Search This Blog

Showing posts with label Hackers. Show all posts

MIDC’s Server Hacked, Threat to Destroy Data

 

The server of Maharashtra Industrial Development Corporation was hacked as of late. The ransomware 'SYNack' affected the applications and database servers facilitated at the MIDC headquarters in Mumbai by encrypting the information put away in these servers. Hackers have demanded Rs 500 crore, they have mailed a demand of Rs 500 crore on MIDC's official mail ID, sources said. 

The malware additionally tainted some desktop PCs across various office areas of the MIDC. The assailants had attached a ransom note giving details of the assault and the steps needed to be taken to approach them for decryption of information. Nonetheless, no sum was directly referenced in the ransom note, a statement given by the MIDC expressed. After the hack, every one of the 16 regional workplaces in the state, including the head office in Mumbai, has been shut down. 

The total data of all the industrial estates, entrepreneurs, government elements, and different plans identified with MIDC is accessible on an online system. The whole work has come to a halt since last Monday after the hack. The MIDC approached the police after which the Cyber Crime Police started their probe into the hacking incident, joint commissioner of police, crime, Milind Bharambe affirmed to the FPJ. 

 A statement issued by the MIDC read, "On Sunday, March 21, at around 2:30 AM, we received automated alerts that our applications were down. On further analysis during the day, the ransomware attack was confirmed. MIDC’s applications are hosted on ESDS cloud (services managed by ESDS, Cloud Service Provider) and local servers (managed by MIDC internal team). We have Trend Micro anti-virus license for end-point security monitoring. The details of the ransomware were shared with Trend Micro for further analysis." 

"As an immediate measure, the MIDC systems were disconnected from the network to contain the spread of the virus. The backup files for different application servers were stored on a different network segment on Cloud DC and were not infected. As per the recommendations from Cyber Security experts, several steps are being taken to control the spread of virus and minimize the impact," the statement read further.

Forex Broker Leaked Customer Records

 

White hat hackers have disclosed a significant leak of client information by online forex dealer FBS Markets. This incorporates a great many confidential records, including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Details of the security breach, which has since been rectified after the dealer was cautioned, were uncovered by Chase Williams, a white hat hacker and site security expert, on the website WizCase. At this stage it isn't evident whether any of the leaked information has been utilized for deceitful purposes by threat actors.

The information leak was revealed as a part of a progressing WizCase research project that scans for unstable servers, and tries to set up who the proprietors of those servers are. WizCase informed FBS of the issue. Williams said that FBS left a server containing right around 20 TB of information and over 16bn records exposed. Regardless of containing very sensitive financial data, the server was left open without any password protection of encryption. WizCase's group said the FBS data “was accessible to anyone.” “The breach is a danger to both FBS and its customers,” WizCase said. “User information on online trading platforms should be well secured to prevent similar data leaks.”

The broker said, “The protection of our clients privacy is one of the core values of FBS, and we stick to the highest protection standards. FBS has never had such major accidents. In October 2020 we faced an overheating on the server which affected our logs recording. During the time when we were setting up a new ElasticSearch server, several wrong subnet masks were added accidentally, which led to the possibility to access the server for a very limited number of people only, in a certain part of the world.” 

FBS added that it had completed a technical audit and that to its knowledge no information had been downloaded. It has contacted the customers affected and whose information may have been undermined and encouraged them on what to do. FBS has additionally moved to a more encoded VPN and has introduced an intrusion detection system. New rules for working with the forex brokers infrastructure have been applied and other safety efforts have additionally been carried out.

32 Indian Organisations Attacked by Hackers via Microsoft Exchange Server

 

A new study published last Monday on 8th March cautioned stating that financial and banking institutions in India have been the most preferred target for cyberattacks by con men. At least 32 Indian firms were attacked by hackers who exploited vulnerabilities on unpatched Microsoft business emails. 
However according to Check Point Research, the organizations of finance and banking (28 percent) are being preceded by government/military (16 percent), manufacturing (12.5 percent), insurance/legal (9.5 percent) in the list of attacked institutions. Overall, in the past few years, hacking operations have multiplied over six times (or tripled) in companies utilizing resources of unpatched on-site servers. 

The most attacked country, without a doubt, was the US (21 percent of all exploit attempts), it was preceded by the Netherlands (12 percent) and Turkey (12 percent) along with India. The industry sector was mostly aimed at government/military (27% of all operations), and then production (22%), accompanied by software vendors (9%), researchers pointed out. 

"A full race has started among hackers and security professionals. Global experts are using massive preventative efforts to combat hackers who are working day-in and day-out to produce an exploit that can successfully leverage the remote code execution vulnerabilities in Microsoft Exchange," said the researchers from the cybersecurity firm. 

Amid reports that some five separate hacker organizations target Microsoft's company email servers, a new family of ransomware has also been found by the tech giant. Identified as "DearCry," the latest ransomware is "used after an initial compromise of unpatched on-premises Exchange servers," stated Microsoft last week in a tweet. The vulnerabilities are the same as those that Microsoft connects with a recent hacking community named Hafnium, which is funded by China. 

A patch for its Exchange Server service, the world's most common email server, was released by Microsoft on 3rd March. The Exchange server provides both incoming and outgoing emails, calendar invites, and nearly everything available within Outlook. 

In January, two vulnerabilities were identified by DEVCORE's Orange Tsai, a security company based in Taiwan. Microsoft was unaware of the full magnitudes of these results and was asked to examine its Exchange server more closely. Five more important vulnerabilities were identified in the research. These vulnerabilities enable an attacker to check messages without authenticating from an Exchange server or accessing an email account. Additional vulnerability chaining helps attackers to take over all the mail servers entirely. 

"If your organization's Microsoft Exchange server is exposed to the internet, and if it has not been updated with the latest patches, nor protected by a third-party software, then you should assume the server is completely compromised," warned Lotem Finkelsteen, Manager of Threat Intelligence, Check Point Software.

Medical Records of Two US Based Hospitals Leaked on Dark Web

 

Two major US hospitals, the Leon Medical Centers in Miami, and Nocona General Hospital in Texas have recently been hit by active ransomware attacks that have allowed hackers to steal and compromise medical records connected with tens of thousands of patients and employees. These two hospitals have eight facilities in Miami and three facilities in Texas. Patients of these two US hospital chains had their addresses, birthdays, and colonoscopy results published on the dark web as a result of the hack. Hackers released detailed patient information in an obvious effort to defraud them for money. 

The documents that have been uploaded to a website on the dark web that attackers use to identify and extort victims contain the personal identity records of patients, such as their names, addresses, treatment history as well as medical diagnosis. The posted information also includes letters to health insurers. One folder includes background inspections on the hospital personnel. The "2018 colonoscopies” Excel file includes 102 complete names, dates, and treatment information and a 'yes' or 'no' area to show whether the patient has a “normal colon.” 

Cybersecurity experts are well acquainted with the gang of hackers who released the files. Usually, the actors first encrypt the files of the victim and ask them to pay but this happens very occasionally that they post such files openly on the dark web without asking to pay. But it seems a similar incident happened with Nocona and therefore the explanation why the files are released is still unknown. In comparison to a more enigmatic situation, while an attorney representing the Nocona General Hospital said that no malware infection or ransom demands appeared to exist. 

On the other hand, Leon Medical has taken immediate action in detecting problems that caused unauthorized access to its systems to take place and aims to tackle them. "Leon Medical is still in the process of a thorough review to identify all individuals whose information was impacted by this incident and will be providing written notice as soon as possible to individuals that Leon Medical determines have been impacted by this incident," it said. 

Since the cyberattack has been discovered, the Leon Medical Centre, with the assistance of Internet security experts, promptly took over the compromised networks and conducted an inquiry into the existence and severity of the incident. The FBI and the Department of Health and Human Services (DHS) have both been alerted about the misuse of patient information by the healthcare business. 

The leak reveals how hackers have attacked American hospitals, small companies, colleges, and public computers in recent years, infecting them frequently with extortion malware that locks computers and makes them inoperative. Further hackers ask for payment to open files, normally in Bitcoin. The majority of health institutions are not prepared for cyber threats as well as fewer services are available to answer such concerns and therefore they are the primary target of such hackers.

Hackers Used Internet Explorer Zero-Day Vulnerability To Target Security Researchers

 

In recent times, during the attacks against the security and vulnerability researchers in North Korea, an Internet Explorer zero-day vulnerability has been discovered. The zero-day vulnerability is a computer software vulnerability unknown to individuals who need to minimize the harm. Hackers may use the vulnerability to change computer systems, files, machines, and networks to the detriment of the vulnerability. 

Google announced last month that the Lazarus-sponsored state-based North Korean hacking community carried out attacks on security scholars in social engineers, wherein the hacking community used social networks as a tool to target security researchers and used custom backdoor malware. The Lazarus group is a North Korea based persistent threat group (APT), which has gained a lot of prominence in the preceding years as various CyberAttacks have been attributed to the threat group. 

The threat actors have developed comprehensive online "security researcher" personas who then use social media to connect with renowned security researchers to contribute to the vulnerability and exploit growth to execute their attacks. 

In this regard, the attackers have sent malignant Visual Studio Projects and links to the website that hosts the exploit kits to install backdoors in the computers of the researchers. Microsoft also announced that it had monitored the assault and saw Lazarus exchanging MHTML files containing malicious java scripts with the researchers. The server command and control at the time of the investigation was down and therefore no further payloads were investigated by Microsoft. 

Recently in this social-engineering campaign, South Korean cybersecurity company ENKI claimed that Lazarus attacked MHTML files on their squad. Although the attacks were ineffective, they analyzed payloads downloaded from MHT files and found that they contained a vulnerability exploit for Internet Explorer. 

MHT/MHTML is a file format that is used by Internet Explorer to store a web page and services in one file. MHT / MHTML file is sometimes also known as MIME HTML. The MHT file transmitted to ENKI investigators was confirmed to be an exploit of Chrome 85 RCE and called "Chrome_85_RCE_Full_Exploit_Code.mht." 

On further executing the MHT/MHTML file, Internet Explorer will automatically start to display the MHT file contents. ENKI stated that a malicious javascript would download two payloads with one containing a zero-day version of Internet Explorer if the execution of the script was allowed. ENKI has affirmed that they have reported the bug to Microsoft and for which they were later contacted by a Microsoft employee. 

Concerning the aforementioned incident, Microsoft has said that they have investigated every aspect of the report and will surely provide an update in near future, “Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible.”

Patrons Become Victim to Depop Hacks

 

Since the lockdown started in March, there has been a significant spike in online shopping. This has become a big attraction for people looking for items on famous sites and apps. However, like every online shopping app, there could be issues for consumers, such as hacking, data breach, cyber fraud, etc. And this pandemic came out as a golden opportunity for the Scammers since they have managed to continue plaguing a variety of internet resources. 

One "have a go" tactic of the hackers is "credential stuffing" which requires the use of automated software to log into accounts repeatedly, entering previously uncovered usernames and login information from data breaches of other common online services. However, this dupe won't work if a person doesn't have the same password on many sites or has changed their passwords after being subjected to a data breach. 

One such incident of hacking and data breach has happened with 21 years old, Birmingham based law student, Amelia Strike who was unknowingly logged out of her Depop social shopping app account in October. Regarding which she said that "I thought I had just forgotten my password when I couldn't get back in, but a couple of days passed and I realized something wasn't right”, further adding, "I just felt so violated”. 

Later she received a post from a stranger on Instagram, alerting that her account had been taken over by a hacker auctioning Apple Air Pod headphone for £50. She also figured out that the hacker was scamming a lot of Depop customers under her name. The hacker was instructing the patrons to make the payment via PayPal’s “Friend and Family” option. Well, this method of payment overrides Depop's fees and does not offer any protection to buyers. 

She was fast enough to act against the scammer by using her brother’s Depop account and commenting on the offending post and contact for help from the app firm. Her query was noticed, and the firm removed the posts done by the hacker, within few hours and her password was reset. Amelia Strike notices at least three Depop patrons who had made payment by the unauthorized method to the hacker. 

In Amelia Strike's case, to get users to believe scam listing, the hacker even uploaded a picture of her name to a post-it note next to the headphones that were allegedly for sale. This is a common technique used by people selling second-hand goods online to show that images have not been taken from another listing. 

Nevertheless, she is not only the one whose Depop account was hacked, other 14 users have also reported similar cases. And in all such cases, the fraudsters insisted that they be charged directly rather than via the app. Further Depop has requested the patrons to pay via the authentic method and has stated, “We consistently communicate this to our community and reinforce that the only safe way to purchase is on the Depop app or website via the buy button.”

Remote Images Used by Hackers to Evade Email Filters

 

Phishing emails impersonating well-known brands like Microsoft or PayPal need visual content to be successful. From brand logos to colorful pictures, images give a visual cue to the recipient that the email is innocuous and authentic. However, pictures add a visual component of authenticity to in any case fake emails: they likewise make the work of filtering emails a lot harder. Image spam has consistently been a very mainstream strategy for evading an email's textual content analysis, as there is no important content that can be separated from the text email parts. 

On the off chance that the detection of identical images is moderately simple—thanks to signatures based on cryptographic hashing algorithms, for example, MD5—the detection of similar pictures requires complex and costly algorithms. Without a doubt, to evade detection, phishers manipulate the pictures marginally, changing the compression level, colorimetry, or geometry to bypass email filters. They will probably make each picture unique to evade signature-based technologies.

Remote pictures have emerged as the most recent filter bypassing method by hackers hoping to exploit shortcomings in email security technology. In contrast to embedded images, which can be analysed progressively by email filters, remote pictures are facilitated on the web and accordingly should be fetched prior to being analysed. In 2020, the utilization of remote image-based dangers surged. In November 2020 alone, Vade Secure broke down 26.2 million remote pictures and hindered 262 million emails highlighting noxious remote pictures. 

Analyzing a remote picture requires getting it over a network. Exploiting this shortcoming, cybercriminals utilize extra strategies to make the process more cumbersome for security scanners, such as:

 • Multiple redirections

 • Cloaking techniques

 • Abuse of high-reputation domains 

The way towards blocking picture-based threats requires Computer Vision, a scientific field that manages how PCs can acquire a high-level understanding of visual content. Vade Secure implemented the first Computer Vision technology dependent on Deep Learning models (VGG-16, ResNet) in mid-2020 to distinguish brand logos in emails and sites. The Deep Learning models have been trained on a combination of gathered pictures and artificially created pictures. 

The outcome is that large numbers of these emails go undetected. For clients, this regularly implies accepting a phishing email and reporting it, just to get it once more, and sometimes, on numerous occasions.

Hackers Hijacked Smart Devices and Live-Streamed Swatting Incidents

 

Technology is ameliorating at a great pace and here we are becoming the victims of our doings. In the current modern era, our reliance on technology is bound to skyrocket, however, various other factors need to be checked to ensure a durable sense of security and privacy. Several misconceptions and lack of knowledge among users are what allow hackers to make gigantic gains. 

In light of that, recently, one such incident took place where the hackers hijacked various smart home devices and live-streamed police raids simultaneously on various innocent natives of the settlement. Then, hackers made a hoax call to the police and authorities on 911, which lead to “Swatting”. In this regard, the FBI confirmed that these hackers have even spoken to the acknowledging officers operating via the hacked kit. 

What is “Swatting”?

The hackers are aggravating Swatting attacks, which is an offense. The operators attempt to befool authorities by 
making a hoax telephonic call and falsely stating that the current state of affair is an emergency and they should straight away be at their disposal at the said residence with armed forces. 

It should be noted that this was not the first time an incident of such sort has taken place. The FBI had clearly stated that there are “deadly” risks and appalling outcomes of such attacks. One such fake hoax call costed the life of an innocent person three years back when the police shot that man in Kansas over the information handed over to them by the hackers. 

Why such incidents happen where the hackers easily enter the secured digital systems of owners? 

Following the incident and investigating the matter at hand, the FBI has given valuable insights about the subject, the officials clarified that such “pranks” become a success because the victims have reused the watchwords from other devices and services for setting up the same smart home device as well, making attackers' work exceedingly simple.

On the hub of confidential information, the Dark Web, such credentials of devices are easily hacked and sold and concurrently bought; and when we use the same watchwords for multiple devices and services, as a consequence, it becomes easy for hackers to enter the security system and break the firewall. 

“The [perpetrators] call emergency services to report a crime,” the FBI told. 

“The offender watches the Livestream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms.”

With an upsurge in similar cases, the FBI has urged the victims as well as the owners of the smart devices/services that they must change their watchwords immediately and should also update the same regularly.

Finland MP’s Faces Dire Cyber Intrusion

 

The parliament of Finland verified on Monday that some hackers had procured entry into the internal IT system of Finland and have also retrieved some personal as well as confidential information by accessing into the email accounts of some of the Member of the Parliament (MPs).

In a statement the government officials confirmed that the incident took place in the autumn season of 2020 and was turned up in the month of December by the IT staff of the Parliament after they felt that something suspicious is happening. This occurrence is being investigated under the examination of the Finnish Central Criminal Police (KRP) .

Although the Crime Commissioner Tero Muurman in an official statement said that “The act is not accidental”, on the other hand the police in investigation are not unveiling any detail about the case. Instead they quoted that they are investigating the security breach as a “suspected gross hacking and espionage” incident. Though after flicking through all the recorded statement one thing is clear that the intrusion did no harm to the internal IT System of the Parliament.

 “At this stage , one alternative is that unknown factors have been able to obtain Information through the hacking, either for the benefit of a foreign state or to harm Finland” , Muurman further added. The larceny of the hackers has affected a lot of individuals of the country though obviously the number is unsure. 

The thing that requires the maximal gravity here is that, during the same time, in the fall, some Russian hackers have also accessed the emails of various Parliamentary personnel and representative of Norway to acquire some information. Both the hacks were quite indistinguishable in nature and can be thought to be linked as well. 

The officials in command stated, “This case is exceptional in Finland serious due to the quality of the target and unfortunate for the victims”. Proffering a sense of placidity to the victims the KRP Tero Muurman also made a statement claiming that “International cooperation has taken place in the investigation” and the drudges would be behind the bars for the felony. 

City of Cornelia Witnessed Fourth Ransomware Attack

                   

It seems like now the city of Cornelia has gotten quite used to the horrors of ransomware attacks as on Saturday, they witnessed their 4th ransomware attack within the last 2 years, the City Manager Donald Anderson on Tuesday. A day after Christmas eve, on the pleasant morning of the 26th of December 2020 the city of Cornelia got their Christmas gift as a malware attack. Experts say that this may not be the last incident but it is a part of the aggravated trend that the city may witness in the near future. 

Though the city has spent almost $ 30,000 for the upgradation of the firewall after the last attack that happened in September 2019 for better shielding of the system, still the hackers were able to take over the state’s administration and the data system offline.  

In a statement, the city’s manager said that they have “anticipated such situations in and out with abundance of caution”, moreover they have also “taken down our network while we investigate the situation and restore our data.” The aforementioned situation, owing to its gravity, is not only being monitored by officials from the state, but experts from outside have also stepped in to investigate the matter. 

According to Anderson the local services of the city like the emergency phone lines, garbage pickups and the utility work, etc, are not disturbed at all and are functioning properly. The email services and the city hall phones are also operating under normal conditions. However, since the city’s software data system is down, the employees and the natives are in a stalemate condition as they can neither lookup for the bill balances nor can accept any sort of credit card payments for the city services.  

Though the majority of the city functionalities are unaffected by this attack, still the operators behind the ransomware attack were able to incapacitate the newly installed water treatment plant of the city of Cornelia.  

“According to them the business model of those behind the ransomware is typically NOT to profit off of selling the personal information of the city employees or our citizens on the internet – it is to extract a payment from the city .” Anderson further added. Meanwhile, the city officials denied disclosing any further information and asked for cooperation and support from the city natives, telling them to stay patient and keep their calm until things are being resolved. 

Manchester United Hit By a Cyber Attack on their Systems

 

Manchester United affirmed the hacking on the club and revealed systems required for the match remained secure.

Have been hit by a cyber-attack on their systems however state they are not “currently aware of any breach of personal data associated with our fans and customers”. 

In a statement, United stated: “Manchester United can confirm that the club has experienced a cyber-attack on our systems. The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimize the ongoing it disruption.

Paul Pogba 'significant for us' says Solskjær after Deschamps comments, “Although this is a sophisticated operation by organized cybercriminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality.

Our cyber defenses identified the attack and shut down affected systems to contain the damage and protect data. Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers. 

We are confident that all critical systems required for matches to take place at Old Trafford remain secure and operational and that tomorrow’s game against West Bromwich Albion will go ahead.”




The club told the British authorities about the incident, including the information commissioner's office. 

The united likewise dispatched a forensic investigation into the incident. 

A spokesperson for the club added: “These types of attacks are becoming more and more common and are something you have to rehearse for.” 

United have informed the information commissioner's office and added that forensic tracing is being completed by carrying out an attempt to set up additional insight regarding the attack.


Decentralized Finance (Defi) Protocol Akropolis Hacked For $2 Million In DAI

 


Decentralized finance (defi) protocol Akropolis was recently hacked for $2 million in DAI, in the most recent flash loan attack to hit the 'nascent defi industry'. 
When the attack occurred, (GMT timezone) Akropolis admins stopped all transactions on the platform to forestall further losses. In a statemen on Nov. 12, Akropolis revealed that the hack was executed over an assemblage of s contracts in its "savings pools". 

The attacker stole the platform's Ycurve pool in batches of $50,000 in the stablecoin DAI. This specific pool permits investors to trade stablecoins and procure interest.

Despite the fact that Akropolis says that it recruited two firms to further investigate the incident, yet unfortunately neither one of the companies were able to pinpoint the attack vectors utilized in the exploit.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the Ycurve and sUSD pools,” revealed Akropolis. 

The hacker though was still able to discover loop holes to exploit, wiring his 'loot' to this address. Akropolis clarified additionally: “The attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with Dydx flash loan origination.”

Flash loan attacks have gotten rather common against cryptocurrency services running DeFi (decentralized financed) platforms that enables users to either borrow or loan 'using cryptocurrency, speculate on price variations, and earn interest on cryptocurrency savings-like accounts.' 

These attacks are noticed to have been on a quite steady rise since early February this year, and one of the biggest flash loan attacks occurred just a month ago, in October, when hackers stole $24 million worth of cryptocurrency assets from DeFi service Harvest Finance. 

Others pools were fortunately not affected. These included compound DAI, compound USDC, AAVE sUSD, AAVE bUSD, curve bUSD, curve sBTC. Native AKRO and ADEL staking pools were also left untouched. 

Nonetheless, the Akropolis group said that it is still looking for approaches to repay the affected user “in a way that is sustainable for the project”. All stable coin pools have been put on a hold currently, it added.

Russia A Suspect of Norwegian Parliament Cyber Attack?

 

In September, Norwegian authorities said that email accounts of a few authorities had been undermined during a cyber-attack, and some data had been downloaded. In any case, the full extent of the harm brought about by the hack was not yet not revealed. 

Now the nation outrightly blames Russia for this cyber-attack on the email system in the Norwegian parliament. 

Earlier this year in a report, Norway's military intelligence agency had already warned that Russia was attempting to cause more friction in the nation through purported influence operations, aimed toward debilitating public trust in the government, election process as well as the media. 

National legislatures are a 'key source’ of policy-related data, as are oftentimes targeted by hacking campaigns. In August, Norway ousted a Russian diplomat on suspicion of spying. Russia fought back similarly by removing a Norwegian diplomat just days later. 

Foreign Minister Ine Eriksen Soreide took it a serious occurrence influencing the nation's "most important democratic institution” “Based on the information available to the government it is our assessment that Russia stood behind this activity" she said without giving any evidence. Although Moscow rejected the claim, calling it a "serious and wilful provocation." 

Ms. Soreide of course said in a statement that Norway's security and intelligence services were "co-operating closely to deal with this matter at the national level." Because of it, Russia's embassy in Oslo hit back at the "unacceptable" declaration, saying no proof had been introduced. 

However, when we look at things from Norway’s perspective, it is very clear as to to to why they did what they did. The evidence of which lies in the past events that involved both the countries. 

One being when Norway had arrested a Russian national in 2018 who was said to have been suspected of gathering information on the country's parliamentary network. 

Although the individual was later released due to an of. Likewise, in January this year, the personal details of several German politicians, including Chancellor Angela Merkel, were stolen and published online. 

And just the previous year, Australia's cyber intelligence agency accused China after hackers had attempted to break into the Australian parliament, something which the Chinese authorities had denied.

Warning Issued to End Cyberattacks Risk Running Afoul of Sanctions Rules by The U.S. Treasury Department

 

The U.S. Treasury Department recently issued a warning to cyber insurers and other financial institutions that 'facilitate payments' to hackers to end cyberattacks hazard crossing paths with sanctions rules. 

The warnings, referred to as 'malignant programs' known as ransomware and came in from Treasury's Office of Foreign Assets Control (OFAC)and Financial Crimes Enforcement Network (FinCEN).

The warnings also added to the additional worries of the cyber insurers, who have been 'ramping up' rates and attempting to control the exposure to vulnerable customers on account of flooding exorbitant ransomware claims as of late.

Hackers utilized ransomware to bring down frameworks that control everything from hospital billing to manufacturing and halted simply in the wake of accepting 'hefty payments', commonly paid in cryptocurrency.

Ransomware payment requests have seen quite a rise amidst the pandemic as people have chosen to work remotely and hackers target online systems. 

The normal ransomware payments bounced by 60% to $178,254 between the first and second quarters, as per Coveware, a firm that arranges and negotiates cyber ransom payoffs. The cyber policies frequently cover such ransoms, data recovery, legitimate liabilities, and arbitrators fluent in hackers' local dialects. 

Sumon Dantiki, a King and Spalding LLC legal advisor who exhorts on national security and cyber matters says that advanced insurers and financial establishments are now mindful of the sanctions concern. “Will victims who are insured still decide to make the payments?” Dantiki said. “This type of public advisory could affect the calculus there.” 

A subsequent FinCEN report even highlighted a developing industry of forensic firms that assist associations with responding to cyberattacks, including handling the payments.

OFAC referred to cyberattacks dating to 2015 that were traced back to hackers in sanctioned nations, like North Korea and Russia.

Nonetheless, while it is clearly evident that the US can force economic and trade sanctions on nations that support terrorism or disregard human rights, it will be the financial institutions that ultimately draw in with them or a few individuals can confront prosecution and penalties in the end.


White House To Update U.S’s Approach To Its Maritime Cybersecurity Strategy In Coming Months

 

With hopes to upgrade the U.S. government's approach to deal with its maritime cybersecurity strategy in the coming months, the Trump administration is presently attempting to improve and further secure down the United States' ability to 'project power at sea' and guard against adversarial cyberattacks. 
Their plan incorporates re-evaluating the national approach to deal with data sharing and better emphasizing the utilization of operational technologies in ports, as per one senior administration official. 

When two officials were approached to comment they declined on revealing any particular data about the administration's plans, saying more info would be very soon be made public. 

Yet, hackers have already begun their work, they have been for long focusing on shipping firms and the maritime supply chain to steal any data associated with the U.S. government or intrude on cargo operations and activities. 

Utilizing a strain of ransomware known as Ryuk, the hackers have undermined computer networks at a maritime transportation office a year ago simultaneously disrupting tasks for 30 hours, as per the U.S. Coast Guard. 

This declaration comes in the midst of a few endeavors at the Department of Defense to test preparedness and readiness against cyberattacks in the maritime domain. 

The Pentagon's offensive unit, Cyber Command, duplicated a cyberattack a year ago on a seaport. The Army is likewise taking an interest in an activity intended to 'simulate adversaries' focusing on U.S. ports this month. 

As of late, the Trump administration has been worried about a ransomware attack focused explicitly on a transportation organization, “affected COVID-19 supply chains in Australia,” which one senior organization official said.

 “Adversaries frequently interfere with ship or navigation systems by targeting position or navigation systems through spoofing or jamming, causing hazards to shipping,” one senior administration official said.

Paytm Mall Suffers Data Breach, Hackers Demanded Ransom


Paytm has allegedly suffered a huge data breach after a hacker group targeted the company's PayTM Mall database and demanded a ransom in return for the data. 
The hacker group, dubbed as 'John Wick' and has been known for hacking the database of companies under the pretense of helping them fix bugs in their frameworks. 

Global cyber intelligence agency Cyble stated that the John Wick hacker group had 'unhindered' access to Paytm Mall's whole production database through indirect access, which potentially influences all accounts and related info at Paytm Mall.

An official update Cyble states, “According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hacker's demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid..” 

The volume of info breached is presently unknown however, Cyble claims that attackers have made demands for 10 ETH, which is equivalent to USD 4,000. 

Paytm Mall spokesperson comments, "We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies." 

Nonetheless, 'John Wick' is known to have been broken into numerous Indian companies and collected ransom from different Indian organizations including OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through different aliases, like 'South Korea' and 'HCKINDIA'.

Uber's Former Chief Security Officer Charged for Covering up A Massive Data Breach

Uber's former chief security officer, Joe Sullivan, was very recently charged by the federal prosecutors in the United States for covering up an enormous data breach that the company had endured in 2016.

Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that additionally included paying hackers $100,000 ransom to keep the incident a secret, according to the press release published by the U.S. Department of Justice. 

It said, "A criminal complaint was filed today in federal court charging Joseph Sullivan with obstruction of justice and misprision of a felony in connection with the attempted cover-up of the 2016 hack of Uber Technologies.” 

The 2016 Uber's data breach exposed names, email addresses, phone numbers of 57 million Uber riders and drivers, and driving license numbers of around 600,000 drivers. 

The company revealed this data out in the open almost a year later in 2017, following Sullivan's exit from Uber in November. 

Later it was reported for, that two hackers, Brandon Charles Glover of Florida and Vasile Mereacre of Toronto, were the ones responsible for the incident and were the ones to whom Sullivan ‘approved’ paying cash in return for the promises to delete information of the clients that they had stolen.

The problem initially began when Sullivan, as a representative for Uber, in 2016 was reacting to FTC inquiries with respect to a previous data breach incident in 2014, and at the same time, Brandon and Vasile reached him in regards to the new data breach. 

"On November 14, 2016, approximately 10 days after providing his testimony to the FTC, Sullivan received an email from a hacker informing him that Uber had been breached again and his team was able to confirm the breach within 24 hours of his receipt of the email. Rather than report the 2016 breach, Sullivan allegedly took deliberate steps to prevent knowledge of the breach from reaching the FTC." 

As indicated by court archives, the ransom amount was paid through a bug bounty program trying to document the blackmailing payment as ‘bounty’ for white-hat hackers who highlight the security issues however have not compromised information. 

The federal prosecutors said, “After Uber personnel were able to identify two of the individuals responsible for the breach, Sullivan arranged for the hackers to sign fresh copies of the non-disclosure agreements in their true names. The new agreements retained the false condition that no data had been obtained. Uber's new management ultimately discovered the truth and disclosed the breach publicly, and to the FTC, in November 2017." 

However just last year, the two hackers were pleaded guilty to a few counts of charges for hacking and blackmailing Uber, LinkedIn, and various other U.S. corporations. In 2018, English and Dutch data protection regulators had likewise fined Uber with $1.1 million for neglecting to secure its clients' personal data during a 2016 cyber-attack.

As of now, if Sullivan is found guilty of cover-up charges, he could expect at least eight years in prison along with potential fines of up to $500,000.

Hackers Can Now Clone Your Key Using Just a Smartphone Microphone and a Program

Earlier this year researchers at the National University of Singapore came up and published a paper enumerating how, utilizing just a smartphone microphone and a program designed by them, a hacker can clone your key.

The key, named SpiKey, is the sound made by the lock pins as they move over a typical key's edges. 

The paper written by Soundarya Ramesh, Harini Ramprasad, and Jun Han, says that “When a victim inserts a key into the door lock, an attacker walking by records the sound with a smartphone microphone." 

And with that recording alone, the hacker/thief can utilize the time between the audible clicks to determine the distance between the edges along with the key. 

Utilizing this info, a 'bad actor' could then figure out and afterward come up with a series of likely keys. 

 So now, rather than messing around with lock-picking tools, a thief could basically attempt a few pre-made keys and afterward come directly in through the victim's door. 

However of course there are some shortcomings to carrying out this attack as well like the attacker would need to comprehend what kind of lock the victim has or the speed at which the key is placed into the lock is thought to be constant. 

But the researchers have thought of this as well, and they concocted the clarification that, "This assumption may not always hold in [the] real-world, hence, we plan to explore the possibility of combining information across multiple insertions” 

The study authors further clarified, "We may exploit other approaches of collecting click sounds such as installing malware on a victim’s smartphone or smartwatch, or from door sensors that contain microphones to obtain a recording with the higher signal-to-noise ratio. We may also exploit long-distance microphones to reduce suspicion. Furthermore, we may increase the scalability of SpiKey by installing one microphone in an office corridor and collect recordings for multiple doors." 

Taking the case of the supposed 'smart locks' which despite everything still present their own security issues, the Amazon's Ring security cameras, for example, are hacked constantly, so as it were, as the researchers hypothesize, the hacker could, in principle, utilize the microphone embedded in such a camera to capture the sounds your key makes and afterward utilize the SpiKey procedure to create physical keys to your home.

Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack



The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. 

The test had been hit by a distributed denial of service (DDoS) attack, which includes a hacker or group endeavoring to bring down a server by overpowering it with traffic according to ExamSoft, one of the three vendors offering the exam that certifies potential attorneys. 

The incident marked the first DDoS attack the organization had encountered at a network level, ExamSoft said, and it worked with the Michigan Board of Law Examiners to give test-takers more time to take the test after it was ready for action once more. 

The company noted that "at no time" was any information compromised, and that it had the option to “thwart the attack, albeit with a minor delay” for test-takers. 

The Michigan Supreme Court tweeted preceding the organization's statement that a "technical glitch" had made the test go down, and those test takers were “emailed passwords and the test day will be extended to allow for the delay for some test takers to access the second module.” 

As per the court, those taking the test with provisions from the Americans with Disabilities Act were not affected by the episode.

 “All exam takers were successfully able to start and complete all modules of the Michigan Bar exam,” the organization wrote. 

“This was a sophisticated attack specifically aimed at the login process for the ExamSoft portal which corresponded with an exam session for the Michigan Bar,” ExamSoft said in a statement on Tuesday. 

United for Diploma Privilege, a national gathering of law students, graduates, professors, and lawyers pushing for the bar exam to be postponed during the COVID-19 pandemic, raised worries about data privacy issues associated with the cyberattack.  

Numerous states have opted to offer the bar exam in-person this month, while others will offer the test online in early October. 

A spokesperson for the National Conference of Bar Examiners (NCBE), which drafts a segment of the test, told 'The Hill' just earlier this month that states and jurisdiction could decide to offer the test through vendors such as ExamSoft, Extegrity and ILG Technologies.


The First Ransomware Attack and the Ripples It Sent Forward In Time


What was once a simple piece of malware discovered just 20 years ago this month exhibited its capacity which transformed the entire universe of cyber-security that we know of today?

Initially expected to just harvest the passwords of a couple of local internet providers, the malware, dubbed as 'LoveBug' spread far and wide, infecting more than 45 million devices to turn into the first piece of malware to truly take businesses offline.

LoveBug was the shift of malware from a constrained exposure to mass demolition. 45 million compromised devices daily could rise to 45 million daily payments.

Be that as it may, eleven years before anybody had known about LoveBug, the IT industry saw the first-ever main case of ransomware, as AIDS Trojan. AIDS Trojan which spread through infected floppy disks sent to HIV specialists as a feature of a knowledge-sharing activity.

The 'lovechild' of LoveBug and AIDS Trojan was the ransomware that followed, with GPCoder and Archievus hitting organizations around the globe through which the hackers additionally bridled ecommerce sites to discover better ways to receive payments.

The protection industry responded by taking necessary steps with 'good actors' cooperating to decipher the encryption code on which Archievus depended, and sharing it broadly to assist victim with abstaining from paying any ransom.

From that point forward the 'cat and mouse' game has proceeded with viruses like CryptoLocker, CryptoDefense, and CryptoLocker2.0 constructing new attack strategies, and the protection industry executing new defenses. Presently ransomware has become increasingly sophisticated and progressively prevalent as targets today are more averse to be individuals since large businesses can pay enormous sums of cash.

And yet, data protection has become progressively sophisticated as well, with certain four areas that should now be a part of each business' ransomware strategy: protect, detect, respond, and recover. Social engineering and phishing are also presently becoming progressively central to the success of a ransomware attack.

The LoveBug was effective in a scattergun fashion, yet at the same time depended on social engineering.

Had individuals been less disposed to open an email with the subject line ‘I love you', the spread of the malware would have been 'far more limited'.

Nevertheless, the users presently ought to be more alert of the increasingly diverse threats in light of the fact that inexorably, hackers are expanding their threats data exfiltration or public exposure on the off chance that they feel that leaking data may be progressively 'persuasive' for their targets.

Thus so as to react to the issue, it's essential to have backup copies of data and to comprehend the nature and estimation of the information that may have been undermined in any way.