Search This Blog

Showing posts with label US. Show all posts

Cyberattacks in the U.S. Hit an All-Time High due to Covid-19, Says Black Hat Report.


Due to the coronavirus pandemic, cybersecurity experts suspect a rise in cyberattacks and cybercrimes, says a survey by Black Hat earlier this week. Around 275 cybersecurity professionals (respondents in the study) have expressed concerns about potential breaches in the U.S. infrastructure and the I.T. industry. More than 90% of these experts believe that due to coronavirus, there has been a jump in cyber threats in the U.S., resulting in data leaks and privacy breaches. Around 24% of experts believe that the current danger is very severe and critical.


Among the cybersecurity threats, work from vulnerabilities in the remote access systems tops the list, accounting for 57% of the attacks. Meanwhile, phishing scams and spam attacks account for a hefty 51%. Around 85% of these experts claim that there might be a targeted cyberattack on the U.S. infrastructure in the next two years. The threat figures went up from 69% in 2018 to 77% in 2019. Among these, around 15% of the respondents believe that the government and the private sector is ready to face these attacks. These percentage figures went down from about 20% in 2019.

The majority of the cybersecurity experts believe that their firms would have to take care of the upcoming cybersecurity challenges. More than half of these believe that they currently lack the required staff force to combat cyber threats. Besides this, the budget required to protect their organization's data from cyberattacks is also low. Besides the concerns about the lack of resources to defend against cybercriminals, experts also say that they lack proper technology. According to the survey results, only half of the technology tools could be termed effective.

"The survey results suggest that the world's top cybersecurity professionals are more concerned than ever about cybersecurity risk at the global, national, enterprise, and consumer levels. While cyber threats have been growing in volume and sophistication in recent years, most security professionals believe that the radical shift toward remote access creates unprecedented risk for sensitive data," says the 2020 Black Hat USA report.

US Intelligence Reveals Malware, Blames North Korea


The FBI (Federal Bureau of Investigation), US Cyber Command, and DHS (Department of Homeland Security) recently discovered a hacking operation that is supposed to originate from North Korea. To inform the public, the agencies issued a security statement which contains the information of the 6 malware that the North Korean Hackers are currently using.


US Cyber Command's subordinate unit, Cyber National Mission Force (CNMF), on its official twitter account published that the North Korean hackers are spreading the malware via phishing campaigns. The tweet says, "Malware attributed to #NorthKorea by @FBI_NCIJTF just released here: https://www.virustotal.com/gui/user/CYBERCOM_Malware_Alert …. This malware is currently used for phishing & remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions. #HappyValentines @CISAgov @DHS @US_CYBERCOM."

According to the US Cyber Command, the malware allows the North Korean hackers to sneak their way into infected systems and steal money. The funds stolen are then transferred back to North Korea, all of it done to avoid the economic sanctions imposed upon it. It is not the first time that the news of the North Korean government using hackers to steal money and cryptocurrency to fund its nuclear plans and missile programs, and avoid the economic sanctions have appeared. According to the reports of the US agencies, the 6 malware are Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie, and Buffet line. The official website and twitter account of DHS, US Cyber Command, have complete details about the malware.

The US Alleges Lazarous Group for the Attack 

Cybersecurity and Infrastructure Security Agency (CISA) claims that the attack was carried away by the North Korean hacker group Lazarus. The group also works under an alias, Hidden Cobra, and is one of the largest and most active hackers' groups in North Korea. According to the DOJ (Department of Justice), Lazarus was also involved in the 2014 Sony hack, 2016 Bangladesh Bank Attack, and planning the 2017 WannaCry ransomware outbreak.

A new 'Name and Shame' approach 

Earlier, the US used to avoid issuing statements when it faced cybersecurity attacks. However, in the present times, it has adopted a new name and shame approach to deal with this issue. The US cybercommand, as observed, publishes about the malware publicly on its Twitter handle, along with the nation responsible. This didn't happen earlier.

Ransomware Hits Media Monitoring Company 'TV Eyes'


The latest ransomware has attacked 'TV Eyes,' a company that offers campaign monitoring services to TV and radio news broadcasts. PR agencies and newsrooms across the world mostly use TV Eyes service to keep a trace of their broadcast. "The ransomware infected the business somewhere around post-midnight on Thursday, 30th of January," said TV Eyes CEO David Ives in a conversation with ZDNet. The ransomware has damaged crucial TV Eyes servers and communications workstations, affecting the network mainly in the US, along with some other areas.


"We are still calculating the total damage caused by the ransomware to the company's network. However, the company has begun making retrieval attempts," said David to ZDNet. He further says, "TV Eyes is not thinking of paying the ransom demanded by the hackers. Instead, we are reviving the situation from existing backups and focusing on strengthening the affected network infrastructure." "MMS (Media Monitoring Suite), the main product of the TV Eyes company, is not in function since the last 2 days," according to various sources at PR agencies that worked with TV Eyes.

The TV Eyes service gives a platform that allows agencies in monitoring TV telecasts and Radio broadcasts mainly in the U.S (state and other 210 markets) and influential global media organizations. The Media Monitoring Suite-MMS permits the users to seek beyond podcasts for new keywords and also set up an email account for notifications of new events. TV Eyes is a very helpful tool for several journalists, PR agencies, and political parties for campaigning. David says there's no news confirming the comeback of the TV Eyes service in the near time. However, the company is working to restore services as soon as possible.

"The kind of services that companies like TV Eyes offer is often an easy target for the hackers because they know how much dependent and reliable the users of these tools are. Therefore, hackers know that such companies are vulnerable as their users are relying on them for the safety of their data," says Paul Martini, CEO, Iboss (cloud security company). The users of the TV Eyes service are concerned about the privacy of their data, which contains crucial financial information too.

Data leak- Thousands of US defense contractors' data leaked !


A digital consultancy firm accidentally leaked personal information of thousands of defense contractor employees of United States due to A misconfiguration in cloud infrastructure .

 IMGE, a Washington DC based firm unintentionally revealed personal data like names, phone numbers, home and email addresses of more than 6000 Boeing staff as reported by The Daily Post.

 The employees whose data was leaked included defence staff, government relations staff, senior executives and even those who worked on prototyping unit on highly sensitive technologies.

 “This information was exposed as a result of human error by the website’s vendor,” a Boeing spokesperson told the news site. “Boeing takes cybersecurity and privacy seriously and we require our vendors to protect the data entrusted to them. We are closely monitoring the situation to ensure that the error is resolved quickly.”

 The data was collected by IMGE from a website called Watch US Fly, with the idea - “advancing and protecting American aerospace and manufacturing.” The website asks its users for contact details for future campaigns. The Daily Post reports that, Chris DeRamus, CTO of DivvyCloud, explained that cloud misconfigurations like this are increasingly common as many users aren’t familiar with cloud security settings and best practices.

“It is especially concerning that the database contained information about 6,000 Boeing employees, many of whom are heavily involved with the US government and military, as the exposed data is more than enough information for cyber-criminals to launch highly targeted attacks against those impacted to gain more confidential government information,” he added.

 “Companies who manage large amounts of sensitive data, especially data related to government and military personnel, need to be proactive in ensuring their data is protected with proper security controls. Companies must adopt robust security strategies that are appropriate and effective in the cloud at the same time they adopt cloud services – not weeks, months, or years later.”

Hackers Now Allowed to Find Flaws in US Fighter Jets and Security System


The Trusted Aircraft Information Download Station could have been shut down entirely due to a host of flaws discovered by hackers who were challenged to detect vulnerabilities in a system of a U.S military fighter jet known as F-15.

It was unprecedented in the history of the tech world that outside researchers were given physical access to such critical machinery, and were asked to detect vulnerabilities. It was a matter of two days for a group of 7 hackers to come up with a number of exploits which included bugs that were identified by the Air Force itself but they couldn't fix it, according to the Washington Post.

Hackers put the system through numerous attacks which included subjecting it to malware and testing with objects like screwdrivers and pliers, reported the DEF CON 27.

In the context of the vulnerabilities exploited by the hackers, Roper Technologies attributed, “decades of neglect of cybersecurity as a key issue in developing its products, as the Air Force prioritized time, cost and efficiency.”

Usually, outsiders were not allowed such access to military equipment which is highly sensitive in nature and their operation; it came as a massive change in how the military and technological world works in synchronization, the gravity of which can be gauged by the fact that hackers physically approached the machine with tools.

As per Roper, American Air Force is of the belief that if it doesn't allow America's best hackers to find every single vulnerability present in their weapons, machinery and fighter jets, then they are at the risk of being exploited by other adversaries like Iran, Russia and North Korea.




Sim swapping attacks hit US cryptocurrency users

Something strange happened last week, with tens of US-based cryptocurrency users seeing SIM swapping attacks.

Numerous members of the cryptocurrency community have been hit by SIM swapping attacks over the past week, in what appears to be a coordinated wave of attacks.

SIM swapping, also known as SIM jacking, is a type of ATO (account take over) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim's phone number to their own SIM card.

The purpose of this attack is so that hackers can reset passwords or receive 2FA verification codes and access protected accounts.

These types of attacks have been going on for half a decade now, but they've exploded in 2017 and 2018 when attackers started focusing on attacking members of the cryptocurrency community, so they could gain access to online accounts used for managing large sums of Bitcoin, Ethereum, and other cryptocurrencies.

But while these attacks were very popular last year, this year, the number of SIM swapping attacks appeared to have gone down, especially after law enforcement started cracking down and arresting some of the hackers involved in these schemes.

Something happened last week

But despite a period of calm in the first half of the year, a rash of SIM swapping attacks have been reported in the second half of May, and especially over the past week.

Several users tweeted their horrific experiences.

Some of them have publicly admitted to losing funds, such as Sean Coonce, who penned a blog post about how he lost over $100,000 worth of cryptocurrency due to a SIM swapping attack.

Some victims avoided getting hacked

Some other victims candidly admitted to losing funds, while others said the SIM swapping attacks were unsuccessful because they switched to using hardware security tokens to protect accounts, instead of the classic SMS-based 2FA system.

NSA tool used for hacking in Baltimore ransomware attack






According to the reports of New York Times, An important component of the malware to disrupt U.S cities, paralyzing local governments and residents was developed by the National Security Agency (NSA).

Reportedly, NSA lost the control of the tool in 2017, it was called Eternal Blue.

Eternal Blue has been used around the world including countries like Russia,China,North Korea and it has affected huge numbers of ATMs, hospitals, Airports, shipping operators around the globe.

Recently there was high-profile ransomware attack on Baltimore in which computers were hacked and health alerts, water bills, real estate sales and other public services are disrupted. 

On May 7th, city’s workers computers screens were locked and were displayed a message of ransom demanding $100,000 to free city’s files. 

In the similar manner various U.S cities have been attacked. 

The NSA and FBI declined to comment to the Times, but according to the reports the theft of the EternalBlue was carried out by group, which calls itself the Shadow Brokers.


The group is either made up of disgruntled federal employees or foreign spies.

San Francisco to ban facial recognition







Law makers in San Francisco have voted to ban the use of face recognition technology by city agencies, including the police department while provoking worries over privacy.

The new bill  Stop Secret Surveillance Ordinance, was introduced by San Francisco Supervisor Aaron Peskin. The ordinance states that any plans to buy any kind of new surveillance technology must now be approved by city administrators.

"With this vote, San Francisco has declared that face surveillance technology is incompatible with a healthy democracy and that residents deserve a voice in decisions about high-tech surveillance," said Matt Cagle from the American Civil Liberties Union in Northern California.

"We applaud the city for listening to the community, and leading the way forward with this crucial legislation. Other cities should take note and set up similar safeguards to protect people's safety and civil rights."

Face recognition technology uses an algorithm that scans a person’s face and then matches it with pre saved database. This technology is now commonly used by smartphones, laptops, and other digital device companies. 

San Francisco is the first US city to ban the face recognition.  

New MegaCortex ransomware targeting corporate networks

A new strain of ransomware called MegaCortex has been found targeting attacks against entities in the US, Canada, France, Netherlands, Ireland, and Italy. The ransomware uses both automated as well as manual components in an effort to infect as many victims as possible. It uses a complicated chain of events with some infections beginning with stolen credentials for domain controllers inside target networks.

The ransomware was reported by UK cyber-security firm Sophos after it detected a spike in ransomware attacks at the end of last week.

According to security researchers at Sophos, the cybercriminals operating the ransomware appear to be fans of the movie Matrix, as the ransom note “reads like it was written in the voice and cadence of Lawrence Fishburne’s character, Morpheus.”

The ransomware first began popping up in January. The ransomware has a few interesting attributes, including its use of a signed executable as part of the payload, and an offer of security consulting services from the malware author. Researchers said the ransomware often is present on networks that already are infected with the Emotet and Qakbot malware, but are not sure whether those tools are part of the delivery chain for MegaCortex.

Sophos said the ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions --in a tactic that is known as "big-game hunting."

“The malware also employs the use of a long batch file to terminate running programs and kill a large number of services, many of which appear to be related to security or protection, which is becoming a common theme among current-generation ransomware families,” Sophos researcher Andrew Brandt said in a report.

Ransomware, for the most part, targets individuals rather than enterprise networks. That has mainly to do with individuals being relatively easier targets than corporate machines, but some attackers have begun to move up the food chain. Corporate ransomware infections can be much more profitable and efficient, with larger payouts for criminals who can compromise an organization rather than dozens or hundreds of individual victims. MegaCortex seems to be part of that trend, targeting enterprises with a mix of techniques.

Indian Pleads Guilty To Destroying University Computers via USB Killer Drive



An Indian national in the US 'pleaded guilty' for this week to pulverizing 59 computers at the College of St. Rose, in New York, through a weaponized USB thumb drive named "USB Killer" that he bought on the web.

The gadget empowered the 27-year old Vishwanath Akuthota to effectively damage gear and equipment worth $51,109, roughly accounting for Rs. 35, 46,700 alongside $7,362 approximately Rs. 5, 10,900 in employee time for exploring and supplanting pulverized hardware.

The incident occurred on February 14, as indicated by court documents acquired by ZDNet, and the suspect recorded himself while pulverizing some of the computers. In the recording, the he was seen saying, "I'm going to kill this guy,", and once he was finished with the procedure, he was seen saying things like, "it's dead" and "it's gone. Boom."


The explanation behind the crime anyway isn't known as of yet.

Surprisingly the weaponized thumb drive known as USB Killer is effectively accessible on the web and he had bought it from a rather well-known online store that sells these kinds of gadgets.

USB Killer devices work by quickly charging thumb drive capacitors from the USB control supply, and after that releasing the electrical current again into the USB slot - all in mere seconds- - successfully frying the computer to which the USB Killer device is connected to.

Akuthota was arrested on February 22 and will be condemned not long from now, on August 12. He faces up to ten years in prison, a fine of up to $250,000, and a term of post-imprisonment supervised release of up to 3 years.

Espionage Group Aka Apt33 Targeting Various Organization in Saudi Arabia and US by Deploying A Variety of Malware In Their Network




An unceasing surveillance group otherwise known as APT33 group (Elfin) known for explicitly targeting on corporate networks has now set its sights by focusing on various organizations in Saudi Arabia and US by sending an assortment of malware in their system.

The hacker group which has reportedly compromised around 50 organizations in various countries since 2015, so far its attackers have bargained a wide range of targets including, governments alongside associations in the research, chemical, engineering, manufacturing, consulting, finance, telecoms, and several other sectors.

The cybercriminals scan the defenseless sites of a particular target and later use it for either command and control server or malware attacks if the site will be undermined effectively.

In spite of the fact that the gathering fundamentally focused on Saudi Arabia, with the 42% of attacks since 2016 and it’s compromised 18 organizations in the U.S alone in the course of recent years.

 In any case, for this situation, Elfin focused on organization including engineering, chemical, research, energy consultancy, finance, IT, and healthcare sectors in the U.S alone.





Amid the attack, Elfin is said to have used an assortment of open source hacking instruments, custom malware, and commodity malware to compromise the diverse targets.

Elfin Adept utilizes various openly accessible hacking instruments, including:
  • LaZagne (SecurityRisk.LaZagne): A login/password retrieval tool
  • Mimikatz (Hacktool.Mimikatz): Tool designed to steal credentials
  • Gpppassword: Tool used to obtain and decrypt Group Policy Preferences (GPP) passwords
  • SniffPass (SniffPass): Tool designed to steal passwords by sniffing network traffic


Additionally, numerous commodity malware tools were utilized for these attacks and the malware accessible for purchase on the digital underground including:
  • DarkComet (Backdoor.Breut)
  • Quasar RAT (Trojan.Quasar)
  • NanoCore (Trojan.Nancrat)
  • Pupy RAT (Backdoor.Patpoopy)
  • NetWeird (Trojan.Netweird.B)

Other than these, the custom malware family incorporates Notestuk (Backdoor.Notestuk), a malware in order to access the backdoor and assembling the data, Stonedrill (Trojan.Stonedrill), a custom malware equipped for opening a secondary passage on an infected PC and downloading the additional records.

New security flaws in 4G and 5G




Security researchers have found three new security flaws in 4G and 5G, which could be exploited to intercept the phone calls and track the location of a cell phone.

Discovery of the flaws is said to be a huge set back for both 4G and the new 5G technology, which is much more faster, and has better security, it is particularly against the enforcement law of cell site simulators, known as “stingrays.”

“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, said in an Email interview with TechCrunch.

The team includes Syed Rafiul Hussain, Ninghui Li and Elisa Bertino from the Purdue University, and Mitziu Echeverria and Omar Chowdhury from the University of Iowa. They have revealed their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.

The paper includes details of the attacks that could be implemented.  The first is "Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and canceled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location. Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and injector deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether," reported by TechCrunch.

According to security experts, most of the operators in the US including AT&T, Verizon, Sprint and T-Mobile are affected by Torpedo, and the attacks can be carried out with radio equipment costing as little as $200.