Search This Blog

Showing posts with label cyber attack. Show all posts

Canadian IoT Solutions Provider, Sierra Wireless Hit by a Ransomware Attack


Sierra Wireless, a Canadian IoT solutions provider said that it has reopened its manufacturing site's production after the company suffered a ransomware attack that breached its internal infrastructure and official website on March 20. When the company came to know about the attack, it called one of the world's best cybersecurity firms "KPMG," to help Sierra Wireless in the investigation and inquiry of the incident.

According to Sierra Wireless, "security is a top priority, and Sierra Wireless is committed to taking all appropriate measures to ensure the highest integrity of all of our systems. As the investigation continues, Sierra Wireless commits to communicating directly to any impacted customers or partners, whom we thank for their patience as we work through this situation." 

Currently, the staff at Sierra Wireless is working on re-installing the company's internal infrastructure, after the corporate website was brought back online. Besides this, the Canadian MNC said that ransomware attacks couldn't breach services and customer-oriented products as the internal systems that were attacked were separated. The company believes that the scope of the attack was limited to Sierra Wireless' corporate website and internal systems, it is confident that the connectivity services and products weren't affected, and the breach couldn't penetrate the systems during the incident. 

As of now, the company isn't expected to issue any firmware or software security updates or product security patches, which are generally required after the ransomware attack. The company hasn't disclosed the ransomware operator behind the attack, it has also not specified what data was stolen from the incident before the encryption could happen. 

The attack happened in March, after that the company took back its Q1 guidance. A company spokesperson said that Sierra wireless won't reveal any further information regarding the attack as per the company protocol, because the data involved is highly confidential and sensitive. Bleeping Computer reports, "Siera Wireless' products (including wireless modems, routers, and gateways) sold directly to OEMs are being used in IoT devices and other electronic devices such as smartphones, and an extensive array of industries." Stay updated for more news.

Top Dairy Group Lactalis Suffers Cyberattack, Company Confirms No Data Breach

Lactalis, the world's one of the best dairy groups disclosed that it was recently hit by cyberattacks after hackers breached its company's systems. Short for Lactalis group, the company has around 85,000 employees working throughout 81 countries, with dairy exports to more than 100 countries across the globe. 

Lactalis group also owns few top global brands which include Galbani, Lactel, Parmalat, Santal, and Président.  In a press release issued last Friday, the company said that merely a few computers in the network were affected in the attack. Lactalis had identified malicious access in its computer network, upon finding the intrusion, the company immediately contained the attack and informed the investigative agencies later. 

Further investigations revealed that a third party tried breaking into the company networks.  Luckily, there was no data breach, says Lactalis after an ongoing investigation that confirmed the incident. The press release reads, "The Lactalis Group has detected an intrusion on part of its computer network. We immediately took steps to contain this attack and have notified the competent authorities. The results of our investigations establish that a malicious third party is seeking to break into our servers.  For the sake of transparency, we are making public this information. Our IT teams are fully mobilized and supported by experts recognized in cybersecurity. Our investigation with them revealed no data breach at this point." 

The company has currently taken down its IT systems across all the company websites that were affected by the attack. The company further adds, "Lactalis teams are working to protect the interests of our customers, our partners, and our employees. This is why we have restricted, at our initiative to as a preventive measure, our access to the public internet network." As of now, Lactalis says that it didn't suffer any data breach during the attack, however, in most cases, threat actors usually steal personal information and data when spreading throughout a breached network. Attacks like these often lead to extortion and threat actors may expose information on data leak sites if the party fails to pay the ransom.

Data Analytics Agency Polecat Held To Ransom After Server Exposed 30TB Of Records

 


On October 29, 2020, the Wizcase CyberResearch Team which was lead by Ata Hakcil has discovered that the server ‘Elasticsearch’ which is being owned by Polecat company, displayed about 30TB of record data on the website without any authentication required to access the records or any other form of encryption in place. 

A UK-based data agency ‘Polecat’ that provides “a combination of advanced data analytics and human expertise, [to help] the world’s largest organizations achieve reputation, risk, and ESG (environmental, social, and governance) management success” its official website reads. 

Researchers team had found records dating back to 2007 containing important information including employees’ usernames and passwords, social media records, around 6.5 billion tweets, and around one billion posts that generated from independent websites and blogs. 

Polecat’s cyber research team ‘Chase Williams’ has reported its discovery in a blog post which has been published on First March of 2021. 

The public information collected by the Polecat organization is gleaned on a foundation of daily happening events including subjects such as Covid-19, politicians, firearms, racism, and healthcare. Polecat was warned by the Wizcase research team about the data ransom on October 30 and the first of November 2020. Nevertheless, it just takes some seconds for an open unsecured server or bucket to be traced and exploited by malicious actors – and this took place a day after the researcher’s findings. 

“On October 30, a Meow attack was launched against the database. Meow attacks replace database indexes with the suffix ‘gg-meow’, leading to the destruction of swathes of data” Wizcase said. 

Additionally, it added “approximately half of the firm’s records were wiped, and then in a second wave a further few terabytes of information were deleted. At this point, roughly 4TB remained in the server. Most of these records were then destroyed and a ransom note was spotted by the researchers that demanded 0.04 Bitcoin (BTC) – roughly $550 at the time – in return for the files’ recovery”. 

Wizcase research team has warned against these types of scams by saying that it is very essential to note that these types of cyberattacks are usually automated and sent to many unprotected open databases.

Plex Media Servers Actively Abused To Amplify DDoS Attacks

Research workers with NetScout's Atlas Security Engineering and Response Team have warned against the threat actors campaign, they said that attackers are exploiting server systems of the Plex Media app to amplify various DDoS (Distributed Denial of Service) attacks. 

Plex Media Server provides a streaming system that runs on a variety of platforms, including Windows, Linux, macOS, and FreeBSD, as well as network-attached storage (NAS) hardware devices, RAID units, and digital media players, Docker containers, and more features such as users share video and other media with other devices. 

As of now, network monitoring firm Netscout believes that about 27,000 Plex Media servers are at the risk of the DDoS dilate attacks, reported in an alert report published on Wednesday which has been released this week. 

As part of Plex normal activities, system scans local networks with the help of G'Day Mate (GDM), this activity allows Plex device to find out other supported media devices and streaming users. Additionally, the system also uses SSDP (Simple Service Discovery Protocol) which helps in tracking down Universal Plug and Play (UPnP). 

Netscout stated that DDoS attacks are being observed since November 2020, exploiting UDP/32414 SSDP HTTP/U. Amplification attack happens when cybercriminals send requests to the server system in small numbers, and if the server responds back with numerous responses. The threat actors also can mock the source IP address to display as the victim, resulting in traffic that deluges victim resources and cause a crash. 

"We’ve seen its use as far back as November when activity ramped up, but most of the time, we see its use is in multi-vector attacks rather than as a primary vector, which can result in some uncertainty in finding an exact day it began to be used," Richard Hummel, Manager of Threat Intelligence at Netscout said in an email interview when asked if the first time PMSSDP was observed as a DDoS attack amplification vector. 

"The total number of attacks from Jan 1, 2020, to present day, clocked in at approximately 5,700 (compared to the more than 11 million attacks in total we saw during the same time frame)," Richard Hummel added.

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months

 

Spotify, which has become a very popular online streaming music platform, is suffering from a second cyber credential attack after just three months of its previous one. The platform has reset the passwords of its affected customers. 

Threat actors have gained access to more than 100,000 subscribers of music streaming services and are taking advantage of those who use the same security password on multiple online service platforms. They simply build automated scripts that will systematically steal IDs and security passwords of many online accounts. 

Hackers have successfully managed to get access to various popular companies’ customers’ credentials, including big names like 'Donuts (it has been attacked twice in three months), The North Face, Dunkin, the popular chicken-dinner chain Nando And FC Barcelona's official Twitter account which was hacked last year. 

It was back in November 2020, when malicious actors hacked the information of thousands of Spotify subscribers, prompting the streaming music service to issue a password-reset notice. 

Researcher Bob Diachenko tweeted about the new Spotify attack on Thursday, “I have uncovered a malicious #Spotify logger database, with 100K+ account details (leaked elsewhere online) being misused and compromised as part of a credential stuffing attack.” 

Additionally, he has also uploaded a Spotify statement on the attack confirming the incident. 

“We recently protected some of our users against [a credential-stuffing attack], once we became aware of the situation, we issued password resets to all impacted users, which rendered the public credentials invalid,” the notice read. 

The organization has also stated that the hacks were carried out using an ill-gotten set of data: “We worked to have the fraudulent database taken down by the ISP hosting it,” the company added. 

This attack is very similar to the previous one, wherein the logged-in data also appeared in a public elasticsearch example. 

“There are similarities but this one looks different, like coming from a rival group. I suppose that login pairs came from previously reported breaches or collections of data, so they just re-use them against Spotify accounts to become part of this automated process,” Diachenko tweeted. 

“Originally this data was exposed inside a misconfigured (thus publicly reachable) Elasticsearch cluster – most likely operated by the malicious actors themselves,” he added. “It contained entire logs of their operations, plus email/password pairs they used [for the attack].”

Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords

 

The community of British Mensa, which is popularly known for its people with high IQs, they have failed to secure the passwords on their website properly and it has resulted in a massive heck of their sensitive credentials including their member’s personal data. 

According to the former director and technology officer at British Mensa, Eugene Hopkinson has made a statement that the organization had failed to secure the data of its 18,000 members accurately, the report reads in the FT. 

Hopkinson claimed, “that the stored passwords of Mensa members were not hashed, potentially allowing hackers to unscramble them”. The unprecedented security attack has become all the more serious this week when the people of the community acknowledged it had been the victim of a cyber attack. Currently, the Mensa website is unavailable and a message is displaying on the website which notifies that “site under maintenance”. 

In an emergency directors’ meeting, a Mensa member told the FT that “it was confirmed that the Mensa site had been hacked this morning, using the credentials of one of the organization’s directors. It was also confirmed that there were lots of Mensa members’ passwords stored in plain text. The society had sent him his password in plain text within the past year”. It has also been observed that several stashes of Mensa personal credentials have been posted onto the Pastebin website, whilst some data have been removed from the website. 

Hopkinson told the FT that “the Mensa website held lots of sensitive information on its members, including payment details, instant messaging conversations, and IQ scores of both current members and failed applicants. “If a breach is found to have taken place, I have no faith that the [Mensa] board and office will report it adequately... or take sufficient mitigating action to prevent further harm,” Hopkinson has written this in an open letter announcing his resignation. A fellow board member resigned in protest at the same issue. Meanwhile, a spokesperson for Mensa told the FT that “the data such as members’ passwords had been encrypted and that the organization was in the process of hashing passwords,”

Additionally, “the spokesperson has denied that passwords were ever sent out in plain text and that it had handed details of the cyberattack to Britain’s Information Commissioner with a view to pursuing a criminal investigation”. Mensa is a non-profit organization, which is only open to those people who score high marks in standardized IQ test such as in the 98th percentile

Cyber Attackers Targets the Montreal Car-Sharing Service Communauto

 

Threat actors targeted the Montreal-based car-sharing service Communauto but they were unable to get their hands on the sensitive information regarding client’s credit card information and passwords. However, hackers were fortunate to get their hands on the client name, street addresses, and email addresses.

Headquartered in Montreal, Quebec, and Canada, Communauto was founded in 1994 by Benoit Robert. Claire Morissette, a renowned environmentalist and cycling advocate played a massive role in the progression of the company starting from 1995. Communauto provides service to 40,000 users approximately and the company operates in fourteen Canadian cities, also providing service in Paris and France. 

Communauto operates in partnership under the name of VRTUCAR in seven cities which includes Hamilton, London, Kingston, Waterloo, Guelph, Toronto, and Ottawa and it operates as Communauto in Quebec City, Montreal, Sherbrook, and Gatineau.

Communauto CEO Benoit Robert explained in a statement that the company is facing difficulties in managing the accounts payable and invoicing because the threat actors successfully managed to put our many activities on hold. To deal with the breach, the company has hired an IT security firm.

Furthermore, the company assured its subscribers regarding the data accessed by the threat actors has been destroyed.

NSA Issued Warning Against Russian State-Sponsored Attackers for Exploiting VMware Access

An advisory warning has been issued by the United States National Security Agency (NSA) on 7th December that Russian malicious actors are posing a big threat to VMware by installing malware on corporate systems and accessing protected data. 
The attack came two weeks after the virtualization software company publicly disclosed vulnerabilities. According to the company malicious actor (s) is accessing —VMware workspace one, Connector, Identity Manager, and Identity Manager Connector products for Windows and Linux. However, the identities of malicious actors and when all of this started have not been disclosed. 

What is VMware? 

VMware is an American Software Company that provides cloud computing and virtualization software and services. VMware was one of the commercially successful companies to virtualize the x86 architecture.

Its desktop software runs on Microsoft Windows, Linux, and macOS, while its enterprise software hypervisor for servers, VMware ESXi, is a bare-metal hypervisor that runs directly on server hardware without requiring an additional underlying operating system. 

When The Threat Surfaced? 

It was about in late November when Vmware had addressed the attacking threat and pushed temporary workarounds to dig deeper into the issue. However, the ‘escalation-of-privileges ‘bug resolution had to wait till the 3rd of December 2020 to get resolved. 

The same day witnessed the United States Cybersecurity and Infrastructure Security Agency (CISA) releasing a brief bulletin to encourage administrators to review, apply, and patch as soon as possible.

Meanwhile, as per the National Security Advisor, VMware didn’t clearly disclose that the bug was being actively exploited by the attackers, which led to adversaries leveraging the vulnerability for launching attacks to steal data and exploit shared authentication systems. 

''The misuse via shell injection led to the installation of a web shell and follow up malicious activity where Security Assertion Markup Language (SAML) in the form of authentication assertions generated and sent to Microsoft Active Directory Federation Services, which allow actors access to protected data," the agency said. 

What is SAML? 

Security Assertion Markup Language or SAML an Open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). 

Besides insisting on the organizations to update compromised systems to the latest version, the agency is also moving forward towards securing strong management. 

As of now, the threat hasn’t gone anywhere; the US National Security Advisory has advised the agencies to monitor all the systems, scan server logs for the presence of "exit statements" that indicate possible malicious activity. 

British Drug maker AstraZeneca Working to Deploy the Covid-19 Vaccine Targeted by Suspected North Korean Hackers

 


There is no denying the fact that cyberattacks against health bodies, vaccine scientists and drug makers have risen to an extreme length during the Coronavirus pandemic as state-backed and criminal hacking groups scramble to acquire the most recent research conducted as well as the data about the outbreak.

Yet another example has come across in the recent times, as a British drug maker company races to deploy its vaccine for the Corona virus and a couple of suspected North Korean hackers attempted to break into its systems. 

According to sources, the hacking endeavored to focus on a "broad set of people" including staff working on the COVID research.

The Reuters report that, by posing like recruiters on the networking site LinkedIn and WhatsApp the hackers approached the staff of AstraZeneca with fake job offers and later sent documents which appeared to be job descriptions that were bound with malevolent code intended to access a victim's computer. 

The source, who basically spoke on the condition of anonymity to examine non-public data, said the tools and the methods utilized in the attacks demonstrated that they were important for a continuous hacking campaign that US authorities and cybersecurity researchers have 'attributed' to North Korea. 

The campaign was previously been centered around defence companies and media organizations however pivoted to Coronavirus related targets as of late, as per three people who have investigated the attacks. 

Microsoft said for the current month alone it had observed two North Korean hacking groups target vaccine developers in multiple countries, including by "sending messages with fabricated job descriptions" Microsoft however didn't name any of the targeted organizations.

The North Korean mission to the United Nations in Geneva though didn't react to a request put forth for their comment. Pyongyang has likewise denied carrying out the previously mentioned cyberattacks.

It has no direct line of contact for foreign media. AstraZeneca, which has arisen as one of the top three Coronavirus antibody developers, also declined to comment. 

As North Korea has been accused consistently by the US prosecutors for a portion of the world's 'most audacious and damaging cyberattacks’, including the hack and leak of emails from Sony Pictures in 2014, the 2016 theft of $81 million from the Central Bank of Bangladesh, and releasing the Wannacry ransomware virus in 2017. 

Pyongyang has consequently portrayed the allegations against it as attempts by Washington to malign its image. 

Reuters however has recently reported that hackers from Iran, China and Russia likewise have attempted to break into leading drug makers and even the World Health Organization this year, yet Tehran, Beijing and Moscow have all denied the allegations.



Ransomware Attack Takes Down Massive Food-Supply Chain Providing Distribution of Temperature-Sensitive COVID-19 Vaccines

 

A company whose cold-storage capacities are extremely integral to the U.S. food-supply chain and the Coronavirus vaccine distribution affirmed an operation affecting cyberattack, as per a filing with the Securities and Exchange Commission (SEC). 

Americold is by far the largest cold-storage provider in the U.S. what's more, it operates 183 temperature-controlled warehouses globally, incorporating Argentina, Australia, Canada, and New Zealand; and just got hold of a similar company in Europe. 

For 'an idea of scale’, it holds the agreement for linking the ConAgra food-producing giant to supermarkets and customers. 

The attack appears all the earmarks of being a ransomware episode that began on Nov. 16 and even influenced the organization's phone systems, email, inventory management, and request satisfaction, as indicated by reports on Twitter. 

The filing with the SEC was brief and read that: “As a precautionary measure, the company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations… Security, in all its forms, remains a top priority at Americold, and the company will continue to seek to take all appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information.” 

The attack is probably going to be 'highly targeted' and 'very thought of', as per researchers. 

Chloé Messdaghi, Vice President of strategy at Point3 Security, said by means of email, “Human-operated ransomware attacks begin with trojans or other exploits against unsophisticated vectors. Once a way in is found, malware is planted and privileges are elevated. These attacks often exfiltrate data before encrypting files and the attacks are drawn out, with months of potential compromise adding to the potential harms that can result.” 

She added, “That’s why these types of attacks4 pose a greater threat than automated attacks such as WannaCry or NotPetya – they’re intentional and secretive.” 

Fundamentally, Americold has likewise been in conversion with providing storage and transport to the distribution of temperature-sensitive Coronavirus vaccines, as indicated by reports. 

Andrea Carcano, a fellow benefactor of Nozomi Networks, said through email, “The attack against Americold highlights a concerning trend of attackers targeting larger and more critical organizations, these threats should be a wake-up call for security professionals responsible for keeping not only IT, but operational technology (OT) and internet of things (IoT) networks safe. In the manufacturing business, time is money, so the disruption of IT services as well as manufacturing downtime and shipment delays, translates to lost revenue.”

The infamous Barnes & Noble breached by a Cyber Attack

 

Barnes & Noble, an American bookseller among the Fortune 100 company just confirmed that they have been breached by a cyberattack, and suspected customer data has been leaked.

The American book store with a million titles at a time for distribution, started it's an online e-reader and selling service in 2009 as "Nook", to keep up with the shift in literature trend from traditional books to digital e-books.

During the weekend, Nook's users went on outrage on social media as the e-reader suffered an outage. Customers were unable to access their library, their history an,d purchases gone, some faced connectivity issues and other technical problems. 

The outage spread to Barnes & Noble stores where cash registers were out of function. 

This lead to the speculation that the issue might not be glitch or server related but a Point-of-Sale (PoS) cyber attack or malware infection.

The organization was able to resolve the issue by Tuesday and Nook publically acknowledged the connectivity and server issue on Wednesday. 

They said that a "system failure" was at fault and the backhand engineers were working to "get all Nook services back to full operation."

"Unfortunately, it has taken longer than anticipated," Nook continued. "We sincerely apologize for this inconvenience and frustration."

Though, now Barnes & Noble has confirmed that the glitch was indeed due to a cyber attack.

In an email, the bookseller said that on October 10, "Barnes & Noble was the victim of intrusion, leading to unauthorized and unlawful access to certain Barnes & Noble corporate systems." 

 ZDNet reports that "Customer email addresses, billing and shipping addresses, telephone numbers, and transaction histories may have been exposed during the breach." 

 "We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility," the company added.

 The company assures that no financial data "encrypted or tokenized" was compromised. The bookstore firm did not escalate or reveal how many customers were impacted by the breach but they warned that the accessed emails might become subjected to phishing campaigns.

Russia A Suspect of Norwegian Parliament Cyber Attack?

 

In September, Norwegian authorities said that email accounts of a few authorities had been undermined during a cyber-attack, and some data had been downloaded. In any case, the full extent of the harm brought about by the hack was not yet not revealed. 

Now the nation outrightly blames Russia for this cyber-attack on the email system in the Norwegian parliament. 

Earlier this year in a report, Norway's military intelligence agency had already warned that Russia was attempting to cause more friction in the nation through purported influence operations, aimed toward debilitating public trust in the government, election process as well as the media. 

National legislatures are a 'key source’ of policy-related data, as are oftentimes targeted by hacking campaigns. In August, Norway ousted a Russian diplomat on suspicion of spying. Russia fought back similarly by removing a Norwegian diplomat just days later. 

Foreign Minister Ine Eriksen Soreide took it a serious occurrence influencing the nation's "most important democratic institution” “Based on the information available to the government it is our assessment that Russia stood behind this activity" she said without giving any evidence. Although Moscow rejected the claim, calling it a "serious and wilful provocation." 

Ms. Soreide of course said in a statement that Norway's security and intelligence services were "co-operating closely to deal with this matter at the national level." Because of it, Russia's embassy in Oslo hit back at the "unacceptable" declaration, saying no proof had been introduced. 

However, when we look at things from Norway’s perspective, it is very clear as to to to why they did what they did. The evidence of which lies in the past events that involved both the countries. 

One being when Norway had arrested a Russian national in 2018 who was said to have been suspected of gathering information on the country's parliamentary network. 

Although the individual was later released due to an of. Likewise, in January this year, the personal details of several German politicians, including Chancellor Angela Merkel, were stolen and published online. 

And just the previous year, Australia's cyber intelligence agency accused China after hackers had attempted to break into the Australian parliament, something which the Chinese authorities had denied.

Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack



The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. 

The test had been hit by a distributed denial of service (DDoS) attack, which includes a hacker or group endeavoring to bring down a server by overpowering it with traffic according to ExamSoft, one of the three vendors offering the exam that certifies potential attorneys. 

The incident marked the first DDoS attack the organization had encountered at a network level, ExamSoft said, and it worked with the Michigan Board of Law Examiners to give test-takers more time to take the test after it was ready for action once more. 

The company noted that "at no time" was any information compromised, and that it had the option to “thwart the attack, albeit with a minor delay” for test-takers. 

The Michigan Supreme Court tweeted preceding the organization's statement that a "technical glitch" had made the test go down, and those test takers were “emailed passwords and the test day will be extended to allow for the delay for some test takers to access the second module.” 

As per the court, those taking the test with provisions from the Americans with Disabilities Act were not affected by the episode.

 “All exam takers were successfully able to start and complete all modules of the Michigan Bar exam,” the organization wrote. 

“This was a sophisticated attack specifically aimed at the login process for the ExamSoft portal which corresponded with an exam session for the Michigan Bar,” ExamSoft said in a statement on Tuesday. 

United for Diploma Privilege, a national gathering of law students, graduates, professors, and lawyers pushing for the bar exam to be postponed during the COVID-19 pandemic, raised worries about data privacy issues associated with the cyberattack.  

Numerous states have opted to offer the bar exam in-person this month, while others will offer the test online in early October. 

A spokesperson for the National Conference of Bar Examiners (NCBE), which drafts a segment of the test, told 'The Hill' just earlier this month that states and jurisdiction could decide to offer the test through vendors such as ExamSoft, Extegrity and ILG Technologies.


Recent Twitter hacks raises security concerns and discredits the platform's credibility


The recent hack on Twitter leaves security researchers and others worried about the credibility of the platform, especially during the upcoming US presidential election and how a hack like this, if to be occurred during the elections, could be catastrophic.

Late Wednesday, a number of Twitter's verified accounts were hacked including former president Barack Obama, Democratic presidential candidate Joe Biden, Actress Kim Kardashian, Co-founder Microsoft Corporation Bill Gates, Amazon CEO Jeff Bezos, and Tesla founder Elon Musk. The hackers gained the login credentials of employees and hijacked these accounts. 

The company tweeted, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” And "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.” 

This raises the concern that the platform has been compromised and that the hack was not performed from the user end rather it was attacked from the server.

Adam Conner, vice president for technology policy at the Center for American Progress, tweeted, “This is bad on July 15 but would be infinitely worse on November 3rd.” Twitter is a critical platform of political discourse and discussion and often serve as a news source. And if something similar to this was to occur on or near to Nov 3 Presidential Elections to say important political persons like Donald Trump; it would be cataclysmic.

“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” said Michael Borohovski, Director at Synopsis.

These hacks have damaged Twitter's reputation especially since these are not the first attack on the platform but the worst one yet for sure. Dan Guido, CEO of security company Trail of Bits responded on the hack saying, “Twitter’s response to this hack was astonishing. It’s the middle of the day in San Francisco, and it takes them five hours to get a handle on the incident".

 The hijacked accounts tweeted to double the money sent to them via Bitcoin. By Wednesday evening 400 transfers were made and transactions worth $120,000 occurred.

Hackers "showed ethics" and did not attack medical services in Russia during the pandemic


During the pandemic, there were no hacker attacks on medical institutions in Russia, unlike in many countries of the world, Group-IB reported. The company believes that the hackers showed "rare ethics for our observation"

Many computer hackers during the coronavirus pandemic refused to attack the information system s of Russian medical institutions, said Ilya Sachkov, CEO of a cybersecurity company Group-IB.

According to Sachkov, attackers who launch DDoS attacks can have “professional ethics” - unlike those who create fraudulent resources for fraud. Group-IB noticed attacks on medical institutions in many countries of the world, but this did not happen in Russia: there weren’t even any announcements on hacker forums or attacks by ransomware, said Sachkov.

The head of Group-IB added that the company noticed "some rare ethics for our observation" from hackers. “As if taking into account what is happening, everyone understood that in Russia medical facilities are a matter of life or death for many people ... This, of course, is my guess, I did not communicate with hackers, but I noticed. In principle, this [attack on the hospital] would be super-moral,” added Sachkov.

In April, Group-IB reported that the pandemic had divided the hacker community: some tried to profit from people's panic, while others condemned it. Several users on hacker forums at the time urged others to stop using the coronavirus for harmful purposes. In the spring, fraudsters actively used the COVID-19 theme to trick money from the Russians. The Central Bank also noticed the problem.

In May, Group-IB said that fraudsters activated a theft scheme with online purchases and false courier services. Due to the fact that many people were self-isolated and began to actively use the services of couriers, the number of registrations of fake sites similar to the sites of real delivery services has increased several times.

Threats to U.S. Space Systems Multiply Rapidly; a Novel Approach Emerges For Protection



The increasing vulnerability of U.S. space systems lately has incited its rivals to begin with their development of mechanisms for disabling space assets as a method of 'hobbling the joint force' and subverting the economic performance of the nation.

The purpose of this progression is the dependence of America's military forces which are spread across the world for communications, navigation, reconnaissance, and weather forecasts and that the most critical infrastructure sectors in the U.S. economy depend on space frameworks for fundamental administrations.

As of late certain reports from intelligence agencies indicate that enemies have now started focusing not only on satellites, but also on the ground stations that control them, the links between the satellites and the stations, and the ability of the users to access certain services, like the Global Positioning System.

The reports depict various ways in which the U.S. space capabilities may be debased, from electronic jamming of signs to high-power lasers that visually impair sensors to physical attacks on control centers.

It is clearly evident that the dangers to the U.S. space system are increasing consistently, and cyber-attacks offer the broadest exhibit of alternatives to the greatest grouping of troublemakers. 

Against that background, just the previous month a national-security contractor ManTech, came up with a 'novel approach' to deal with protecting military, intelligent, and commercial space assets against cyber-attacks.

Dubbed as Space Range, and it permits users to 'replicate' space networks in a controlled environment with the goal that their vulnerability to cyber aggression can be evaluated. The $2 billion company headquartered in Northern Virginia, has been doing this kind of work for quite a while. It had created the defense department's first cyber test range in 2009, and three years ago even launched an Advanced Cyber Range Environment.

Space Range, which began on May 4, is unique in the sense that it permits profoundly talented cyber experts to attacks exact replicas of satellites, ground stations, uplinks/downlinks, and so forth in a hyper-realistic environment that is air-gapped from the outside world.

As a company press release puts it that gives players the “ability to find hidden vulnerabilities, misconfigurations and software bugs on precise network replications.” The entire framework depends on a software-defined infrastructure model that can be reconfigured in hours as opposed to weeks.

That good news when time and money of the users is concerned, however, the most significant feature of Space Range is that it offers engineers and operators a protected and legitimate setting where to practically investigate the 'hardening' of their overhead resources against cyber-attack.

Nevertheless, with space quickly turning into a field of extraordinary competition, there isn't a lot of uncertainty that the Pentagon's recently introduced Space Force will be 'robustly funded' going ahead.

ManTech's Space Range will in no time, probably transform into a significant tool in assisting the government and industry to figure out where training and hardening outlays should be concentrated.

Is a cyber pandemic looming over our heads?


The year 2020 is proving to be quite a hassle and the adversities don't seem to be slowing down. COVID-19 has already created atypical conditions of living with complete lock-downs and travel restrictions. We would like to think that after COVID-19, when the vaccine will come everything would return to normal and things would go back to the way they were. It's a comforting thought but quite far from the truth.


It seems that COVID like incidents would become the new normal, the world is not as invincible as we thought. The modern world is prone to disasters, pandemics, and environmental catastrophes. And the next mishap staring us in the face is a cyber pandemic. Security researchers have predicted that a “Cyber Pearl Harbor” or “Cyber 9/11” is inevitable. These assumptions disappeared with time due to lack of evidence but in the wake of COVID-19 doubts like these are resurfacing.

The Check Point CEO warns “that the new reality created by the coronavirus pandemic will cause threats in the cybersecurity field to rise, and that countries need to protect themselves against the coming ‘cyber pandemic.’ “What happened in the last three months pushed forward five, maybe even 10 years of technological evolution,” he says. “More services moved online; companies removed barriers. We allowed developers to work just from within the company physically, so we could keep our intellectual property.  In one day, we had to change all of that and allow people to access from home. This rapid change means hackers will find a way. The hackers can find a way to hack a personal computer of an employee and through them get into our Crown Jewels.”

Though the World Economic Forum gives a ray of sunshine saying that this corona pandemic has thought us how to fight off and prepare for the "inevitable global cyberattack". A good thing out of this pandemic is that it teaches us about cybersecurity and the measure of the impact a massive attack would have to better prepare ourselves for this sort of assault.

 The World Economic Forum states three lessons-
  •  Speed of the attack

They predict that a cyberattack would spread exponentially faster than any biological virus. The RO (reproductive rate ) of COVID-19 is two to three whereas the 2003 Slammer/Sapphire worm (fastest worm) doubled every 8.5 seconds.

  • The Economic Impact 

World Economic Forum says that the digital economic shutdown will put a similar dent, which may be greater to the economy as the one currently. The only way to prevent the spread of the digital virus would be to shut down systems and machines to break the chain and one day without internet would cost the World a loss of 1 billion dollars.

  •   Recovery 

The recovery would no doubt be challenging in both measures - to replace the infected devices and damage recovery.

But there are learning to be taken from COVID-19 that these sorts of attacks can happen and to be better prepared for them. Effective communication, coordination among private and public sectors, and a substitute for digital work will go a long way to battle the upcoming cyber pandemic.

Hackers attacked hospitals in the Czech Republic: Russia is suspected


According to the Lidové noviny newspaper, a foreign state may be behind the cyberattacks, and hacker groups from Russia may be involved.

"The organizer is a foreign country. It is beginning to become clear that Russia may be behind this. IP addresses lead there," a high-ranking officer who is part of the team of investigators told the newspaper. His words were confirmed by a member of the Czech Security Council.

Last week, hackers tried to hack into hospital networks in the Czech Republic. According to Health Minister Adam Vojtech, all attacks were repelled, "but other attacks may follow."

Attacks to the Czech Republic, caused during the pandemic, was mentioned in a speech last weekend by US Secretary Mike Pompeo. He warned that such attacks will not go unpunished.

"I highly appreciate the support of the United States and all its allies who are helping to ensure our country's cybersecurity. Cyberattacks on Czech medical institutions during the fight against the COVID-19 epidemic are similar to the behavior of hyenas. I hope our experts will soon find those who are interested in the defeat of the Czech Republic in the fight against infection,” said Czech Foreign Minister Tomas Petrsicek, in turn.

Meanwhile, the Ukrainian Embassy in the Czech Republic said that they condemn cyberattacks on Czech medical institutions, which is especially cynical during pandemics: "Ukraine, which has been facing Russia's war for six years, including the cyberwar, stands in solidarity with its Czech friends and will share its experience in fighting the aggressor."

The Russian Embassy on its Facebook page called the publications "fake news".

"In this regard, the Embassy of the Russian Federation in the Czech Republic would like to emphasize that parasitising the topic of the coronavirus epidemic ... goes beyond all possible moral and ethical limits."

Attackers Hacked the Digital Pass System of Moscow residents


Moscow's residents are warned about scammers who offer to issue digital passes for moving around the city on social networks

Recall that on last week Moscow Mayor Sergei Sobyanin and Moscow Region Governor Andrei Vorobyov signed a decree according to which special digital passes are introduced for trips in Moscow and the Moscow Region on personal and public transport. Quarantine residents of Moscow will need to receive a QR code on the City Hall website for each exit from their homes. QR codes can begin to be issued on Monday, April 13, 2020.

A bot appeared in Telegram that offers citizens to get a digital pass through the messenger. It asks for the phone number and personal data of the citizen, including passport. Also, hackers offer to issue a pass on social networks.

Moreover, Telegram channel 4chan posted information that while the QR code issuing system was in beta testing, unknown hackers managed to hack it.

"The program for generating QR codes for quarantine from the Moscow government has not yet left the beta test, but it has already been hacked and generated universal promotional codes that will allow you to go around Moscow unlimited," the channel authors write.

The author of the microblog @A_Kapustin in the social network Twitter managed to post several electronic passes. Some of them, according to the user, allows you to walk within a kilometer from home, and others give the owner the opportunity to freely walk around Moscow. Some QR codes are already blocked, according to the author, but new generations appear in the network.

At the same time, scammers became active in another segment. Russians began to receive SMS messages notifying them of violations of their self-isolation regime and demanding to pay a fine for these offenses.

Experts believe that the situation is complicated, because the Russians do not have time to follow the rules that the authorities of a particular region introduce, which means they are afraid to make something wrong. This is used by scammers, organizing entire schemes using SMS, social networks and messengers. The goal is to get access to data for emptying Bank cards.

The Russian Foreign Ministry has warned of the threat of cyber pandemic to humanity


Director of the Department of International Information Security of the Russian Foreign Ministry Andrei Krutskikh said on Tuesday during the online discussion “Information Security and the Digitalization Process: Between Development and Fears” that in addition to the coronavirus pandemic, humanity today is threatened by cyber pandemic provoked by the negative development of digital technologies, which could lead to military confrontation.

"We are dealing with two pandemics. One is a bio pandemic associated with the spread of coronavirus, people are dying, and now this is a priority topic. But in parallel with it, another global problem is also deepening, and it is probably human made - this is what I would call a cyber pandemic. Under cyberpandemic I understand the possibility of the involvement of humanity in cyber confrontation and even cyberwar," said Mr. Krutskikh.

He explained that the manifestations of cyberpandemic are hacking, cyberterrorism, cyber interference in private life and the development of states. "This is all a consequence of the development of negative trends in improving cyber technologies," added the diplomat.
"I also refer to the fact that a number of states proclaim doctrines of the right to launch preemptive cyberattacks even against a potential enemy when no one's guilt has yet been proven," added Mr. Krutskikh.

At the same time, he stressed that the forced transfer of many areas of life "to online" in the context of the coronavirus pandemic clearly shows the need to ensure international information security and develop common measures to combat cyber threats.

"We must develop not only a common language terminologically, not only a common understanding but also common security standards. We must not be late in finding solutions before the next cyber crisis,” warned Mr. Krutskikh.

On Tuesday, the Bank of Russia announced new fraudulent schemes to steal money from bank accounts using social engineering; criminals are actively using the theme of coronavirus infection.