Search This Blog

Showing posts with label cyber attack. Show all posts

Experts predicted an increase in the number of DDoS attacks in 2020


In Russia, the number of DDoS attacks will increase due to the introduction of 5G technology, said Anton Fishman, head of the system solutions Department of the Group-IB.

He noted that the wider introduction of 5G will significantly increase the number of traditional attacks that providers have faced in recent years. "For example, the power and frequency of DDoS attacks will increase significantly due to many insecure devices."

According to him, a DDoS attack can be used as a distraction when stealing money from a Bank or disabling a service.

Earlier, Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank, said that the main areas that require attention when countering cybercrime are DDoS attacks, data leaks and fraud using social engineering methods. He explained that the number of DDoS attacks has increased, their quality has changed, in addition, it is quite difficult to detect them.

It is important to add that on the eve of the Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov said that in January the bank underwent the most powerful DDoS attack in its history.

"On January 2, 2020, Sberbank faced an unprecedented DDoS attack that was 30 times more powerful than the most powerful attack in the history of Sberbank. The attack was carried out using IoT devices (Internet of Things)," said Kuznetsov, noting that the state Bank successfully repelled the cyberattack.

According to Kuznetsov, not every company in Russia or even in the world could reflect such attacks.
"This could become a trend in 2020 [increasing cyber attacks]," he added.

According to Kuznetsov, in 2019, the number of hacker attacks on Sberbank increased by 15-20%, and the Bank records 280-300 attempts to attack its systems per day.

"We identify all of them and block them. In addition, it is worth noting that mass malicious mailings are still popular — about 50% of the emails that our employees receive are spam, including phishing attempts," said the Deputy Chairman of Sberbank.

Hackers from Russia hacked the Ukrainian gas company Burisma


Russian hackers in November 2019 attacked the Ukrainian energy company Burisma in order to gain potentially compromising information about former US Vice President Joe Biden and his son Hunter.

Starting in November 2019, a series of phishing attacks were carried out to gain access to the usernames and passwords of employees of Burisma, as well as other companies belonging to Burisma Holdings. According to an American cybersecurity company Area 1, hackers allegedly linked to the GRU and members of the Fancy Bear group, also known as Sofacy and APT28, are behind these attacks.

It is known that hackers managed to hack the accounts of some employees and thus gain access to one of the company's servers. Experts said that the timing and scale of the attacks suggest that hackers may have been looking for potentially compromising material about the former US Vice President and his son, who was part of the leadership of Burisma.

According to experts from Area 1, the tactics of Russian hackers, are strikingly similar to the hacking of the servers of the National Committee of the Democratic Party of the United States during the 2016 presidential campaign, for which the American special services also blame Russia. Then, as now, Russian hackers used phishing emails.

The story involving the son of Joe Biden in the work of Burisma caused of a loud political scandal in the United States. In this regard, an investigation was launched to impeach President Donald Trump.
In particular, it was pointed out that Trump, during his July phone conversation with his Ukrainian president Vladimir Zelensky, asked him to resume the investigation into Burisma, with which Joe Biden and his son were associated. Moreover, Trump threatened to freeze military aid to Kiev.

Kaspersky Lab recorded an increase in attacks by Russian hackers on banks in Africa


Kaspersky Lab recorded a wave of targeted attacks on major banks in several Tropical African countries in 2020. It is assumed that the attacks are made by the Russian-speaking hacker group Silence.

According to the company's leading anti-virus expert, Sergey Golovanov, "hundreds and sometimes thousands of attempts to attack the infrastructure of banks in Africa are blocked every day."
According to Kaspersky Lab, the hacker group Silence has already penetrated the internal network of

African financial organizations, and the attacks are "in the final stages".
During the attack, hackers could gain access to a large amount of confidential data that can be used in the future, said Golovanov.

At the end of August 2019, Group IB calculated the amount of theft from banks by the group of Russian-speaking hackers The Silence. From June 2016 to June 2019, the amount of damage amounted to about 272 million rubles ($4.2 million). Hackers infected financial institutions in more than 30 countries in Asia, Europe and the CIS.

According to Kaspersky Lab, Silence attacks financial organizations around the world with phishing emails containing malicious files, often on behalf of real employees of organizations. Viruses use administrative tools, study the internal infrastructure of banks, and then attackers steal money (including through ATMs).

The director of the Positive Technologies security expert center, Alexei Novikov believes that Silence did not increase activity at the beginning of 2020, and attacks outside of Russia and the CIS countries are uncharacteristic for them.

Recall that in October, Group-IB reported five hacker groups that threaten Russian banks: Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

Kaspersky Lab reports North Korean Hacker group Lazarus stealing cryptocurrencies using the Telegram messenger


A group of hackers calling themselves Lazarus modified their previous scheme to steal cryptocurrency which was used in 2018. Hackers use more effective tactics and act more carefully. According to Kaspersky Lab, now, not only users of the macOS operating system are at risk but also users of Windows.

Presumably, Lazarus hackers use malware that runs in memory and not on hard drives allowing it to remain undetected. The researchers believe that the group uses Telegram to spread the virus.

The new Lazarus attack was named Operation APpleJeus Sequel, which follows APpleJeus attack conducted in 2018. Principle of cryptocurrency theft remains the same as before: fake cryptocurrency companies are used to attract investors. The websites of these companies contain links to fraudulent

Telegram trading groups, through which malware that infects Windows computers is distributed.
Once the system is infected, attackers can gain remote access to it and steal the cryptocurrencies stored on the device. So far, researchers have been able to identify many victims of the new fraud across Europe and in China. A representative of Kaspersky Lab reports that it is known about the victims from Russia, China, Poland and the UK. At the same time, they include both individual traders and companies whose activities are related to cryptocurrency.

Kaspersky noted that currently, hackers from Lazarus have suspended their campaign using the messenger, but researchers suggested that in the future, attackers will use even more advanced methods.

Earlier, a closed UN report reported that North Korea finances the development of weapons through digital and Fiat currencies stolen from banks and cryptocurrency exchanges. Last fall, Group-IB said that a North Korean group of hackers stole $571 million in cryptocurrencies.

Attackers hacked a Spanish TV channel and showed an interview with the separatist leader of Catalonia


Spanish state television company TVE on Wednesday said that last Thursday unknown attackers used an open portal on its website to air a Russia Today program about Catalan separatist leader Carles Puigdemont.

According to the representative of TVE, hackers did not break into any external cybersecurity barriers but took advantage of the “open door” on the site.

As the source noted, it is too early to talk about the identity and location of the attackers, since the investigation is not yet finished.

The interview shown last Thursday was watched by about 96 users. Puigdemont and former Ecuadorian President Rafael Correa participated in a program produced by the Russian state channel. 
In addition, in an interview, Puigdemont said that there is no option to resolve the problem of Catalonia, which would not include the independence of the region.

It is interesting to note that both of them fled to Belgium after legal proceedings were initiated against them in their home countries.

Earlier, the Spanish authorities found evidence that Russian groups actively used social networks to support the independence movement of Catalonia and tried to influence public opinion in an effort to destabilize Spain.

Russia Today editor-in-chief Margarita Simonyan said that the channel was not involved in the hack.
"Hackers broke into the Spanish channel "+24" and turned on our broadcast instead of them, Simonyan commented on her Telegram channel.

"We just had an interview with Puigdemont, the chief on the independence of Catalonia. We don't know who did it, but it was beautiful," noted she.

Russian hackers in recent years are suspected of interfering in the political affairs of many countries, including the United States, Britain and France.

Twitter Followers of the Epilepsy Foundation Targeted by a Mass Strobe Cyber attack


A series of mass cyber-attack occurred during the National Epilepsy Awareness Month, as the hackers circulated videos and pictures of 'flashing strobe lights' to a huge number of Twitter followers of the Epilepsy Foundation and obviously aimed to trigger seizures in those suffering with the disorder.

The foundation revealed 30 similar attacks in the first seven day stretch of November, and said it had documented complaints with law enforcement authorities, also including with the US Lawyer's Office in Maryland, where the group's headquarters are situated. It was very indistinct what number of users tapped on the videos and animated images known as GIFs.

In that attack, a Marine Corps veteran from Maryland, John Rayne Rivello, was accused for utilizing Twitter to send a GIF with a blinding strobe light to an epileptic author, Kurt Eichenwald, who had expressed his views through his writings fundamentally on Donald J. Trump and his supporters during the 2016 presidential campaign.

The journalist Kurt Eichenwald was sent a strobing image over Twitter that caused him to have an epileptic seizure

Mr. Eichenwald, who was a correspondent for The New York Times from 1986 to 2006, had composed an opinion piece in Newsweek featured as "How Donald Trump Supporters Attack Journalists."  and in his writing he portrayed the death threats he had received on the grounds that he had 'written critically' on Mr. Trump.

In December 2016, after production of the Newsweek piece, Mr. Eichenwald told the investigators that he once came across such a message from somebody distinguished as @jew_goldstein, which contained a strobe light GIF and an assertion in capital letters: "You deserve a seizure for your posts."

Looking at the strobe caused an immediate seizure that kept going around eight minutes.

Investigators discovered several digital clues which drove them to Mr. Rivello, including a message he had sent to some other Twitter users that read, "I hope this sends him into a seizure." They likewise found a screenshot on Mr. Rivello's iCloud account demonstrating Mr. Eichenwald's Wikipedia page with a 'fake' date of death just as a screenshot of a list of epilepsy seizure triggers that had been duplicated from an epilepsy data site.

Nonetheless Mr. Eichenwald filed a lawsuit against Mr. Rivello in the federal court in Maryland for battery and various other claims. The defense moved to reject it, contending to some degree that the battery claim couldn't be bolstered on the grounds that Mr. Eichenwald didn't claim that any physical contact had happened.

Be that as it may, Chief Judge James K. Bredar of the United States District Court in the District of Maryland allowed the lawsuit to continue, further writing that the “novelty of the mechanism by which the harm was achieved" didn't make the supposed activities any lesser degree of an unjust act.

New Orleans: Mayor Declares State of Emergency after a Cyberattack


The city of New Orleans after being hit by a cyberattack, declared a state of emergency wherein the employees and officials were asked to shut down the computers, power down devices by unplugging and take down all servers as a cautionary measure. As a part of the incident, The Nola.gov website was also down.

Officials suspect the involvement of ransomware as the attacks demanding ransom has become increasingly common in the recent past and ransomware was detected as per Mayor LaToya Cantrell, however, there is no confirmatory lead on the matter as the city has not received any ransom demand from the attackers.

Earlier this year, in November, The State of Louisiana was hit by a ransomware attack which prompted officials to shut down government websites and deactivate other digital services and consequently, a state of emergency was being declared by the governor. As per the sources, it is the gravest cyber attack the state had witnessed till date, it took about two weeks for the authorities to restore all the systems and make them functional again. The attack was followed by aggressive measures being taken by the security officers who classified the attack being a "sophisticated and coordinated" one. As per the latest findings, it remains unclear whether the two attacks are linked to each other or not.

While drawing other correlations, New Orleans Mayor LaToya Cantrell referenced the attack back to one where several school systems in Louisiana were attacked by malware. The compromised school systems were from Sabine, Morehouse, and Ouachita, according to the reports by CNN.

“Out of an abundance of caution, all employees were immediately alerted to power down computers, unplug devices & disconnect from WiFi. All servers have been powered down as well,” stated a tweet from New Orleans’ Office of Homeland Security & Emergency Preparedness.

During a press conference in regard of the matter, Mayor LaToya Cantrell said, “We have a unified command, we’re here with not only our local partners but our state and federal partners as well, which includes our national guard, Louisiana state police, FBI, the state fusion center and secret service."

Russian Telegram Accounts Hacked by Intercepting One Time Password (OTP)


According to a firm Group-IB, in the last few weeks a dozen Russian entrepreneurs saw their Telegram accounts hacked. And what's disturbing is the way these accounts were accessed. The attackers intercepted the codes used to authenticate user and give access.

A Telegram App logo in QR code

 How the attackers gained access?

In normal procedure, whenever someone logs into Telegram using a different device, a one-time password (OTP), is texted to them and the user can log into their account using this secret code. Now, these hackers managed to access this one-time secret code and snooped on Telegram chats of various users.

Dmitry Rodin, one of the victims of this attack, runs a coding school in Russia. He told the media, he was given a warning by telegram, that someone is trying to access his account. He ignored the notification but another notification came saying some has successfully logged in from Samara, Russia, he immediately terminated all active sessions except for his.

Like Group-IB, he also believes that there was a problem with the telecom operators or his phone was hacked and not the messaging app Telegram. “Perhaps someone logged into my account by intercepting the SMS, which suggests that there might be a problem on the side of the telecom operator,” he said. “This means that other accounts using SMS as an authentication factor are also threatened.” 13 such cases have been reported so far.

"However, this number is likely to increase since we are speaking about a new threat, which has just started spreading,” a company spokesperson said.

 Is SS7 being abused?

The most worrying part is that One-time password (OTP) were hacked, if this hypothesis is indeed true then we are looking at a very big security threat as this technology is used in many log-ins and financial transactions. Another hypothesis is that victim's devices were hacked and the attackers were spying on their messages but Group-IB found no traces of such activity on the victims' phones. And thus Group-IB is tilting towards a mobile network SS7, that's being abused.

Forbes reported, "Think of SS7 as the part of telecom infrastructure that deals with shifting users between networks as they travel abroad. It also manages the changes in charges when traversing different nations’ networks. But in recent years, hackers have learned that if they can get leverage on that network they can silently intercept text messages. Previously, such attacks have been used in bank account breaches and by surveillance companies."

Now, this same network could be used for hacking Telegram accounts.

 Selling access to accounts on the dark web 

Group-IB also suspects that access to these accounts is being sold on the dark web-based Hydra forum for 3,900$ as well as selling access to WhatsApp messages and user info. Now, they think that these could be linked.

“What made us think that the attacks might have something in common with these advertisements is the fact that the incidents coincided with the time the posts were published,” the company spokesperson added.“But we cannot rule out that there are far more connections between these  two events, which is yet to be established in the course of an investigation.”

Maze Ransomware Exfiltrated Data of Southwire Firm, Threatens to Publish if Ransom Not Paid


Maze ransomware, a variant of Chacha Ransomware that has been leading the charge of various ransomware attacks lately, now claimed responsibility for yet another cyber attack, this time on North America's most prominent wire and cable manufacturer, Southwire that generates household and industrial cables, utility products, portable and electronic cord products, OEM wire products, engineered products, and metal-clab cables for more than 50% of Northern America. It's a leading wire producing company with over 7,500 employees and has been around for seven decades now.

The attackers surreptitiously infiltrated company data and demanded a ransom of approximately $6 million (859 BTC) for a safe release of the data which reportedly is all set to be published in case the company fails to pay the demanded amount.

Maze Ransomware was originally discovered by Jérôme Segura, a security researcher at Malwarebytes in the month of May, earlier this year. Since then, the malware strain has gained massive popularity and is continuously becoming more and more active. While organizing various malspam campaigns, it has been discovered that its affiliates are essentially more dangerous.

On Monday, around the time when the company's website suffered the ransomware attack, admins located a message posted in Imgur demanding a ransom of 850 BTC from the company. In the wake of which, a topic was started on Reddit where Snooze16, seemingly an employee of the company, while putting the situation in perspective, said, “I went into the offices yesterday afternoon. Everyone was headed home – no computers. It looks like their site is still down. The IT guy that was there told me that the plant called him at 5 am asking how to shut the servers down. Bad time of year not to be shipping.”

In a conversation with the Chronicle, Jason Pollard, vice president of Talent Acquisition and Communications for the wire manufacturer, told, "We immediately self-quarantined by shutting down the entire network,"

"The incident did cause some disruption in our ability to make and ship our products."

"The safety of our employees, the quality of our products and our commitment to our customers are critically important to us. Today, we’re bringing critical systems back online, prioritizing manufacturing and shipping functions that enable us to create and send the product to our customers. We are dedicated to restoring all systems and bringing all of our employees back to work as safely and as quickly as possible." He further added.

Pensacola City Hit by a Cyberattack After Deadly Shooting at Naval Air Station


The city of Pensacola, Florida was hit by a cyberattack that came in the wake of a deadly shooting at the naval air station wherein a Saudi flight student killed three sailors and wounded eight others.

As the trainee who pulled the shooting had ties to a foreign nation, the incident was labeled as a potential terrorist attack and has consequently incited international controversy. Officials suspect a link between both the incidents, however, no confirmatory lead has been gained onto the subject of the connection between the two events.

The city has been struggling with the cyberattack that began around 1:45 a.m on Saturday and took down the city's computer systems while keeping various city services at halt. Reportedly, the incident has incapacitated the city's online payment services, email services, phone lines, and 311 customer service. However, emergency support services such as fire and police remain unaffected during the incident, as per the officials.

Commenting on the matter, the city's spokeswoman, Kaycee Lagarde said, "I can confirm the city of Pensacola has experienced a cyberattack and we've disconnected much of our city's network until the issue can be resolved."

"As a precaution, we have reported the incident to the federal government," Lagarde added.

Officials have been investigating to determine the nature of the attack, whether it was a ransomware attack or not along with the details of any valuable information lost during the incident.

"The city of Pensacola is experiencing a cyber attack that began this weekend that is impacting our city network, including phones and email at City Hall and some of our other buildings," said Mayor Grover, C. Robinson.

"We're still trying to figure out what's happened, what's there and what there may be potential for."

"We don't know if they're connected or not,"

"We have discussed and we have talked with the FBI. It's my understanding that we sent stuff to them, and we're continuing to work. Our computer people worked through the weekend to see what was happening." He further told at his weekly press briefing.

This year witnessed an unusual rise in the number of cyberattacks on governments– local and state; US cities and towns have been particular targets for ransomware attacks in recent times. Reports state that most of these were co-ordinated chains of attacks aimed at breaching computer networks.

The latest statements on the issue suggest that the city is actively involved with the FBI in order to resolve the matter.

Georgia in a panic after a strange cyberattack


On October 28, several hundred websites in Georgia were attacked by hackers. As a result of the cyberattack, several Georgian TV companies stopped broadcasting. The cyberattack was also carried out on the website of the administration of the President of Georgia Salome Zurabishvili. When the site was opened, a photo of the runaway ex-President of Georgia appeared with the inscription: "I will be back." The damage, according to preliminary data, is very large.

The State Security Service and the Ministry of Internal Affairs with the support of partner countries are investigating a massive cyber attack on public and private sites in Georgia.

The Georgian Ministry of Internal Affairs admitted on Tuesday that the attack could come from both Georgian territory and from abroad.

Political scientist Tornike Gordadze, who held the post of minister in the government of Saakashvili, believes that this is a vivid example of "the ineffective work of the government to ensure security against possible threats, including from Russia."

In addition, the French Daily Le Monde saw the Russian connection in a large-scale cyberattack.

According to the newspaper, the current Georgian authorities are taking new steps to improve relations with the Kremlin in the hope of resuming trade with the Russian neighbor, as well as the extradition of alleged criminals. The hacker Yaroslav Sumbayev, who was arrested in Georgia in 2018 and suspected of involvement in the murder of Colonel Evgenia Shishkina, who was investigating economic crimes and corruption offenses, was handed over to Russian authorities on October 24, despite a statement by his lawyer regarding the risk of "inhuman treatment." The publication believes that a large-scale cyber attack could be a retaliation from the hacker community.

Former analyst of the Georgian National Security Council and political affairs assistant to the Prime Minister of Georgia, political analyst Tornike Sharashenidze, did not rule out "the involvement of the Russian Federation in the hacker attack in Georgia."

Group-IB reported on the five hacker groups threatening to Russian banks


The main hacker groups threatening Russian banks are Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. They can hack a Bank, reach isolated financial systems and withdraw funds, said Ilya Sachkov, CEO and founder of Group-IB, a company specializing in preventing cyber attacks.

At the same time, hacker groups are shifting their focus from Russia to other countries.

According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

"For example, Silence began its activities in Russia, but gradually shifted its focus to the CIS, and then entered the international market. Group-IB analysts have detected Silence attacks in more than 30 countries in Europe, Asia and the CIS for the current year," said Sachkov.

According to him, the pro-government hackers of developed countries are the most dangerous, since their activity is less noticeable, while they have a better arsenal for carrying out attacks.

"Our last year's forecast came true. The number of targeted attacks aimed at espionage, sabotage or obtaining direct financial benefits has grown significantly. So-called "digital weapons" or cyberweapons, which can stop production processes and disable networks of critical infrastructure and large commercial enterprises, are actively used. This is a serious problem. The number of cyber attacks will increase and it will be more difficult to resist them, " added Sachkov.

The head of the company Group-IB also said that cybercriminals began to use a new method of stealing money from Bank customers by installing remote access programs on smartphones. The monthly losses of large banks from this type of fraud can reach 6-10 million rubles.

He noted that the Secure Bank system monthly records of more than 1 thousand attempts to steal money from the accounts of individuals using this scheme.

Earlier it was reported about a new way of stealing from Bank cards. Hackers pose as Bank employees using the technology to substitute phone numbers.

Bengaluru's Police Accounts Hacked: Culprits changed Twitter ID’s



BENGALURU: In the last four days, five of Bengaluru’s Traffic Police Twitter accounts have been cracked where the hacker alleged access to the accounts, posting spams and changing their usernames.

While the police exhort about strengthening cyber security and the need to use strong unique passwords to safeguard online accounts, their own accounts are being hacked by simple password guessing techniques.

Jayanagar Traffic Police was the first account to be hacked at around 10 pm on Friday, followed by ACP South East Division and soon KR Puram, Shivajinagar and Airport traffic police twitter accounts too were hacked by Sunday.

This is not the first time when Bengaluru’s traffic police have been made a victim of cyber crime - Elliot Alderson, a French based hacker broke into the city’s traffic police website in march this year exposing directories. Even other government sites are not well protected, the Aeronautical Development Agency’s (ADA) TRACES account of the Income Tax Department was hacked with impunity with the culprit still unidentified.

Though, in this case, the culprits simply second-guessed common passwords. A man called up various traffic police stations, claiming to be from the IT Department and asked account details and passwords to reset them. It is suspected that one of the staff members fell for the con and shared the password.

The black hat tried the password on other accounts and voila, it worked!

After breaching their twitter handles, the miscreants posted spam messages from these accounts and changed their usernames resulting in Shivnagar Traffic police handle being renamed as ‘SHIVAJINAGAR CINEMA’ and KR Puram became ‘KR PURAM T BOLIWOOD’.

These consequences could have been avoided by quick thinking and strong passwords. Cyber security experts repeatedly identify the use of strong, unique passwords so that malicious cyber threats can’t find or guess your password. SplashData, a password security company estimates that approximately 10% of individuals used at least one of the 25 worst passwords on this year's list, and approximately 3% used the worst — 123456.

Additional commissioner of police (traffic) BR Ravikanthe Gowda said they have filed a complaint with city cyber crime police and told officials to immediately change passwords to secure their accounts (quoting TOI). They also reported the hacking to twitter awaiting a response.

An officer said they are unable to take back control of their accounts on grounds of lack of trained men for the job.

Bengaluru has only one cyber crime police station with a tally of 8,200 cases this year, though to open more of these has been repeatedly proposed to no effect.

Sberbank helped one of the largest US banks to prevent a cyber attack


In July, Sberbank helped one of the largest US banks to prevent a cyberattack and avoid damage of several million dollars. Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov announced this at the Eastern Economic Forum.

"At the end of July, our cyber defence center recorded an attack on one of the largest American banks. We informed the Bank, informed the relevant departments of payment systems to prevent the withdrawal of funds. At least several million dollars were saved," he said.

At the same time, Kuznetsov refused to tell which Bank was exposed to attack.

Kuznetsov shared the details of the cyberattack scheme. According to him, the fraudsters managed to hack one of the acquiring terminals and conduct a large number of operations. In the United States, PIN verification of transactions up to $130 is not required. As a result, at one moment the resources of several banks were attacked through a large number of operations.

At the same time, he stressed that this is a clear example of the fact that credit institutions should detect such attacks in an automated mode and not allow any actions directed against customers of both Russian and foreign organizations.

In addition, Stanislav Kuznetsov said at the Forum that Sberbank recorded about 2 thousand attacks on its systems in the first half of the year and prevented possible damage from them in the amount of at least 25 billion rubles.

According to him, the Bank noted the growth of social engineering."This is a trend to collect data about a person and corporations, and the second trend - we see that scammers focus on those companies that are poorly protected, and this is small and medium-sized businesses," he noted.

At the end of his speech, Kuznetsov said that North Korea's attacks on Russian banks are a myth, the threat to Russian resources comes "from another direction".

It is worth noting that this is the Fifth Eastern Economic Forum, held in Vladivostok on September 4-6.

Expert warns cyber threats to worsen with tech advances


Technological advances like Artificial Intelligence, Internet of Things, Automatic Cards and others will throw up new challenges for cyber security and all countries must unite to foresee and combat them, a leading Israeli cyber security expert said on Monday.

"The Internet was not designed for security, hence it is inherently insecure since everything is hackable. It is more difficult to be a cyber security personnel than a hacker. The hacker has to succeed only once, where the the cyber security personnel has to succeed always to remain safe, within many rules and regulations," Menny Barzilay, the CEO, Cyber Research Centre of Tel Aviv University and CEO of Cytactic, said.

He pointed out how "smart people" from different countries are joining hands to commit cyber crimes and hence there is "a need for super-smart people" from around the world to join as cyber security experts.

"Cyber threats don't create a sense of urgency, unlike a bomb threat, and we cannot feel it in our senses. It is therefore more difficult to convince people that the 'cyber' threat is real," said Barzilay, addressing a panel discussion on cyber security at Nehru Science Centre (NSC) via videoconference.

The discussion was also attended by Israeli Consul-General in Mumbai, Yaakov Finkelstein, security experts from the Mumbai Police and students.

Recalling an incident of cyber attack on Sony Corporation after the release of its film, "The Interview", Barzilay said that corporates are not prepared to face cyber crimes and the government must support them during such cyber hits.

"Billions of devices, part of Internet of Things implies they are prone to hacking, a smart device means being vulnerable, it will also affect our privacy. Big companies have lot of data about users and can manipulate them for private gains, something which allegedly happened in the US elections," he said.

Attackers demand $2.5 million for Texas Ransomeware




The cybercriminals who attacked multiple Texas local governments with file-encrypting malware via compromising service provider's network.

The attackers demanded a ransom of $2.5 million for decrypting the entire local government files, the mayor of a municipality says.

The Department of Information Resources (DIR) has announced that a total of 22 victims has been established, while all of them were attacked by a single party.

However, the names of all the victim municipalities have not been disclosed, whereas two municipalities have announced the hit publicly.

In a statement released by the city of Borger, "Based on the current state of the forensic investigation, it appears that no customer credit card or other personal information on the City of Borger’s systems have been compromised in this attack. No further information about the origins of the attack will be released until the completion of the investigation,"

Keene is another city affected by this ransomware attack. Both of the administration right now can not process card payments or utility disconnections.

The city will inform its citizen as soon as they restart business and financial services, press release. 

An iMessage Vulnerability Patched by Apple Allowed Potential Attackers to Read Contents of Files





An iMessage vulnerability was discovered by Google Project Zero security researcher was as of late fixed by Apple as a component of the 12.4 iOS update which enabled potential attackers to peruse contents of many files put away on iOS devices remotely with no user interaction.

The security flaw tracked as CVE-2019-8646 was reported in Apple during May. Natalie Silvanovich, the researcher who found the vulnerability created the proof of concept works just on devices running iOS 12 or later and said that it is structured as "a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious."
Describing the issue in detail on Project Zero's bug tracker she says:

 “First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage). Second, it allows an NSData object to be created with a length that is different than the length of its byte array. This violates a very basic property that should always be true of NSData objects. This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed.”

Later adding the Google security researcher says that ‘the iMessage issue is caused by the _NSDataFileBackedFuture class which can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called.’

Apart from this Silvanovich discovered two other iMessage vulnerabilities in collaboration with Google Project Zero's Samuel Groß, flaws that additionally got fixed in the iOS 12.4 update.
The first is memory vulnerability in Core Data tracked as CVE-2019-8660 fixed with improved length checking and the second, a Core Data use after free issue tracked as CVE-2019-8647 that may enable a remote attacker to cause arbitrary code execution on iPhone 5s or iPad's.

In general, five iMessage bugs were found by Silvanovich, with the last two being an input validation issue which could block devices with a contorted message, that was fixed in iOS 12.3 and released on May 13 and an 'out-of-bounds read' read prompting a memory leak which was fixed in watch iOS 5.3 issued on July 22.

Cyber security Team Identified Ransomware Utilized to Compromise City Power



Residents of Johannesburg using pre-paid electricity meters were not able to load the electricity purchased from City Power and were also unable to purchase further electricity due to a ransomware attack which compromised City Power's database.

Earlier, City Power said while the variant of ransomware utilized to carry out the attack remains unknown, they have the encrypted network, applications, and database being restored and rebuilt by their ICT department.

Easing off the customers, Isaac Mangena, the utility's spokesperson, said, "We want to assure residents of Johannesburg that City Power systems were able to proactively intercept this and managed to deal with it quicker."

"Customers should also not panic, as none of their details were compromised," Mangena assured.

On Friday, City Power announced that their cybersecurity team identified the variant of malware which temporarily paralyzed the city's computer systems.

Reportedly, the email systems took the hardest hit by the ransomware and were taking a while to recover and be functional again.

While giving updates, Mangena said “The virus samples have been taken to the external labs for analysis and testing,”

“Our IT technicians have also recovered and, in [a] few instances, reconstructed most of the systems,, applications, and data that was threatened, using backup files.”

Victims of the cyber power attack along with the customers, have been raging since the incident happened and encrypted the computer databases, applications and network.

City Power turned to external cyber security experts who worked in association with their team to tackle the issue.


Equifax Paying Settlement around $700 Million after Massive Data Breach


Almost two years ago, Equifax suffered a massive data breach which exposed a significant amount of sensitive data of over 143 million Americans, the compromised information included that of driving licenses, social security numbers, and addresses of the victims. 

It has been uncovered by The Wall Street Journal and The New York Times that the consumer credit reporting agency is closing in on a settlement with FTC, state attorneys general, Consumer Financial Protection Bureau along with state and federal agencies. Equifax could settle up with $650 to $700 million, out of which it has put aside $690 million for the purpose of penalty. 

As per the media findings, the amount is expected to differ on the basis of the number of people filing claims and the details of the same will be released on Monday.

Notably, the settlement entails terms to devise a separate fund for the purpose of settlement, however, the amount victim's could expect in compensation is still a matter of question.

Commenting on the matter, Equifax CEO, Richard Smith, said, “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” as he decided to retire in the wake of the cyberattack. 



UK Police's Forensic firm targeted in cyber attack









An investigation has been launched after a ransomware attack targeted the UK’s largest private forensics provider, which is widely used by forces across the country. 

The firm Eurofins scientists detected a breach of its systems on June 2. After following the report, police have suspended all its work with the company. The company carries out DNA analysis, toxicology, ballistics and computer forensics work.

The National Police Chiefs’ Council, Chief Constable James Vaughan, said in a statement: “We have put our national contingency plans in place, which will see urgent submissions and priority work diverted to alternative suppliers to be dealt with as quickly as possible.’’

“It is too early to fully quantify the impact, but we are working at pace with partners to understand and mitigate the risks. We will share more information as soon as we can.”

The company has been told to return the casework that had not been started. They deal with more than 70,000 cases ever year, including murders and terrorism.