Search This Blog

Showing posts with label attacks. Show all posts

Nation States Are Using Cyber Crime Groups to Carry Attacks: States Blackberry Threat Report 2021


Nation-states are employing cybercriminals for hacking activities to perpetrate assaults in order to conceal their own presence. An e-security report by BlackBerry researchers indicates that the advent of advanced cybercrime – as – a – service schemes means that nations have the potential to cooperate more and more with organizations that can render attacks for them. 

Researchers at BlackBerry stated that Nation-state hacker organizations no longer have to do their work: they may recruit criminal cartels to break targets - with the extra advantage, analysts claim, that it really is difficult to monitor the attack back on them. 

Such cyber-criminal activity provides malicious hacking activities such as phishing, ransomware, or network violations and is compensated for their activities when information or access remains open to the nation-state that requested the operation. It also comes with the additional advantage that, since cybercriminals who use their own technology and tactics to carry out the attack, it is hard to reconnect the action with the state which had requested the operation. 

"The emergence, sophistication, and anonymity of crimeware-as-a-service means that nation-states can mask their efforts behind third-party contractors and an almost impenetrable wall of plausible deniability," warns the Blackberry 2021 Threat Report. 

Researchers are pointing out how advanced cyber-criminal campaigns have grown to the existence of extensive hacking operations, such as Bahamut. Bahamut used phishing, social engineering, malicious applications, modified malware, and zero-day attacks, originally defined by BlackBerry last year – and had been doing this for several years until it was discovered. 

Researchers note that Bahamut works with multiple consumers, who have an eye for work openings that give it more money—and some nation-states have the most money to spend on campaigning when it comes to funding—these are all just too diverse profiles and geographical areas of their victims to match their priorities with a single bad actor's interests. 

"Threat actor identification can be challenging for threat researchers due to several factors, such as overlapping infrastructure, disparate targeting, and unusual tactics. This is especially true when only part of a campaign is outsourced," said the report. 

Although networks can be difficult to defend against specific cyber-attacks, it is possible that companies apply cyber protection practices to help them keep out intrusions, such as having remote access for those who need them and always monitoring the network for unauthorized behaviors which are deemed suspicious.

Appliance Giant Whirlpool Smacked by Nefilim Attack


As Ransomware attacks become the new normal, people are increasingly falling prey to such attacks in cyberspace as well as beyond. As the attacks become sophisticated, the problem of ransomware has been prominent and no business worldwide is entirely immune to the threat. Recently one of the world's renowned multinational manufacturers and suppliers of home appliances, Whirlpool, headquartered in Michigan, United States become a victim of one of these ransomware attacks. 

The American appliance marketer company, Whirlpool is one of the world’s largest home appliance and home smart gadgets as well as device creators. It has a diverse variety of products under various categories namely Kitchen aid, Indesit, Hotpoint, etc. The incident demonstrated how not even the big names are immune to the ransomware threat. 

This ransomware attack was done by the Nefilim Ransomware Gang whose main task is to get into the encrypted data system by breaking the firewall and stealing confidential information for some obligatory money. With the same, if the money or the demanded amount in cash or kind is not provided on time, they leak the confidential information to the public. As per the investigations, a similar incident happened with Whirlpool in the first week of December 2020 as well, however, the exact time and date remain unknown. 

The data that the Nefilim gang leaked on its website includes sensitive information of the organization like the documents regarding employee benefits, medical information requests, background checks, accommodation requests, and much more.

Though they never opened up about the leaked data by the Nefilim gang, the consequences made them agree on the blooming rumors'. In an interview, Whirlpool talked about the attack and communicated, “Last month Whirlpool Corporation discovered ransomware in our environment. The malware was detected and contained quickly. We are unaware of any consumer information that was exposed. There is no operation impact at this time”.

“We live in a time when Illegal cyber crimes are all too prevalent across every industry. Data privacy is a top priority at Whirlpool Corporation, and we invest in the technology and processes to help protect, our people, our data our operations.”

Later, Whirlpool affirmed that their systems are fortunately restored after the malicious malware attack and everything is safe.