Search This Blog

The First Ransomware Attack and the Ripples It Sent Forward In Time


What was once a simple piece of malware discovered just 20 years ago this month exhibited its capacity which transformed the entire universe of cyber-security that we know of today?

Initially expected to just harvest the passwords of a couple of local internet providers, the malware, dubbed as 'LoveBug' spread far and wide, infecting more than 45 million devices to turn into the first piece of malware to truly take businesses offline.

LoveBug was the shift of malware from a constrained exposure to mass demolition. 45 million compromised devices daily could rise to 45 million daily payments.

Be that as it may, eleven years before anybody had known about LoveBug, the IT industry saw the first-ever main case of ransomware, as AIDS Trojan. AIDS Trojan which spread through infected floppy disks sent to HIV specialists as a feature of a knowledge-sharing activity.

The 'lovechild' of LoveBug and AIDS Trojan was the ransomware that followed, with GPCoder and Archievus hitting organizations around the globe through which the hackers additionally bridled ecommerce sites to discover better ways to receive payments.

The protection industry responded by taking necessary steps with 'good actors' cooperating to decipher the encryption code on which Archievus depended, and sharing it broadly to assist victim with abstaining from paying any ransom.

From that point forward the 'cat and mouse' game has proceeded with viruses like CryptoLocker, CryptoDefense, and CryptoLocker2.0 constructing new attack strategies, and the protection industry executing new defenses. Presently ransomware has become increasingly sophisticated and progressively prevalent as targets today are more averse to be individuals since large businesses can pay enormous sums of cash.

And yet, data protection has become progressively sophisticated as well, with certain four areas that should now be a part of each business' ransomware strategy: protect, detect, respond, and recover. Social engineering and phishing are also presently becoming progressively central to the success of a ransomware attack.

The LoveBug was effective in a scattergun fashion, yet at the same time depended on social engineering.

Had individuals been less disposed to open an email with the subject line ‘I love you', the spread of the malware would have been 'far more limited'.

Nevertheless, the users presently ought to be more alert of the increasingly diverse threats in light of the fact that inexorably, hackers are expanding their threats data exfiltration or public exposure on the off chance that they feel that leaking data may be progressively 'persuasive' for their targets.

Thus so as to react to the issue, it's essential to have backup copies of data and to comprehend the nature and estimation of the information that may have been undermined in any way.

Provider Volia reported to the cyber police about the intense cyberattacks on the server


Cable provider Volia appealed to the Cyber Police on the fact of fixing a DDoS attack on the Kharkov servers of the company, which has been ongoing since May 31.

"For three days, from May 31 to today, the Volia infrastructure in Kharkov is subjected to cyberattacks. At first, they were carried out only on subscriber subsystems, later they switched to telecommunications infrastructure. As a result, more than 100,000 subscribers experienced problems using the Internet, IPTV, multi-screen platform, and digital TV," said the company.

In total, the complete lack of access to Volia's services, according to the provider, lasted 12 minutes on May 31, 45 minutes on June 1. There was also an attack on the website volia.com, but it was managed to neutralize.

"DDoS attacks were massive and well-organized. The type of attack is UDP flood and channel capacity overflow with the traffic of more than 200 GB. UDP is a protocol used for online streaming services - streaming, telephony, video conferencing, etc. The attack occurred from tens of thousands of different IP addresses around the world: the United States, Malaysia, Taiwan, Vietnam, etc.", emphasized the press service of the provider.

According to representatives of the company, attacks of this volume are followed by extortion and other attempts to influence the company. Therefore, Volia appealed to the cyber police with a statement about a massive DDoS attack on the infrastructure.

At the same time, Volia stated that they cannot be sure that the attacks will not happen again, but they are doing everything possible to avoid it.
It should be noted that Volia company serves about 2 million cable TV and Internet subscribers in 35 cities of Ukraine.

Germany threatened Russia with sanctions for a hacker attack on the Bundestag


German Foreign Ministry spokeswoman Maria Adebar on Friday confirmed that Germany in connection with the case of a hacker attack on the Bundestag introduces a sanctions regime,  which includes freezing accounts and restrictions on entry to the European Union.  Hackers linked to Russian intelligence are suspected of hacking emails. Moscow denies any involvement.

Adebar added that this sanctions regime allows freezing assets and restricting entry not only for individuals but also for organizations.

The day before, the State Secretary of the German Foreign Ministry Miguel Berger invited the Russian Ambassador to Germany Sergei Nechaev to Berlin in connection with the case of a hacker attack on the Bundestag. Berger, on behalf of his government, "strongly condemned" the attack.

He also reported on Germany's plans to use the EU's cyber sanctions regime against the Russians involved in this attack, including Dmitry Badin. The reason for this, he also called a warrant for the arrest of Badin, which was issued by the US Attorney General in May.

Recall, in early May, the German media reported that the Prosecutor General's office of Germany announced an international search for Dmitry Badin on suspicion of complicity in a cyberattack on the Bundestag network in 2015. It was noted that he was also wanted by the US Federal Bureau of Investigation (FBI).

Berlin believes that Baden is part of the hacker group Fancy Bear. He is accused of conducting secret intelligence and illegally extracting computer data.

A cyberattack on the Bundestag's resources occurred in April 2015. German members of Parliament received similar emails, allegedly related to the UN, in which there was a link to malicious spyware. According to official data, hackers stole at least 16 gigabytes of data. It is assumed that the attackers copied two mailboxes with correspondence from the parliamentary office of German Chancellor Angela Merkel from 2012 to 2015.

The German side believes that Russia is not sufficiently involved in the investigation of the crime.

Apple Plans to Expand Cloud-Based Services, Enters Cloud Computing Space


Apple is planning to invest more in streamlines and increasing its cloud-based and software services like iCloud, Newsplus, and Apple Music. The expansion will go along with devices like iPads, MacBooks, and iPhones. To be entirely sure about the reliability of the cloud-based service on all the Apple devices, the company has decided to rely on AWS (Amazon Web Services) and the cloud division. AWS, as you might know, is a subunit of Amazon that offers cloud-space solutions. According to CNBC's findings, Apple is said to pay Amazon $30 Million monthly for its cloud-based services. It also means that Apple is one of the biggest customers of AWS.


Nevertheless, Apple hasn't confirmed whether it uses Amazon's cloud services besides its iCloud. According to experts, Apple also has some of its cloud services on Google. Amazon transformed the management of the data center and hosting of the applications when it brought the AWS. Being the first one to offer services like these, AWS is currently ranked top in the world of cloud hosting. Since recent times, Google Cloud and MS Azure are also trying to increase their presence in cloud-space services.

"As a matter of fact, AWS crossed the $10 billion quarterly revenue mark in Q1 2020, bringing in revenue of $10.2 billion with a growth rate of 33%. AWS accounted for about 13.5% of Amazon's total revenue for the quarter, which is on the higher end. Google Cloud, which includes Google Cloud Project (GCP) and G-Suite, generated $2.78 billion in revenue in the first quarter this year, which marked as a 52% increase over the same quarter a year ago. Microsoft does not reveal Azure revenue, but it announced that its Azure revenue grew by 59% in Q1 2020 over the same quarter a year ago," says Taarini Kaur Dang from Forbes.

As it seems, Apple knows the importance of the high-end cloud support needed for offering the best services to its customers. Similar to other tech biggies, Apple has its cloud space team called ACI (Apple Cloud Infrastructure). Noticing Apple's recent advancements, it is fair to believe that Apple might revolutionize the cloud-space world.

Is Data Science loosing all that hype?


All over the world companies are making cuts, the COVID-19 has lead to a major economic downfall, and companies are struggling to stay afloat by reassessing their strategies and priorities. This has made companies realize the actual value of data science in business and things are not looking good. There have been mass cuts and layoffs in tech industries including data scientists and AI specialists and many are saying that the hype over data science is finally coming down.

Over the last five years the data science field has bloomed with a soaring speed and talent in data science has increased exponentially but it is expectant of companies to let this department go as when we look at direct business value, data science, unfortunately, don't add much - they fail to make the essential need-to-be list. Hence, the demand for data scientists will significantly decrease in the foreseeable future.

Dipanjan Sarkar, a Data Science Lead at Applied Materials talks about AI and lose business models saying, “The last couple of years, the economy had been doing quite well, and since every company wanted to join the AI race, they started pulling up these data science teams. But, they didn’t do the due diligence in hiring. They didn’t have a clear vision in mind as to how their AI strategy is actually going to help. Companies may think that they’re not getting any tangible value from large data science teams. This can trigger a move to cut down the staff, which may be non-essential ".

Most of the core business is done by engineering and manual processes and data science just adds the cherry on top. AI, machine learning, and data science are only valuable if t data science creates money or save it. Companies currently are focusing on cash curves and ventures like data science have become big questions thus when companies make cuts, data scientists will be the first to let go.

"People need to understand that data science is nothing special than any other IT related field. Furthermore, it is a non-essential work. I firmly believe that data science people will get fired first than engineers in any company’s worst situation (like Covid-19 pandemic),” according to Swapnil Jadhav, Principal Scientist (Applied Research) at DailyHunt.

A Series Of Cyber Essentials Toolkits Released To Address Cyber-Security Risks


As a major starting point for small businesses and government agencies to comprehend and address cybersecurity risk as they indulge with other risks, Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essential Toolkits following its own November 2019 release.

CISA's toolkits will give greater detail, insight, and assets on every one of the Cyber Essential' six "Essential Elements" of a Culture of Cyber Readiness.

The launch of the introductory "Essential Element: Yourself, The Leader" will be followed every month by another toolkit to compare with every one of the six "Essential Elements." Toolkit 1 targets on the role of leadership in fashioning a culture of cyber readiness in their organization with an accentuation on methodology and investment.

CISA Director Christopher Krebs says “We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit. We hope this toolkit and the ones we are developing, fills gaps, and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.”

Cyber Essential created in collaboration with small businesses and state and local governments, plans to prepare smaller organizations that generally have not been a part of the national dialogue on cybersecurity with basic steps and assets to improve their cybersecurity.

The CISA incorporates two sections, the core values for leaders to build up a culture of security, and explicit activities for them and their IT experts to put that culture into action. Every one of the six Cyber Essential incorporates a list of noteworthy items anybody can take to bring down cyber risks.

These are:

  •  Drive cybersecurity strategy, investment, and culture; 
  •  Develop a heightened level of security awareness and vigilance;
  •  Protect critical assets and applications; 
  •  Ensure only those who belong on your digital workplace have access; 
  •  Make backups and avoid loss of info critical to operations; 
  • Limit damage and restore normal operations quickly.

Github Escapes from Octopus Malware that Affected its 26 Software Projects


Github, a platform where every malicious software report is equally different in its place, manages to escape from a malware threat.  Github, an organization that united the world's largest community of coders and software developers, revealed that hackers exploited an open-source platform on its website to distribute malware. The hackers used a unique hacking tool that enabled backdoors in each software project, which the hackers used to infiltrate the software systems.


"While we have seen many cases where the software supply chain was compromised by hijacking developer credentials or typosquatting popular package names, a malware that abuses the build process and its resulting artifacts to spread is both interesting and concerning for multiple reasons," said Github on its security blog. Fortunately, the hackers attempt to exploit the open-source platform was unsuccessful. Still, if it were, on the contrary, hackers could've secured a position in the softwares, which were to be used later by corporate applications and other websites.

Since recent times, open-source websites have become a primary target for hackers. It is because once the hackers exploit backdoor vulnerabilities on open-source platforms, thousands of apps are exposed to remote code execution. As for Github, the company's website currently has more than 10 Million users. In the Github incident, 26 software projects were infected through malicious codes, which is a severe warning for the potential threat of the open-source compromises. The experts have identified the malware as "Octopus Scanner," which is capable of stealing data by deploying remote access codes.

The malware spread with the help of projects using software called Apache Beans, tells Github. "On March 9, we received a message from a security researcher informing us about a set of GitHub-hosted repositories that were, presumably unintentionally, actively serving malware. After a deep-dive analysis of the malware itself, we uncovered something that we had not seen before on our platform: malware designed to enumerate and backdoor NetBeans projects, and which uses the build process and its resulting artifacts to spread itself," says Github on its blog. These attacks can be highly threatening as the tactics used here gives the hackers access to various systems.

Religion Biased Algorithms Continue to Depict How Facebook Doesn't Believe in Free Speech


Facebook's brand image has taken a critical hit long ago falling from the top ten global brands list, the brand value has gone down by remarkable margins as the platform fell short in living up to its own standards and promises and continued making headlines for censure. Amid big scandals like Cambridge Analytica, data leaks, congressional scrutiny, the social media giant has constantly been under the radar for preferring certain gender, ethics groups, and race over others as seen in the company's allegedly flawed ad-serving algorithm. 

Owing to its discriminatory ways, Facebook became a subject of critics' accusations in October 2019 when the social media giant faced a class-action lawsuit for charges of bias against gender and age. To substantiate, with the use of several advertising experiments, researchers from Northeastern University, the University of South California demonstrated in a study that Facebook has been discriminatory in ad targeting for years now and indeed has an automated advertising system delivering ads to selected audiences. 

It's a well-established fact that algorithms are biased and Facebook has been no exception to it. To give you an idea, in 2019, the tech giant faced legal charges by the US government for allowing advertisers to deliberately target ads on the basis of religion, race, and gender – businesses could exclude people of a certain race, age  or gender from viewing housing ads, a blatant violation of Fair Housing Act. While settling its case, the company said that it won't be allowing the businesses to targets ads in discriminating ways, however, the issues were never truly addressed given the recent biases in Facebook's actions. 

'The Enlightened souls(https://6enlightened.blogspot.com/) is a spiritual group posting content regarding enlightenment, spirituality, ancient spiritual practices, goddess worship and etc., the spiritual website became one of the latest victims of Facebook's biased ad-targeting algorithms. 
Religion bias in particular as Facebook removed one of their ads containing images of the goddess 'Kali' along with other goddesses labeling it as sexual content. 
Later, Facebook was seen to be running a Netflix ad about a show wherein the girl was almost naked. The findings are critical of Facebook's claims regarding 'changed Ad tools' wherein the tech giant promised to amend its ways of managing the advertisements and preventing discrimination against certain groups, gender, religion, or age. 

Disappointed by Facebook's never-ending bias and existing issues despite the changes made by the company, 6enlightened made the decision of cutting Facebook off and using Twitter as the only social media.

FACEBOOK SHOULD STOP SUPPRESSING FREE SPEECH 

Given a whopping 2.5 million people use at least one of the Facebook's app, the social media platform should be more responsible in its advertising ways, however, unfortunately, the platform doesn't appear to believe in free speech but in censorship that they have actively practiced – evidently so for years now.

Russian hackers attacked Poland due to NATO exercises


The Polish government announced a large-scale information attack by Russia, which is aimed at worsening relations between Warsaw and Washington, as well as the Polish army

Poland announced about hacker attacks on Internet pages and posting false and manipulative information about the NATO exercises Defender Europe 2020 on Polish and foreign resources.

"Poland again became the target of information attacks that coincide with the Kremlin's actions against the West, especially against NATO countries. The organizers of such actions used well-known methods: hacking, spoofing content on web pages, as well as a fake interview with an American General," said Stanislav Zharin, the speaker of the coordinating Minister in the Government of Poland for Special Services.

He added that the disinformation attack coincides with the beginning of the next phase of the Defender Europe-2020 exercise and concerns military cooperation between Poland and the United States.
As noted, as a result of hacker attacks on several Polish sites, materials about the training of Defender Europe 2020 were posted. The article was posted on the Internet pages of Niezalezna[dot]pl, Olsztyn24[dot]com, RadioSzczecin[dot]pl, ePoznan[dot]pl, which makes fun of Poland and its army.

These materials were blocked by the administrators of information resources, but after that, some of them again became targets of cyberattacks. 

The speaker of the coordinating Minister noted that the theses published in the articles coincide with the long-term actions of the Russian Federation against Poland. According to Zharin, the purpose of this was to strike at the unity of NATO and the possibility of joint actions of US and Polish forces, to destabilize relations between Warsaw and Washington, as well as question official documents regarding threats to Poland.

It is interesting to note that Poland plans to completely abandon Russian gas from 2022.

StrandHogg is Back and Stronger As a More Sophisticated Vulnerability


Android is vulnerable anew owing it to a new vulnerability which goes by the name of “StrandHogg 2.0”

That is right. StrandHogg is back and now has affected numerous Android devices putting over a Billion Android devices in jeopardy.

The vulnerability is a pretty typical way aids hackers disguise illegitimate applications as legitimate ones with the ultimate aim of making them grant permissions which could end up releasing really important information.

The posing applications then find a way to the users’ sensitive data that too in real-time. Surprisingly, the worst part about the vulnerability is that the users would have no idea at all that they have been attacked and they’d be completely unaware of the malicious applications on their device.

This vulnerability is referenced as “CVE-2020-0096” and is known by the name “StrandHogg 2.0”. This version aids the hackers to make more sophisticated attacks.

As of last year StrandHogg was already listening in on conversations and recording them, accessing login credentials, read/sending unwanted texts and with complete control of the photo album, call logs, and contacts.

Allegedly, StrandHogg 2.0 excepting the latest version of the Android 10 OS, exists on most Android devices.

As per sources, the Google website has it that from a minimum of 2 Billion Android users, just 16% of them have updated to Android 10 hence the rest are allegedly vulnerable.

To fight or prevent any mishap that could be caused by StrandHogg 2.0, steer clear off pop up notifications asking permission for sending notifications, messages, or other related things and applications asking to log in again despite being already logged in.

Due to the Coronavirus Pandemic, not as per usual, Google will be releasing its Android 11 Beta version via an online conference at the Google I/O. Reportedly this conference is scheduled for June 3, 2020.

Sources mention that this conference will be a fresh source for many new updates and news about official events. The schedule for the launching of Android 11 has been released and according to it Android 11 will undergo 3 Beta releases in the upcoming months that are June, July, and August. Word has it that the official version would finally hash out in or near October.


Telegram has withdrawn its appeal against the ban on issuing Gram tokens


The company appealed the court decision in March, but then the founder of the messenger, Pavel Durov, announced the termination of work on the blockchain project

Telegram has withdrawn an appeal against a court order banning the distribution of Gram tokens as part of proceedings with the US Securities and Exchange Commission (SEC). The decision was supported by both parties, the withdrawal was carried out using the standard form based on rule 42.1 — "leaving without consideration".

The appeal was sent in March after a court banned Telegram from issuing Gram tokens.  The court ruled in favor of the SEC, which argued that the Gram tokens were unregistered securities. The court also ruled that Telegram cannot issue tokens even outside the United States since this will give US citizens the opportunity to buy these tokens outside the country as well.

The founder of Telegram in an American court said that people outside the US can vote for their presidents and elect their own parliaments, but they are still dependent on the US when it comes to technology and finance.

On May 12, the founder and CEO of Telegram Pavel Durov announced the termination of work on the blockchain project. He accused the US court of sentencing the TON project before it could be successfully implemented. Investors were offered to return 72% of their investment or sign a loan agreement with a return of 110% in a year.

After that, TON investor Vladimir Smerkis said that the majority of ICO participants are inclined to file a lawsuit against Durov. Smerkis allowed an option in which the Telegram team will need to make concessions to investors and reconsider the option of paying out funds.

Let's remind that on April 1, Federal Judge of the Southern District of New York, Kevin Castel, rejected Telegram's request to clarify the possibility of distributing Gram tokens bypassing American investors.

WhatsApp Scam: Hackers stealing Verification Codes from Users


WhatsApp Messenger, a cross-platform messaging app owned by Facebook is the most popular messaging application in the world and recently it's usage increased by 40% amid lock-down. But with it's rising popularity, the users are facing security threats as a new scam has emerged on the Facebook-owned messenger that tries to steal the user's verification code.

The scammers pose as WhatsApp's official account and ask the user to verify his/her identity by providing the six-digit verification code to the account.

This verification code is sent to the user via SMS in order to register their device.

WABetaInfo, a blog that tracks WhatsApp features shared the scam in a tweet. Dario Navarro, a Twitter user asked WABetaInfo that he got such a message and if he should reply, in response the feature tracker responded with “WhatsApp never asks your data or verification codes,”.


According to the message sent to Navarro, the spammer sends the message posing as WhatsApp (with WhatsApp's logo as a profile picture) and in a message written in Spanish ask him to verify his identity and account number by providing the six-digit verification code which the spammer could use to hack the account.

WhatsApp will never ask for your personal details or verification code

WhatsApp clearly states in their FAQs section not to share the verification code, “If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can't complete the verification process and use your phone number on WhatsApp,” the company says.

Any information by the company is either published on their blog or tweeted on their official account. And even if WhatsApp does message you ( a rare phenomenon) it would be from an account with a green tick next to it.

If you get a verification SMS, it means someone is trying to log in to your account, this could be because someone entered the wrong phone number or if someone is trying to hack your account. So, if someone hacks your account, you can simply verify your phone number and the other user will be logged out.

German Intelligence Warns Companies of Potential Hacking Threats from Russia


According to German intelligence agencies, a group of hackers from the Kremlin are targeting German infrastructures like energy, water, and power resources for a long time. The information came out the first time at the start of this year when investigating officers found evidence of cyberattacks on German companies. The names of the target companies are yet to be known. Still, a cyberattack has compromised them, says statements of German intelligence agencies that were sent to head of these infrastructures.


The group of hackers has been identified as "Berserk Bear." According to the investigation, the hackers are likely to be state-sponsored by the Russian FSB intelligence agency. The hackers are suspected of using the supply chain to infiltrate into German IT infrastructures, says various investigation agencies. According to the investigation, these hackers use openly available malware to permanently infiltrate the company's I.T. network and access sensitive information, along with having complete control over the company's server. The agencies didn't find any damaging evidence against the companies and have refused to offer any comment for the current situation.

The group Berserk Bear is infamous for stealing the U.S. energy companies' data in the year 2018. U.S. President Donald Trump had blamed Russia for the attack. According to cybersecurity experts, Berserk Bear is the group that Moscow is most likely to contact if there is a need to hack the industrial networks. Another hacking team called "Sandworm" was famous for the attack that shut down Ukraine's power supply in 2016 and 2018.

According to Cyberscoop, a cybersecurity website, "Sven Herpig, a cybersecurity expert with the German think tank SNV, welcomed the advisory and urged German companies to heed the warning. The memo has "concrete recommendations of how to spot and protect against an intrusion" from Berserk Bear, he said. The Russian Embassy in Washington, D.C., did not respond to a request for comment on the German agencies' report." Berserk Bear is responsible for various cyberattacks on American and German electrical utilities since 2018, say the cybersecurity experts. The group has been aggressive and attacked several companies.

The voting site of the United Russia party was attacked by hackers


"Initially, the voting went as usual. At seven in the morning, a rapid increase in attempts to vote began. After some time, technical support detected a DDoS attack — attempts were made to upload votes from non-existent voter IDs to the system," commented the press service of the party.
Deputy Secretary of the General Council of United Russia Sergey Perminov said that within two hours, the growth of hundreds of thousands of fake requests was stopped. At this time, there was a queue of real people who went to vote on the site.

"We use the blockchain to conduct preliminary voting — accordingly, all data comes to us in encrypted form and goes through several stages of verification. All ballots are anonymous — we don't have access to the personal information of the electors who sent them, which means we can't track the attack vector. Accordingly, we process all requests without exception. Therefore, we are now increasing our capacity in order not to lose any of the real votes," explained Perminov.

Deputy Secretary noted that they managed to stop the attack within two hours, now the system is gradually improving. All the data of real electors who managed to vote has been included in the blockchain and will be available for verification. The correctness of the vote, according to him, is not violated.

It is worth noting that United Russia is the only party in the Russian Federation that conducts primaries to nominate candidates for elected posts. Any Russian citizen can participate. This year, due to the coronavirus pandemic, primaries are held in electronic format.

Recall that on May 23, Russian President Vladimir Putin signed a law on remote voting. According to the document, a new type of voting without a paper ballot is being introduced in the Russian Federation. Special software will be used instead.

Red Cross asks the Government to take Preventive Measures on Cyberattacks against Health Departments


Currently, while the whole world is struggling to fight against the coronavirus epidemic, cyberattacks have increased in numbers, targeting health departments like hospitals, research centers, and WHO. According to Reuters, "the Red Cross called for an end to cyberattacks on healthcare and medical research facilities during the coronavirus pandemic, in a letter published Tuesday and signed by a group of political and business figures."

Due to this, a group of 42 top world leaders have come together and requested the Government to take some immediate actions on the increasing attacks against the healthcare institutions. Among the members, there is Madeleine Albright, ex U.S Secretary of State and Brad Smith, president, Microsoft. Peter Maurer, President of International Red Cross Society, says the Government should take some swift measures and step-up to stop these attacks. He hopes that the Government is willing to commit to international obligations to prevent these attacks. He has asked for international cooperation from various health departments to combat this problem. It can be a severe problem for war-stricken countries where the conditions of healthcare departments are already deteriorating, and these cyberattacks will make things even worse.

The various leaders have asked the Government to work side by side with civil society. It comes after the news of cyberattacks on healthcare institutes came out. Ransomware was one of the attacks, that jammed the computers and infected the healthcare systems. It affected the healthcare institutes' functioning, like treating the patients, research, and various tests. Last month, incidents of the cyberattack on health institutes were reported by the Czech Republic government. Another event appeared where the DarkHotel hacking group attacked WHO.

News of various countries reporting attacks on healthcare systems also emerged, where the records of COVID-19 patients were stolen along with lab tests data. "Over the last several months, cybercriminals have targeted hospitals with computer viruses, usually in schemes to extort or hold their data ransom. More sophisticated hacking groups, such as those associated with governments, have also targeted medical research centers to steal valuable data about COVID-19 treatments," reports Reuters on its website.

Several Vulnerabilities Identified In Emerson OpenEnterprise


Recently four vulnerabilities were found in Emerson OpenEnterprise and were accounted for to the vendor in December 2019 with the patches released a couple of months later.

Roman Lozko, a researcher at Kaspersky's ICS CERT unit, was responsible for the identification of the flaws, and the security holes found by him have been depicted as 'heap-based cushion buffer, missing authentication, improper ownership management, and weak encryption issues.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Kaspersky published advisories for three of the vulnerabilities a week ago. The rest of the vulnerability was described by Kaspersky in a previous advisory.

As indicated by Emerson, OpenEnterprise is explicitly intended to address the prerequisites of associations focusing on oil and gas production, transmission, and distribution.

The initial two followed as CVE-2020-6970 and CVE-2020-10640 are depicted as critical, as they can allow an attacker to remotely execute discretionary code with 'elevated privileges' on devices running OpenEnterprise.

Vladimir Dashchenko, a security expert at Kaspersky, says an attacker could misuse these vulnerabilities either from the system or directly from the internet. Notwithstanding, there don't give off an impression of being any occurrences of the affected product exposed to the internet.

“The most critical vulnerabilities allow remote attackers to execute any command on a computer with OpenEnterprise on it with system privileges, so this might lead to any possible consequences,”

 “Based on Shodan statistics, currently there are no directly exposed OpenEnterprise SCADA systems available,” Dashchenko explained. “It means that asset owners with installed OpenEnterprise are definitely following the basic security principles for industrial control systems.”

The rest of the vulnerabilities can be exploited to 'escalate privileges' and to acquire passwords for OpenEnterprise user accounts, yet exploitation in the two cases requires local access to the targeted system.

Maze Ransomware Operators Leaked 2GB of Financial Data from Bank of Costa Rica (BCR)


Bank of Costa Rica (BCR) has been receiving threats from the threat actors behind Maze ransomware who have stolen credit card details from the bank, the ransomware gang started publishing the encrypted financial details this week.

The Banco de Costa Rica is one of the strongest state-owned commercial banks operated in Costa Rica, starting from humble origins of mainly being a private commercial bank, it expanded to become a currency issuer and one of the most renowned baking firms in Central America contributing largely in the financial development of the nation.

The hacker group behind the data leak have demanded a ransom from Banco de Costa Rica at various occasions, however, to their dismay they observed a lack of seriousness in the way the bank dealt with these previous leaks and it served as a primary reason that motivated the latest data leak, according to an interview with Maze ransomware operators.

As per the claims made by the attackers, Banco de Costa Rica's network remained insecure till February 2020; it was in August 2019 when they first compromised the bank's network and the second attempt was made in the month of February 2020 to see how the security has been improvised – if at all so.

The 2GB of data published by the Maze ransomware attackers on their leak site contains the details of at least 50 Mastercards and Visa credit cards or debit cards, a few being listed more than once.

As per the statements given by Brett Callow, a threat analyst with Emsisoft to ISMG, "Like other groups, Maze now weaponizes the data it steals,"

"The information is no longer simply published online; it's used to harm companies' reputations and attack their business partners and customers."

"The Maze group is a for-profit criminal enterprise who are out to make a buck," Callow says. "The credit card information has been posted for one of two reasons: Either to pressure BCR into paying and/or to demonstrate the consequences of non-compliance to their future victims," Callow further told.

Online education takes a boost in lockdown



Sandeep Gupta from California, a technology manager is taking an online course in artificial intelligence as a way “to try to future-proof your working life.”

Dr. Robert Davidson, an emergency-room physician from Michigan took up an online master’s degree course in public health.

Online learning has seen a rise in children and college students as a way to keep up with their studies during lockdown but interestingly they are not the only ones to turn to online education. Millions of adults working in various fields have subscribed to online courses as a way to stay ahead and make use of leisure time. This period could mark a renaissance for online learning business.

Coursera, an online learning platform developed by Stanford University saw 10 million new users from March to May, seven times in comparison to last year(according to pace). Other websites like Udacity and edX also saw a jump in users.

 “Crises lead to accelerations, and this is the best chance ever for online learning,” the co-founder and chairman of Udacity, Sebastian Thrun said. 

Coursera, Udacity, and edX were developed as an online learning project a decade ago called massive open online courses (MOOCs) but the experiment was not quite a success as few individuals completed the courses and were largely free.

 MOOCs mission to "democratize education" is now taking shape, earlier when they have launched thousands of students enrolled but hardly few completed the free courses. Though courses that were not free and provided a degree saw more completions and results.

"Active learning works, and social learning works. And you have to understand that teaching online and learning online are skills of their own” said Anant Agarwal, founder, and chief executive of edX.

A few years ago apps like Udacity were on the verge of drowning and their market was slowing down but through treil and error, they learned that these courses need to be focused on skill learning as that's where the market is and now the popular courses are in tech field like coding, analytics, and AI.

People are turning this lockdown crisis into their advantage by building skills via online learning. As schools and collages tilt towards online education, the paradigm of education is evolving rapidly.

The Blue Mockingbird Malware Group Exploits Vulnerabilities in Organizations' Networks


Another notorious crypto-currency mining malware has surfaced which allegedly has been infecting the systems of countless organizations. The group with the control of operations goes by the code name of “Blue Mockingbird”.

The researchers who discovered it have reasons to believe that the Blue Mockingbird has been active since 2019’s last month. Per them, it also targets “public-facing servers” that run “ASP.NET” apps that use the “Telerik framework” for their User Interface (UI) aspect.

Reportedly, the vulnerability that the hackers exploit in the process is the “CVE-2019-18395” vulnerability which is then employed to embed a web shell on the target’s server. Per the same report, later on they employ a version of “the Juicy Potato technique” to obtain the admin-access and alter the server settings to get access to the “(re)boot persistence”.

After having obtained complete access to a system, sources mention, the malware group installs a version of XMRRig which is a famous crypto-currency mining application particularly for the “Monero (XMR)” crypto-currency.

As per reports, if the public-facing IIS servers are linked with a company’s internal network, the malware group has a probability of trying to expand internally through an improperly-secured Server Message Block (SMB) connections or Remote Desktop Protocol ((RDP).

The exact number of infections that the botnet has caused isn’t all too clear but if an estimate was to be made the operations include 1,000 infections at the least. There also doesn’t seem to be a way to find the intensity of the threat.

Not many organizations out of the ones that were being observed by the researchers have been hit with this particular threat. And over a really little amount of time that they were tracked the above-mentioned number of infections surfaced.

Nevertheless, all companies alike are susceptible to this attack, even the ones that think they are safe and the number of infections could be more than estimated.

As per sources, the Telerik UI component which is allegedly vulnerable is a part of ASP.NET applications that run on their latest versions, even then the Telerik component may have versions that are out-dated but harmful to organizations, nonetheless. This component could exist in the applications used by a company and they might not even know about it leaving them endangered.

The Telerik UI CVE-2019-18935 vulnerability, per reports, has been widely let known as the one that is employed to embed web shells on servers. Another mentioned that this vulnerability is the most exploited and organizations need to better their firewalls to fight it. If for some reason the organizations don’t happen to have a web firewall they could always look for warning precursors in the server and workstation, reports cite.

Russian experts assessed the level of protection of corporate data from hacker attacks


Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than half an hour to penetrate the local network. Such conclusions were made by experts from Positive Technologies in their research.

"It took an average of four days to penetrate the local network, and at least 30 minutes. In most cases, the complexity of the attack was estimated as low, that is, a low-skilled hacker who possesses only basic skills could also carry it out," said experts.

Positive Technologies experts analyzed information dated 2019 on the protection of corporate information systems of 28 companies from external intruders and pentest (the penetration test). As part of external pentests, specialists managed to penetrate the local networks of 93% of organizations. In some cases, there were several ways to overcome network protection.

According to experts, every sixth company showed signs of hacker attacks, malicious links on official sites or valid accounts in public leak databases. Based on this, the researchers concluded that the company's IT infrastructure could be controlled by hackers.

Specialists advise companies for protection, first, to follow the General principles of information security: regularly check their information resources available for external connection, as well as develop strict rules for corporate password policy and monitor their implementation. In addition, they recommend regularly updating the security settings for operating systems and installing the latest versions of software products.

Recall that, according to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February. Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.