Search This Blog

Showing posts with label US Cyberattack. Show all posts

UNICC and Group-IB Shut Down 134 Scam Websites In a Major Crackdown

Cybersecurity agency Group-IB and UNICC carried out a joint venture where they took down 134 websites handled by hacking group "DarkPath." As per UN and Group-IB, these websites were earlier used to impersonate WHO. Hackers built a diverse network of 134 malicious domains that were pretending to be WHO on 'Health Awareness Day, ' asking people to fill a fake survey with an assurance of rewards in return. The hackers assured users €200 to take out the surveys and also share them with WhatsApp contacts. 

But, the rewards were never sent and the scam had built a massive spam campaign that gave new traffic to malicious websites. After informing UN's International Computing Centre, group IB worked with a range of service suppliers and network regulators, hosting providers, domain registrars to quash the 134 websites scam campaign. When the websites were blocked, hackers avoided using the WHO brand for their network campaign. But Dark Path still is active despite the WHO breakdown. As per Group-IB findings, the sites managed to land around 200000 users on the fake sites every day. 

Along with the multi-stage nature of the attack that makes it harder for researchers to detect, users saw personalized content that depends upon geolocation, language settings, and user agents. For instance, the reward currency for filling out the survey would vary depending upon the user's location. DarkPath controlled scam websites are still active and keep targeting millions of victims around the globe. These hackers promote their websites via paid ads, social media, and email blasts. 

According to UNICC, .during the infrastructure analysis, "Group-IB researchers examined the domains and other digital indicators and concluded that the whole network is likely to be maintained and controlled by a scammer collective codenamed DarkPath Scammers. Most of the domains with phishing and scam content are using CDN’s (Content Delivery Networks) to hide IP addresses of the real servers. The scammers are using the same infrastructure configuration with its traits and misconfigurations across all their servers. Group-IB continues to monitor the scammers’ activity. Organizations should carry out seamless online monitoring to promptly detect any cases of illicit use of their brands."

SolarWind Cyberattack: Microsoft Admits Hackers Could View Its Source Code

While Microsoft is investigating the major SolarWinds cyberattack, according to the company, it found that Microsoft's systems were hacked "beyond just the presence of malicious SolarWinds code." Microsoft believes that the Solorigate incident can be a chance to be together and work towards essential safety steps like sharing information, strengthening security, and countering cyberattacks. As per Microsoft, the attackers could see source codes in multiple source code repositories; however, the hacked account didn't give any permission to change any systems or code. 

Currently, Microsoft hints to “a very sophisticated nation-state actor” as the attacker, cybersecurity experts, and the U.S government has alleged Russia for orchestrating the SolarWinds attack. The cyberattack also revealed a listing of susceptible companies. Besides this, today's announcement of Microsoft shows that experts may find the further impact of the cyberattack in the coming weeks and months. As of now, Microsoft said that meanwhile the hackers managed to intercept deeper than before, the company didn't find any evidence which may suggest "access to production services or customer data,” or "no indications that our systems were used to attack others." 

Besides this, the company said that it holds a common assumption that hackers may be able to intercept its source code and that Microsoft doesn't depend merely on the privacy of source codes to safeguard its products. However, Microsoft didn't disclose how much the hackers were able to view the source code and what the hackers did with it.  In December, Dan Smith, Microsoft President warned that the cyber attack is a "moment of reckoning" and alarmed about its threat. He termed it as unusual espionage, not attacking any particular targets, but disrupting critical infrastructure trust and reliability to progress a country's intelligence organization.  

"The list of vulnerable companies is much smaller than SolarWinds’ overall client list, so simply appearing on the list doesn’t mean a company has been affected. SolarWinds claims that only 33,000 companies use the Orion product, compared to its total client base of 330,000," reports Verge. "As with many companies, we plan our security with an “assume breach” philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access," says Microsoft blog.