Search This Blog

Showing posts with label cyber attack. Show all posts

Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack



The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. 

The test had been hit by a distributed denial of service (DDoS) attack, which includes a hacker or group endeavoring to bring down a server by overpowering it with traffic according to ExamSoft, one of the three vendors offering the exam that certifies potential attorneys. 

The incident marked the first DDoS attack the organization had encountered at a network level, ExamSoft said, and it worked with the Michigan Board of Law Examiners to give test-takers more time to take the test after it was ready for action once more. 

The company noted that "at no time" was any information compromised, and that it had the option to “thwart the attack, albeit with a minor delay” for test-takers. 

The Michigan Supreme Court tweeted preceding the organization's statement that a "technical glitch" had made the test go down, and those test takers were “emailed passwords and the test day will be extended to allow for the delay for some test takers to access the second module.” 

As per the court, those taking the test with provisions from the Americans with Disabilities Act were not affected by the episode.

 “All exam takers were successfully able to start and complete all modules of the Michigan Bar exam,” the organization wrote. 

“This was a sophisticated attack specifically aimed at the login process for the ExamSoft portal which corresponded with an exam session for the Michigan Bar,” ExamSoft said in a statement on Tuesday. 

United for Diploma Privilege, a national gathering of law students, graduates, professors, and lawyers pushing for the bar exam to be postponed during the COVID-19 pandemic, raised worries about data privacy issues associated with the cyberattack.  

Numerous states have opted to offer the bar exam in-person this month, while others will offer the test online in early October. 

A spokesperson for the National Conference of Bar Examiners (NCBE), which drafts a segment of the test, told 'The Hill' just earlier this month that states and jurisdiction could decide to offer the test through vendors such as ExamSoft, Extegrity and ILG Technologies.


Recent Twitter hacks raises security concerns and discredits the platform's credibility


The recent hack on Twitter leaves security researchers and others worried about the credibility of the platform, especially during the upcoming US presidential election and how a hack like this, if to be occurred during the elections, could be catastrophic.

Late Wednesday, a number of Twitter's verified accounts were hacked including former president Barack Obama, Democratic presidential candidate Joe Biden, Actress Kim Kardashian, Co-founder Microsoft Corporation Bill Gates, Amazon CEO Jeff Bezos, and Tesla founder Elon Musk. The hackers gained the login credentials of employees and hijacked these accounts. 

The company tweeted, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” And "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.” 

This raises the concern that the platform has been compromised and that the hack was not performed from the user end rather it was attacked from the server.

Adam Conner, vice president for technology policy at the Center for American Progress, tweeted, “This is bad on July 15 but would be infinitely worse on November 3rd.” Twitter is a critical platform of political discourse and discussion and often serve as a news source. And if something similar to this was to occur on or near to Nov 3 Presidential Elections to say important political persons like Donald Trump; it would be cataclysmic.

“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” said Michael Borohovski, Director at Synopsis.

These hacks have damaged Twitter's reputation especially since these are not the first attack on the platform but the worst one yet for sure. Dan Guido, CEO of security company Trail of Bits responded on the hack saying, “Twitter’s response to this hack was astonishing. It’s the middle of the day in San Francisco, and it takes them five hours to get a handle on the incident".

 The hijacked accounts tweeted to double the money sent to them via Bitcoin. By Wednesday evening 400 transfers were made and transactions worth $120,000 occurred.

Hackers "showed ethics" and did not attack medical services in Russia during the pandemic


During the pandemic, there were no hacker attacks on medical institutions in Russia, unlike in many countries of the world, Group-IB reported. The company believes that the hackers showed "rare ethics for our observation"

Many computer hackers during the coronavirus pandemic refused to attack the information system s of Russian medical institutions, said Ilya Sachkov, CEO of a cybersecurity company Group-IB.

According to Sachkov, attackers who launch DDoS attacks can have “professional ethics” - unlike those who create fraudulent resources for fraud. Group-IB noticed attacks on medical institutions in many countries of the world, but this did not happen in Russia: there weren’t even any announcements on hacker forums or attacks by ransomware, said Sachkov.

The head of Group-IB added that the company noticed "some rare ethics for our observation" from hackers. “As if taking into account what is happening, everyone understood that in Russia medical facilities are a matter of life or death for many people ... This, of course, is my guess, I did not communicate with hackers, but I noticed. In principle, this [attack on the hospital] would be super-moral,” added Sachkov.

In April, Group-IB reported that the pandemic had divided the hacker community: some tried to profit from people's panic, while others condemned it. Several users on hacker forums at the time urged others to stop using the coronavirus for harmful purposes. In the spring, fraudsters actively used the COVID-19 theme to trick money from the Russians. The Central Bank also noticed the problem.

In May, Group-IB said that fraudsters activated a theft scheme with online purchases and false courier services. Due to the fact that many people were self-isolated and began to actively use the services of couriers, the number of registrations of fake sites similar to the sites of real delivery services has increased several times.

Threats to U.S. Space Systems Multiply Rapidly; a Novel Approach Emerges For Protection



The increasing vulnerability of U.S. space systems lately has incited its rivals to begin with their development of mechanisms for disabling space assets as a method of 'hobbling the joint force' and subverting the economic performance of the nation.

The purpose of this progression is the dependence of America's military forces which are spread across the world for communications, navigation, reconnaissance, and weather forecasts and that the most critical infrastructure sectors in the U.S. economy depend on space frameworks for fundamental administrations.

As of late certain reports from intelligence agencies indicate that enemies have now started focusing not only on satellites, but also on the ground stations that control them, the links between the satellites and the stations, and the ability of the users to access certain services, like the Global Positioning System.

The reports depict various ways in which the U.S. space capabilities may be debased, from electronic jamming of signs to high-power lasers that visually impair sensors to physical attacks on control centers.

It is clearly evident that the dangers to the U.S. space system are increasing consistently, and cyber-attacks offer the broadest exhibit of alternatives to the greatest grouping of troublemakers. 

Against that background, just the previous month a national-security contractor ManTech, came up with a 'novel approach' to deal with protecting military, intelligent, and commercial space assets against cyber-attacks.

Dubbed as Space Range, and it permits users to 'replicate' space networks in a controlled environment with the goal that their vulnerability to cyber aggression can be evaluated. The $2 billion company headquartered in Northern Virginia, has been doing this kind of work for quite a while. It had created the defense department's first cyber test range in 2009, and three years ago even launched an Advanced Cyber Range Environment.

Space Range, which began on May 4, is unique in the sense that it permits profoundly talented cyber experts to attacks exact replicas of satellites, ground stations, uplinks/downlinks, and so forth in a hyper-realistic environment that is air-gapped from the outside world.

As a company press release puts it that gives players the “ability to find hidden vulnerabilities, misconfigurations and software bugs on precise network replications.” The entire framework depends on a software-defined infrastructure model that can be reconfigured in hours as opposed to weeks.

That good news when time and money of the users is concerned, however, the most significant feature of Space Range is that it offers engineers and operators a protected and legitimate setting where to practically investigate the 'hardening' of their overhead resources against cyber-attack.

Nevertheless, with space quickly turning into a field of extraordinary competition, there isn't a lot of uncertainty that the Pentagon's recently introduced Space Force will be 'robustly funded' going ahead.

ManTech's Space Range will in no time, probably transform into a significant tool in assisting the government and industry to figure out where training and hardening outlays should be concentrated.

Is a cyber pandemic looming over our heads?


The year 2020 is proving to be quite a hassle and the adversities don't seem to be slowing down. COVID-19 has already created atypical conditions of living with complete lock-downs and travel restrictions. We would like to think that after COVID-19, when the vaccine will come everything would return to normal and things would go back to the way they were. It's a comforting thought but quite far from the truth.


It seems that COVID like incidents would become the new normal, the world is not as invincible as we thought. The modern world is prone to disasters, pandemics, and environmental catastrophes. And the next mishap staring us in the face is a cyber pandemic. Security researchers have predicted that a “Cyber Pearl Harbor” or “Cyber 9/11” is inevitable. These assumptions disappeared with time due to lack of evidence but in the wake of COVID-19 doubts like these are resurfacing.

The Check Point CEO warns “that the new reality created by the coronavirus pandemic will cause threats in the cybersecurity field to rise, and that countries need to protect themselves against the coming ‘cyber pandemic.’ “What happened in the last three months pushed forward five, maybe even 10 years of technological evolution,” he says. “More services moved online; companies removed barriers. We allowed developers to work just from within the company physically, so we could keep our intellectual property.  In one day, we had to change all of that and allow people to access from home. This rapid change means hackers will find a way. The hackers can find a way to hack a personal computer of an employee and through them get into our Crown Jewels.”

Though the World Economic Forum gives a ray of sunshine saying that this corona pandemic has thought us how to fight off and prepare for the "inevitable global cyberattack". A good thing out of this pandemic is that it teaches us about cybersecurity and the measure of the impact a massive attack would have to better prepare ourselves for this sort of assault.

 The World Economic Forum states three lessons-
  •  Speed of the attack

They predict that a cyberattack would spread exponentially faster than any biological virus. The RO (reproductive rate ) of COVID-19 is two to three whereas the 2003 Slammer/Sapphire worm (fastest worm) doubled every 8.5 seconds.

  • The Economic Impact 

World Economic Forum says that the digital economic shutdown will put a similar dent, which may be greater to the economy as the one currently. The only way to prevent the spread of the digital virus would be to shut down systems and machines to break the chain and one day without internet would cost the World a loss of 1 billion dollars.

  •   Recovery 

The recovery would no doubt be challenging in both measures - to replace the infected devices and damage recovery.

But there are learning to be taken from COVID-19 that these sorts of attacks can happen and to be better prepared for them. Effective communication, coordination among private and public sectors, and a substitute for digital work will go a long way to battle the upcoming cyber pandemic.

Hackers attacked hospitals in the Czech Republic: Russia is suspected


According to the Lidové noviny newspaper, a foreign state may be behind the cyberattacks, and hacker groups from Russia may be involved.

"The organizer is a foreign country. It is beginning to become clear that Russia may be behind this. IP addresses lead there," a high-ranking officer who is part of the team of investigators told the newspaper. His words were confirmed by a member of the Czech Security Council.

Last week, hackers tried to hack into hospital networks in the Czech Republic. According to Health Minister Adam Vojtech, all attacks were repelled, "but other attacks may follow."

Attacks to the Czech Republic, caused during the pandemic, was mentioned in a speech last weekend by US Secretary Mike Pompeo. He warned that such attacks will not go unpunished.

"I highly appreciate the support of the United States and all its allies who are helping to ensure our country's cybersecurity. Cyberattacks on Czech medical institutions during the fight against the COVID-19 epidemic are similar to the behavior of hyenas. I hope our experts will soon find those who are interested in the defeat of the Czech Republic in the fight against infection,” said Czech Foreign Minister Tomas Petrsicek, in turn.

Meanwhile, the Ukrainian Embassy in the Czech Republic said that they condemn cyberattacks on Czech medical institutions, which is especially cynical during pandemics: "Ukraine, which has been facing Russia's war for six years, including the cyberwar, stands in solidarity with its Czech friends and will share its experience in fighting the aggressor."

The Russian Embassy on its Facebook page called the publications "fake news".

"In this regard, the Embassy of the Russian Federation in the Czech Republic would like to emphasize that parasitising the topic of the coronavirus epidemic ... goes beyond all possible moral and ethical limits."

Attackers Hacked the Digital Pass System of Moscow residents


Moscow's residents are warned about scammers who offer to issue digital passes for moving around the city on social networks

Recall that on last week Moscow Mayor Sergei Sobyanin and Moscow Region Governor Andrei Vorobyov signed a decree according to which special digital passes are introduced for trips in Moscow and the Moscow Region on personal and public transport. Quarantine residents of Moscow will need to receive a QR code on the City Hall website for each exit from their homes. QR codes can begin to be issued on Monday, April 13, 2020.

A bot appeared in Telegram that offers citizens to get a digital pass through the messenger. It asks for the phone number and personal data of the citizen, including passport. Also, hackers offer to issue a pass on social networks.

Moreover, Telegram channel 4chan posted information that while the QR code issuing system was in beta testing, unknown hackers managed to hack it.

"The program for generating QR codes for quarantine from the Moscow government has not yet left the beta test, but it has already been hacked and generated universal promotional codes that will allow you to go around Moscow unlimited," the channel authors write.

The author of the microblog @A_Kapustin in the social network Twitter managed to post several electronic passes. Some of them, according to the user, allows you to walk within a kilometer from home, and others give the owner the opportunity to freely walk around Moscow. Some QR codes are already blocked, according to the author, but new generations appear in the network.

At the same time, scammers became active in another segment. Russians began to receive SMS messages notifying them of violations of their self-isolation regime and demanding to pay a fine for these offenses.

Experts believe that the situation is complicated, because the Russians do not have time to follow the rules that the authorities of a particular region introduce, which means they are afraid to make something wrong. This is used by scammers, organizing entire schemes using SMS, social networks and messengers. The goal is to get access to data for emptying Bank cards.

The Russian Foreign Ministry has warned of the threat of cyber pandemic to humanity


Director of the Department of International Information Security of the Russian Foreign Ministry Andrei Krutskikh said on Tuesday during the online discussion “Information Security and the Digitalization Process: Between Development and Fears” that in addition to the coronavirus pandemic, humanity today is threatened by cyber pandemic provoked by the negative development of digital technologies, which could lead to military confrontation.

"We are dealing with two pandemics. One is a bio pandemic associated with the spread of coronavirus, people are dying, and now this is a priority topic. But in parallel with it, another global problem is also deepening, and it is probably human made - this is what I would call a cyber pandemic. Under cyberpandemic I understand the possibility of the involvement of humanity in cyber confrontation and even cyberwar," said Mr. Krutskikh.

He explained that the manifestations of cyberpandemic are hacking, cyberterrorism, cyber interference in private life and the development of states. "This is all a consequence of the development of negative trends in improving cyber technologies," added the diplomat.
"I also refer to the fact that a number of states proclaim doctrines of the right to launch preemptive cyberattacks even against a potential enemy when no one's guilt has yet been proven," added Mr. Krutskikh.

At the same time, he stressed that the forced transfer of many areas of life "to online" in the context of the coronavirus pandemic clearly shows the need to ensure international information security and develop common measures to combat cyber threats.

"We must develop not only a common language terminologically, not only a common understanding but also common security standards. We must not be late in finding solutions before the next cyber crisis,” warned Mr. Krutskikh.

On Tuesday, the Bank of Russia announced new fraudulent schemes to steal money from bank accounts using social engineering; criminals are actively using the theme of coronavirus infection.

Coronavirus Themed Phishing Attacks Continue to Rise


New data by researchers has demonstrated that cybercriminals are preying on people's concerns regarding the COVID-19 pandemic and carrying out sophisticated phishing, malware and email attacks. The sudden upsurge in the related attacks imply that attackers were quick to adapt to the new global health crisis environment and exploit it in their favor.

As per Barracuda Networks, an American IT security company, the number of email attacks associated with the new Coronavirus has seen a steady surge since January, the type of attack has recorded a 667% spike by the end of February. As per the data, January recorded a total of 137 attacks only, while in the month of February the number spiked to a whopping 1,188 and between March 1st to 23rd, there were as many as 9,116 email attacks in the regard.

Another notable kind of attack is the one where victims are receiving malicious emails with the promises of offering financial relief during the COVID-19 pandemic, researchers warned. Users are being tricked into believing that they will be receiving payments from global institutions, businesses and governments working with a common objective of providing economic aid to common people during the ongoing pandemic, as soon as the user clicks on the links or proceed to download files, the attacker gets illicit access to his credentials, card data, and other sensitive information.

One such campaign is found to be specifically attacking U.S. healthcare, IT sector and higher-education organizations, the emails sent in relation to this campaign contain a message titled "General Payroll!"

"The Trump administration is considering sending most American adults a check for $1,000 as part of the efforts to stimulate the economy and help workers whose jobs have been disrupted by business closures because of the pandemic,” it says.

“All staff/faculty & employee include students are expected to verify their email account for new payroll directory and adjustment for the month of March benefit payment.” The message further reads.

Users receiving the email are asked to access a malicious link that will direct them to a phishing page in order to verify their email account, they will be required to enter their usernames, email addresses, and passwords linked with their employee benefits. By doing so, the user will provide his personal data to the page controlled by the attackers.

“The ongoing shift to coronavirus-themed messages and campaigns is truly social engineering at scale, and these recent payment-related lures underscore that threat actors are paying attention to new developments,” researchers told.

Hackers switched from direct theft of money to gaining control over the infrastructure of companies


According to the report by Rostelecom Solar JSOC, hackers changed the focus of attacks, switching from direct theft of money to gaining control over the infrastructure of companies. Experts explain this trend by the fact that the average level of security of banks has increased significantly, which forces hackers to look for more vulnerable targets. Moreover, the demand for industrial espionage has increased on the black market. However, experts said that the activity of such hacker groups began to decrease against the background of the pandemic.

According to the report, by the end of 2019, the number of attacks aimed at gaining control over the infrastructure of companies and organizations has increased by 40%, while attacks for the purpose of stealing money have become 15% less frequent.

A long and unnoticeable presence in the organization's infrastructure allows attackers to investigate its internal processes in detail, gain deeper access to IT systems and control over them, says Vladimir Drukov, Director of Solar JSOC. He notes that hackers monetize this information by selling it on the black market, blackmailing the victim organization, or engaging in competitive intelligence.

In addition, in recent years, attacks are increasingly targeted at industrial and energy facilities, as well as government agencies whose control over infrastructure is critical for the country.

Kaspersky Lab confirmed that the number of attacks on corporate infrastructure is increasing. According to antivirus expert Denis Legezo, about 200 groups engaged in cyber espionage are currently being observed. However, the expert notes that during the coronavirus pandemic, a decline in their activity is noticeable.

Head of Analytics and Special Projects at InfoWatch Group of Companies Andrei Arsentyev noted that hackers are usually engaged in industrial espionage by order, including “hunting for various know-how, business development plans, pricing schedules”.

Attackers can monetize attacks not only through theft of funds but also by selling already configured connections to the victim’s local network to other criminals, says Evgeny Gnedin, head of Positive Technologies information security analytics department. Such a model of “access as a service” is gaining momentum today, which explains the increase in the number of such attacks.

Security Experts say number of network nodes in the Russian Federation accessible via RDP


Positive Technologies experts said that the number of network nodes in the Russian Federation accessible via the Remote Desktop Protocol (RDP) for three weeks (since the end of February 2020) increased by 9% and reached over 112,000.

It is enough for hackers to send a special RDP request to vulnerable Remote Desktop Services (RDS) to attack. Authentication is not required. If successful, an attacker can install and delete programs on a compromised system, create accounts with the highest level of access, and read and edit confidential information. The vulnerabilities affect Windows 7, Windows Server 2008, and Windows Server 2008 R2 operating systems.

According to Alexey Novikov, director of Positive Technologies security expert center, attacks on the network perimeter of domestic companies have begun to grow. Hackers are trying to get access over servers and get into the local network. This boom is caused by the transfer of employees to remote work.

For a secure remote connection, employees need to use a special gateway. For RDP connections needs a RDG, for VPN requires a VPN Gateway. Experts do not recommend connecting directly to the workplace.

Experts warn that opening access to individual subnets to all VPN users at once significantly reduces the security of the organization and not only gives broad opportunities to an external attacker but also increases the risk of an insider attack. Therefore, IT professionals need to maintain network segmentation and allocate the required number of VPN pools.

Positive Technologies experts emphasize the threat of remote access channels to business-critical networks and systems, for example, production and energy technology networks, ATM management networks or card processing in banks.

In addition, Positive Technologies recommends paying attention to a critical vulnerability (CVE-2019-19781) in Citrix software that is used in corporate networks. The vulnerability in PHP 7 (CVE-2019-11043), which, according to Positive Technologies, was included in the list of the most dangerous by the end of 2019, should be eliminated.

Russian Defence Minister says Pro-Western Activists Trying to Infiltrate Military Facilities using Media Laws as a cover


Defense Minister Sergei Shoigu, speaking in the Federation Council, announced opposition attempts to penetrate Russian military facilities.

The head of the military Department recalled that Western countries regularly make high-profile accusations against Moscow, such as interference in American elections, hacking attacks, and concealment of military losses.

"In our country, they are supported by a Pro-Western opposition division regularly trained abroad. Using media laws as a cover, its activists are trying to infiltrate military facilities and are monitoring relatives and witnesses. They go to hospitals where our wounded are lying, to cemeteries, to commemorations, to the families of our dead children. They take photos of the entrances and exits from our secret objects and put them on the Internet. You can imagine what responsibility they would be brought to in Western countries," said the head of the military Department.

In this regard, Shoigu called on senators to regulate Russian legislation in this area.
The head of the defense department also told the Federation Council about the increase in the number of cyberattacks against the Russian army.

"The information space today has become another theater of war. Over the past three years, the information infrastructure of the Armed Forces has been attacked by more than 25 thousand high-tech computer attacks from abroad. At the same time, their number increases annually by an average of 12%. We are ready for this fight. Of course, I wanted the hackers to have a little less domestic helpers,” said Shoigu.

According to him, the Ministry of Defense has a reliable system for protecting information resources, and all attacks are neutralized.

A number of countries have previously accused Russia of hacking attacks. Thus, Georgia accused the Russian military of planning and conducting a cyberattack, as a result of which sites and servers of several government bodies, courts, the media, and private companies were damaged. Also, the head of the Ministry of Defense of Ukraine Andrei Zagorodniuk said that the country is daily faced with cyberattacks that come from Russia.

At the same time, since 2016, the United States has been discussing the topic of possible Russian interference in the presidential election, as a result of which Donald Trump became the head of state.

Rostelecom detected more than a hundred thousand cyberattacks in the North-Western Federal district of Russia


In 2019, the Rostelecom Solar JSOC Monitoring and Response Center for Cyberthreats detected and repelled over 1.1 million external attacks on organizations' information resources. At the same time, as always, more than 430 thousand cyberattacks were detected in Moscow. More than 128 thousand cyberattacks were recorded over the year in the North-Western Federal district.

The most common tool of hackers was the use of vulnerabilities in web applications (web portals, email, Internet banks, personal accounts). At the same time, according to Solar JSOC experts, it's easy to hack every third application and gain access to the organization’s server. The number of such attacks increased by 13% in 2019.

"Such dynamics can be associated with the active development of corporate Internet resources, not only in traditional industries (banks, retail), but also in the fuel and energy sector, and the public sector. At the same time, most of these resources have critical vulnerabilities that allow hackers to get privileged access to the organization's resources," explained Vladimir Dryukov, director of the

Rostelecom Solar JSOC Monitoring and Response Center.
Also, in 28% of cases, cybercriminals used the introduction of malware (viruses, Trojans, spyware, etc.) into the information infrastructure of organizations in the region. Across the country, the number of such attacks increased by 11% in 2019. At the same time, hackers are constantly improving their tools, making malware less visible to security tools.

The method of selecting and compromising credentials (logins and passwords) from the Internet resources of organizations was in third place.

According to experts, among other types of cyberattacks, there are attempts to compromise logins and passwords of system administrators, DDoS, and exploitation of known vulnerabilities that were not timely eliminated by information security services of organizations.

The Federal Security Service (FSB) of the Russian Federation purchased equipment for hacking smart devices - Hacker group Digital Revolution


Hacker group Digital Revolution published documents according to which the FSB ordered the creation of the Fronton program for organizing cyberattacks using the Internet of things devices.

According to the technical documentation published by hackers, there are three versions of the program — Fronton, Fronton-3D and Fronton-18. They allow infecting smart devices (from digital assistants to smart homes), integrate them into a network and “crash” the servers responsible for the stability of large Internet services and the Internet in entire countries.

It's interesting to note that the Moscow company 0day (LLC 0DT) could have participated in the development of the programs. Previously, the company also carried out orders of the Ministry of Internal Affairs.

According to the published documents, the Internet of things is "less secure, unlike mobile devices and servers." This is due to the fact that many users use smart devices instantly, without changing factory usernames and passwords.

FSB contractors cite the experience of Mirai, the largest network of infected IoT devices, which had 600,000 bots. In 2016, it disabled the DNS servers of the American company Dyn, which made PayPal, Twitter, Netflix and about 70 other services unavailable for some time. At the same time, the organizers of the attack did not use computers, but printers, children's monitors and IoT routers.
Hackers noted that Fronton can be used for "spying on the whole world". The BBC suggests that, most likely, the main targets of cyberattacks may be digital cameras.

The documents note that 95% of the botnet should consist of IP cameras and digital video recorders. Search server must find targets for hacking, which can be connected via a virtual private network or the Tor browser. Documentation also emphasizes that "the use of the Russian language and the connected Cyrillic alphabet is excluded". It is suggested to hack devices using a dictionary of typical passwords from the Internet of things devices.

In December 2018, Digital Revolution said that it hacked the server of the Kvant Scientific Research Institute, owned by the FSB, and found documents on the system of automatic monitoring of social networks for protest moods. In the summer of 2019, hackers said that they broke into the servers of the Moscow IT company Sitek, which carried out projects for Russian special services and agencies.

ESET: hackers used the Adobe brand to attack government websites


IT specialists of the Slovak company ESET warn of a new series of attacks committed by the Turla cyber-spy group, which are aimed at websites of government agencies in the world.

"ESET, a leader in information security, has discovered a new activity of the Turla group, which is aimed at government websites. This time, cybercriminals are using social engineering techniques, using a fake Adobe Flash update as a decoy to download malicious software," said the website.

According to the report, as a result of such attacks, at least four websites, two of which belong to the government of Armenia, were infected. At the same time, these web portals have been infected at least since the beginning of 2019. ESET specialists warned the national unit of CERT of Armenia. Thus, the researchers concluded that the main target of cybercriminals is officials and politicians.

During the recorded cyberattacks, hackers infect the selected site with malicious software, which is subsequently transmitted to the devices of users of the resource. After the initial infection, Turla operators get full access to the victims' devices.

ESET specialists were not able to determine what the hackers did on infected devices, but they usually try to steal confidential documents.

According to ESET, during the latest attacks, the cybercriminals of the Turla group used a completely new backdoor called PyFlash. According to ESET experts, the authors of Turla used Python for the first time in this malicious software. The command server sends commands to the backdoor to download files, execute Windows commands, and launch and remove malicious software.

The company added that the group of cybercriminals Turla is active in most of the world, but mainly its activities are aimed at countries in Eastern Europe and East Asia. Its main goals are government and military organizations. A group of cyber spies has been working for more than ten years.

Check Point: coronavirus has become a tool for hacker attacks on users and businesses


According to Check Point Threat Intelligence, more than 4,000 coronavirus-related domains have been registered worldwide since January 2020. 3% of these sites have already been identified as malicious, and another 5% as suspicious.

According to experts, hackers send spam with a link to a malicious site on behalf of trusted organizations to encourage a potential victim to click on it. When you click the link, malware is automatically installed on the user's device.

So, Check Point discovered a phishing attack allegedly on behalf of the World Health Organization (WHO), which spread in Italy. Experts noted that 10% of organizations in Italy were subjected to this attack.

Moreover, a website registered in Russia in February 2020 was discovered. The attackers offered to buy "the best and fastest test for detecting coronavirus at a fantastic price — 19,000 rubles ($264)".
In addition, a large spam campaign was recorded in Japan. There, attackers send spam on behalf of the Japanese Society for the rehabilitation of disabled persons (JSRD). Emails report the spread of the coronavirus in several cities in Japan, prompting the recipient to open the document.
If the user is interested and opens the attachment, the Emotet Trojan will be downloaded to their computer.

According to experts, as the spread of the coronavirus continues, scammers will continue to use the coronavirus theme to carry out attacks on users and businesses.

Any events that cause mass discussion or are popular, especially negative ones, are an occasion for fraudsters to realize their plans, said Alexey Dankov, head of the information security Department at Cross Technologies. In this case, they use the news as an excuse to get data, and people who are panicked lose their vigilance and, as a result, trust scammers.

"A virus that has become a pandemic is a great reason for cybercriminals to get the desired information on accounts and personal information," added Mr. Dankov.

Russia has responded to Canada's accusations of cyberattacks on Georgian websites


The international community, following Georgia, the UK and the US, continues to publish statements condemning the cyberattack allegedly committed by Russia on the websites of Georgian government agencies, non-governmental organizations and the media. The relevant statements are published in Georgian by the Georgian Foreign Ministry.

Foreign Ministry of Australia, the Ministry of Foreign Affairs of Ukraine, and the foreign ministries of Canada, the Netherlands, Romania, and Montenegro condemned the actions of the Russian GRU. And the Icelandic Foreign Minister on his behalf published a short statement on Twitter.
The Ministry of Foreign Affairs of Ukraine not only condemns Russia but also calls on the international community to "bring to justice those who deliberately organize and carry out cyberattacks".

The authors of all statements regard the report of a cyberattack on Georgian websites as a "violation by Russia of the sovereignty and territorial integrity of Georgia and disrespect for the norms and principles of international law".

However, the Russian Embassy in Canada on Twitter stated that Russia is not involved in cyberattacks on Georgian government websites.

"Another fragment of Russophobic lies and fakes," the Russian mission responded to the accusations from Canada. The diplomats called the Canadian policy towards Russia extremely deplorable and reprehensible, and stressed that it further worsens the weakened relations between the two countries.
Prior to this, the accusations of cyberattacks on Georgia were denied by the Deputy head of the

Russian Foreign Ministry, Andrey Rudenko. According to him, Russia did not intend and is not going to interfere in the internal affairs of the neighboring country.

Recall, on February 20, US Secretary of State Michael Pompeo accused Russia of attacking Georgia. They allegedly occurred in October 2019. According to him, because of this, the work of the country's government, several private websites and two major television stations was disrupted. Representatives of the Georgian government made the same statements. The cyberattack was allegedly indicated by the results of the investigation, which Tbilisi conducted "together with other partners."

Russian banks and energy companies have undergone a new wave of cyberattacks


A new wave of cyberattacks targeting banks and energy companies has been recorded in Russia. Employees of these organizations receive numerous phishing emails with infected links, clicking on which is fraught with data theft from the computer.

It is reported that the malicious message contains an office document. The victim clicks on it and gets to the text hosting Pastebin, which downloads images from the Imgur service, which in turn contains malicious code. Thanks to it, attackers can steal secret files, withdraw funds, or install spyware on a user's computer.

"Since the chain consists of four stages, the protection tools that companies use cannot detect it, they are designed for shorter activity of malware," explained Igor Zalevsky, head of the center for the investigation of cyber incidents of JSOC CERT Rostelecom-Solar.

The company said that about 60% of phishing emails were received by employees of the energy sector, but 80% of all attacks turned out to be aimed at banks.
Zalevsky added that the attack is similar to the activity of the hacker group Silence, which just specializes in credit organizations. It is possible that the group decided to expand the scope of its activities or it's completely different hackers copying the behavior of Silence.

Group-IB confirmed that the attack recorded by Rostelecom-Solar was previously carried out in the banking sector.

Information security experts said that in 2020, energy companies will become the “main targets” for cybercriminals.

Andrey Arsentyev, head of Analytics and special projects at InfoWatch group, agrees with this assessment, he called the energy sector one of the "most attacked" in recent years. According to Denis Kuvshinov, a leading specialist of the PT Expert Security Center Positive Technologies cyber threat research group, the main goal of cybercriminals targeting the energy sector is industrial espionage, as well as the impact on critical infrastructure.

Sophisticated Hackers Infiltrate Dozens of U.N. Servers


An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says many servers were undermined including at the U.N. human rights office, which gathers rather sensitive information all year round.

 According to a U.N. official, the hack seemed very "sophisticated" and the degree of the damage stays vague, particularly regarding personal, secret or compromising information that may have been 'stolen'.

The official, who talked openly about the scene, basically on the condition of appearing anonymous, said frameworks have since been strengthened. “It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward. There’s not even a trace of a clean-up,” says the authority said.

Jake Williams, CEO of the cybersecurity firm Rendition Infosec and a former U.S. government hacker says, “The intrusion definitely looks like espionage,” referring to the incident which occurred just the previous year where the 'sophisticated hackers' had invaded U.N. offices in Geneva and Vienna in an apparent espionage operation, and their identity and the degree of the information they acquired is obscure.

 “The attackers have a goal in mind and are deploying malware to machines that they believe serve some purpose for them and any number of intelligence agencies from around the globe are likely interested in infiltrating the U.N,” Williams added further.

U.N. representative Stephane Dujarric said the attack “resulted in a compromise of core infrastructure components” and was “determined to be serious.” The 'earliest' activity was identified with the intrusion that happened in July and it was detected in August, he said in light of emailed questions.

He said the world body needs more data to figure out who may have been behind the incursion; however included "the methods and tools used in the attack indicate a high level of resource, capability, and determination."

The report says that the hackers exploited a flaw in Microsoft's SharePoint software to penetrate the systems however that the type of malware utilized was unknown, nor had professionals recognized the command and control servers on the web used to exfiltrate data.

Nor was it comprehended what component and mechanism were utilized by the hackers to keep up their presence on the invaded systems. The inner document from the U.N. Office of Information and Technology said 42 servers were "compromised" and another 25 were regarded "suspicious," about all at the sprawling Geneva and Vienna offices.

Three of the "compromised" servers are believed to belong to the Human Rights office, which is situated across town from the primary U.N. office in Geneva, and two were utilized by the U.N. Economic Commission for Europe.

Nonetheless, this hack comes in the midst of rising concerns about computer or cell phone vulnerabilities, both for huge associations like governments and the U.N. just as for individuals and businesses.

Malware Attack! Oregon County's Network Smashed By a Ransomware?


Per local news and reports, allegedly, a cyber-attack shook the Tillamook County of Oregon, USA when it rendered the local government’s services ineffective.

Apparently owing it to the cyber-attack, the county officials are back to basics with all their daily tasks and are working about the crisis.

When the computers in the various departments of the county started misbehaving, that’s when the officials grasped the severity of the situation and immediately warned the IT department.

That is when the IT department comprehended that the systems had been infected with encrypting malware. To contain the infection, all the affected servers and devices were instantly isolated.

There is no sincere evidence to show if the malware was used for a ransomware attack but it sure is being conjectured on the affirmative. Per sources, no request for a ransom has been posted so far.

Allegedly, the Oregon city was recently struck by a cyber-attack of the same nature about a week ago.

The damage is of such a severe type that along with infecting all of the county’s computers and servers it has seriously harmed both the online and offline phone systems given the “VoIP” (Voice over Internet Protocol) that they employ.

Per sources, to rummage the details of the cyber-attack including the source, type, and magnitude of the attack, the county especially engaged a “digital forensic” team from a well-known cyber-security organization.

There is no doubting the fact that the Oregon county systems have been shut by the attack indefinitely and there is no knowing when they’d be back on operations.

With quite a substantial population to be hit by a cyber-attack of such severity, Oregon County has never before experienced a similar attack. Hence they can’t exactly mention their modus operandi to their plan of mitigation.

Sources mention that the county officials have decided to subcontract a few response operations to counter the attack and its repercussions.

The cyber-crisis management team happens to be the best at what they do and are efficiently working towards containing and mending the damages done by the malware.