enabled computer and guess your network's password in minutes by brute force or using the powerful computer to try many combinations of your password.

The US Computer Emergency Readiness Team (US-CERT) recently issued an alert about Russia-sponsored hackers carrying out attacks against a large number of home routers in the U.S.

According to Sanjay Katkar, Joint Managing Director and CTO, Quick Heal Technologies, cyber criminals are known to exploit vulnerabilities in home Wi-Fi routers by delivering a payload.

"Once infected with the malware, the router can perform various malicious activities like redirecting the user to fake websites when visiting banking or other e-commerce sites," Katkar told IANS recently.