again

now browsing by tag

 
 

#city | #ransomware | Ransomware attacks shaking up threat landscape — again

Source: National Cyber Security – Produced By Gregory Evans

Ransomware is changing the threat landscape yet again, though this time it isn’t with malicious code.

A spike in ransomware attacks against municipal governments and healthcare organizations, coupled with advancements in the back-end operations of specific campaigns, have concerned security researchers and analysts alike. The trends are so alarming that Jeff Pollard, vice president and a principal analyst at Forrester Research, said he expects local, state and city governments will be forced to seek disaster relief funds from the federal government to recover from ransomware attacks.

“There’s definitely been an uptick in overall attacks, but we’re seeing municipality after municipality get hit with ransomware now,” Pollard said. “When those vital government services are disrupted, then it’s a disaster.”

In fact, Forrester’s report “Predictions 2020: Cybersecurity” anticipates that at least one local government will ask for disaster relief funding from their national government in order to recover from a ransomware attack that cripples municipal services, whether they’re electrical utilities or public healthcare facilities.

Many U.S. state, local and city governments have already been disrupted by ransomware this year, including a massive attack on Atlanta in March that paralyzed much of the city’s non-emergency services. A number of healthcare organizations have also shut down from ransomware attacks, including a network of hospitals in Alabama.

The increase in attacks on municipal governments and healthcare organizations has been accompanied by another trend this year, according to several security researchers: Threat actors are upping their ransomware games.

Today’s infamous ransomware campaigns share some aspects with the notable cyberattacks of 20 years ago. For example, the ILoveYou worm used a simple VB script to spread through email systems and even overwrote random files on infected devices, which forced several enterprises and government agencies to shut down their email servers.

But today’s ransomware threats aren’t just using more sophisticated techniques to infect organizations — they’ve also built thriving financial models that resemble the businesses of their cybersecurity counterparts. And they’re going after targets that will deliver the biggest return on investment.

New approaches

The McAfee Labs Threats Report for August showed a 118% increase in ransomware detections for the first quarter of this year, driven largely by the infamous Ryuk and GandCrab families. But more importantly, the vendor noted how many ransomware operations had embraced “innovative” attack techniques to target businesses; instead of using mass phishing campaigns (as Ryuk and GandCrab have), “an increasing number of attacks are gaining access to a company that has open and exposed remote access points, such as RDP [remote desktop protocol] and virtual network computing,” the report stated.

The concept of ransomware is no longer the concept that we’ve historically known it as.
Raj SamaniChief scientist, McAfee

“The concept of ransomware is no longer the concept that we’ve historically known it as,” Raj Samani, chief scientist at McAfee, told SearchSecurity.

Sophos Labs’ 2020 Threat Report, which was published earlier this month, presented similar findings. The endpoint security vendor noted that since the SamSam ransomware attacks in 2018, more threat actors have “jumped on the RDP bandwagon” to gain access to corporate networks, not just endpoint devices. In addition, Sophos researchers found more attacks using remote monitoring and management software from vendors such as ConnectWise and Kaseya (ConnectWise’s Automate software was recently used in a series of attacks).

John Shier, senior security advisor at Sophos, said certain ransomware operations are demonstrating more sophistication and moving away from relying on “spray and pray” phishing emails. “The majority of the ransomware landscape was just opportunistic attacks,” he said.

That’s no longer the case, he said. In addition to searching for devices with exposed RDP or weak passwords that can be discovered by brute-force attacks, threat actors are also using that access to routinely locate and destroy backups. “The thoroughness of the attacks in those cases are devastating, and therefore they can command higher ransoms and getting higher percentage of payments,” Shier said.

Jeremiah Dewey, senior director of managed services and head of incident response at Rapid7, said his company began getting more calls about ransomware attacks with higher ransomware demands. “This year, especially earlier in the year, we saw ransomware authors determine that they could ask for more,” he said.

With the volume of ransomware attacks this year, experts expect that trend to continue.

The ransomware economy

Samani said the new strategies and approaches used by many threat groups show a “professionalization” of the ransomware economy. But there are also operational aspects, particularly with the ransomware-as-a-service (RaaS) model, that are exhibiting increased sophistication. With RaaS campaigns such as GandCrab, ransomware authors make their code available to “affiliates” who are then tasked with infecting victims; the authors take a percentage of the ransoms earned by the affiliates.

In the past, Samani said, affiliates were usually less-skilled cybercriminals who relied on traditional phishing or social engineering tactics to spread ransomware. But that has changed, he said. In a series of research posts on Sodinokibi, a RaaS operation that experts believe was developed by GandCrab authors, McAfee observed the emergence of “all-star” affiliates who have gone above and beyond what typical affiliates do.

“Now you’re seeing affiliates beginning to recruit individuals that are specialists in RDP stressing or RDP brute-forcing,” Samani said. “Threat actors are now hiring specific individuals based on their specialties to go out and perform the first phase of the attack, which may well be the initial entry vector into an organization.”

And once they achieve access to a target environment, Samani said, the all-stars generally lie low until they achieve an understanding of the network, move laterally and locate and compromise backups in order to maximize the damage.

Sophos Labs’ 2020 Threat Report also noted that many ransomware actors are prioritizing the types of data that certain drives, files and documents encrypt first. Shier said it’s not surprising to see ransomware campaigns increasingly use tactics that rely on human interaction. “What we’ve seen starting with SamSam is more of a hybrid model — there is some automation, but there’s also some humans,” he said.

These tactics and strategies have transformed the ransomware business, Samani said, shifting it away from the economies of scale-approach of old. “All stars” affiliates who can not only infect the most victims but also command the biggest ransoms are now reaping the biggest rewards. And the cybercriminals behind these RaaS operations are paying close attention, too.

“The bad guys are actively monitoring, tracking and managing the efficiency of specific affiliates and rewarding them if they are as good as they claim to be,” Samani said. “It’s absolutely fascinating.”

Silver linings, dark portents

There is some good news for enterprises amid the latest ransomware research. For one, Samani said, the more professional ransomware operations were likely forced to adapt because the return on investment for ransomware was decreasing. Efforts from cybersecurity vendors and projects like No More Ransom contributed to victims refusing to pay, either because their data had been decrypted or because they were advised against it.

As a result, ransomware campaigns were forced to improve their strategies and operations in order to catch bigger fish and earn bigger rewards. “Return on investment is the key motivator to the re-evolution or rebirth of ransomware,” Samani said.

Another positive, according to Shier, is that not every ransomware campaign or its affiliates have the necessary skills to emulate a SamSam operation, for example. “In terms of other campaigns implementing similar models and techniques, it’s grown in the past 18 months,” he said. “But there are some limitations there.”

On the downside, Shier said, cybercriminals often don’t even need that level of sophistication to achieve some level of success. “Not everyone has the technical expertise to exploit BlueKeep for an RDP attack,” he said. “But there’s enough exposed RDP [systems] out there with weak passwords that you don’t need things like BlueKeep.”

In addition, Samani said the ransomware operations that earn large payments will be in a position to improve even further. “If you’ve got enough money, then you can hire whoever you want,” Samani said. “Money gives you the ability to improve research and development and innovate and move your code forward.”

In order to make the most money, threat actors will look for the organizations that are not only most vulnerable but also the most likely to pay large ransoms. That, Samani said, could lead to even more attacks on government and healthcare targets in 2020.

Shier said most ransomware attacks on healthcare companies and municipal governments still appear to be opportunistic infections, but he wouldn’t be surprised if more sophisticated ransomware operations begin to purposefully target those organizations in order to maximize their earnings.

“[Threat actors] know there are organizations that simply can’t experience downtime,” Shier said. “They don’t care who they are impacting. They want to make money.”

Source link

The post #city | #ransomware | Ransomware attacks shaking up threat landscape — again appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | Hackers attack OnePlus again – this time stealing customer details – HOTforSecurity

Source: National Cyber Security – Produced By Gregory Evans

Hackers have once again successfully compromised the website of Chinese phone manufacturer OnePlus.

Back in January 2018 it was revealed that the credit card details of some 40,000 people using the OnePlus website had been stolen by hackers. On that occasion the attackers managed to inject a malicious script into an payment webpage that skimmed card data as it was entered by customers.

At the time OnePlus said it was conducting an indepth security audit of its systems.

The latest security incident, detailed by OnePlus in an FAQ on its website, isn’t as serious as the payment card breach – but could still lead to customers being put at risk by fraudsters and online criminals.

The cellphone manufacturer has confirmed that customers’ names, contact numbers, email addresses and shipping details have been accessed by an unauthorised party via a vulnerability on its website.

Fortunately, payment information and passwords have not been compromised.

OnePlus has not revealed just how many customers have been impacted by the data breach, but says that all affected users have been sent an email notifying them of the security incident.

Of course, even if your passwords and payment details haven’t been exposed in this latest hack – that doesn’t mean that users have nothing to worry about.

Online criminals could abuse users’ names and contact details to launch phishing attacks, spread spam, or even attempt to commit fraud over the telephone.

Of course, the challenge for affected users is that – unlike passwords – details such as your name and contact details can not be easily changed.

Customers are being advised to contact OnePlus’s support team for assistance if they have any concerns.

According to the company it has since patched the vulnerable website, and checked it for similar security flaws:

“We’ve inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program – we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December.”

No details have been shared of the nature of the website vulnerability which allowed the hackers to access customer data, but OnePlus must realise that the patience of customers is not limited – and for a second serious security breach to have occurred in a relatively short period of time will have done nothing to strengthen users’ trust in the brand.

More transparency about what has occurred and how, combined with strengthened security, would go a long way to reassure customers who must be feeling rattled by this latest incident.

OnePlus says it has informed the authorities about the data breach and is working with the police to further investigate who might be responsible for the attack.

Source link

The post #cybersecurity | #infosec | Hackers attack OnePlus again – this time stealing customer details – HOTforSecurity appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers #attempt to #hit Mecklenburg Co. #computers again

Less than 24 hours after Mecklenburg County Manager Dena Diorio refused to pay cyber hackers a $23,000 ransom, the hackers tried again.

In a memo to employees obtained by NBC Charlotte, Diorio wrote that a security check, “…is reporting that the cybercriminals are redoubling their efforts to penetrate the County’s systems, primarily through emails that contain fraudulent attachments with viruses that could further damage our systems.”

It was an email with just such an attachment that was opened earlier this week by a county employee that triggered the freeze on much of the county’s computer system.

The hackers demanded a ransom of $23,000, but on Wednesday Diorio refused to pay, saying the county’s backup systems could restore much of what had been disabled.

During a speaking engagement at Charlotte’s Kennedy Middle School, Governor Roy Cooper said the county did the right thing by not paying the ransom.

“We can’t fall prey to these scam artists and people who want to hold governments hostage,” Cooper said.

Cooper said the state was working with Mecklenburg County on restoring the system, and that adding cybersecurity has to be a top priority.

“It shows us that we need to be careful and that we need to make sure that our systems are as secure as possible at a local, state and federal level,” Cooper explained.

View full post on National Cyber Security Ventures

Hackers to #Help Make #Voting #Machines Safe Again

Source: National Cyber Security – Produced By Gregory Evans

Following the recent declaration by the U.S. National Security Agency that Russian hackers tried to infiltrate the electronic voting machines used in the last U.S. presidential election, many people are calling for a lot of things especially for the electronic voting machines to be scrapped. Although the Russians did not succeed, more questions are still left on the table.

Bipartisan bill to secure voting machines

U.S. senators looking for answers have constituted a committee and is hoping to pass a bipartisan bill called the Securing America’s Voting Equipment (SAVE) Act. The bill will enlist help from the Department of Homeland Security to organize an event like the one held at the DEFCON hackers conference in July, themed the “Voting Machine Hacking Village.”

That DEFCON event exposed vulnerabilities in the electronic voting machines used in the last U.S. election. Hackers took less than two hours to break into the 25 voting machines that were brought to the DEFCON conference, and the first machine was penetrated in minutes. The results of the findings released at an event at the Atlantic Council in October was one of the key provocations for the US senators to introduce the SAVE bill.

Interestingly, some of the significant findings after the alleged Russian breach were centered on the use of foreign materials in the production of these voting machines. Hackers at the DEFCON event pointed to the possibility of having malware embedded into the hardware and software along the entire supply and distribution chain. It was also believed that hackers could have tampered with voters’ registration on the touch screen voting machines.

Hackers enlisted to hunt for vulnerabilities in voting machines

Called the “Cooperative Hack the Election Program”, the initiative mirrors the bug bounty programs previously ran by the U.S. Department of Defense (DoD) where friendly hackers were invited to hack the Pentagon, Army and Air Force. The program is set to swing into motion one year after the bill is in play.

The stated objective of the program is “to strengthen electoral systems from outside interference by encouraging entrants to work cooperatively with election system vendors to penetrate inactive voting and voter registration systems to discover vulnerabilities of, and develop defenses for, such systems.”

Just like past U.S. DoD programs, the “Hack the Election” competition will offer incentives for hackers to find security weakness in the election system. Hackers playing by the rules will also be waived from the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).

Hackers to replicate past successes against voting machines

Looking at past results, we can expect excellent outcomes for the new program. The first of these bug bounties was the ‘Hack the Pentagon’ program where hackers found 138 vulnerabilities. This was quickly followed by the ‘Hack the Army’ program which yielded 118 vulnerabilities and ‘Hack the Air Force’ program with a bountiful harvest of 207 vulnerabilities.

While it is not clear if the hacking program is a one-off event, the bill does propose a requirement for integrity audits to be performed every four years on the voting machines starting from 2019. There is also the provision for grants to be given to help states enhance the security of their voting systems.

The post Hackers to #Help Make #Voting #Machines Safe Again appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach

Source: National Cyber Security – Produced By Gregory Evans

Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach

Hackers have once again targeted Verticalscope, a Canadian firm that manages hundreds of popular web discussion forums with over 45 million user accounts. The breach has compromised at least 2.7 million user accounts. The Toronto-based company runs a network of support forums and online community websites catering to a wide range of interests, from outdoor and automotive to sports and technology.

In June 2016, Verticalscope admitted that it had suffered a data breach that saw at least 45 million user accounts compromised and their data leaked in a blog post on Leakedsource.com.

The latest breach impacted six websites, including Toyotanation.comJeepforum.com – the company’s second-most popular website – and Watchuseek.com, security expert Brian Krebs first reported.

Security researcher and founder of Hold Security, Alex Holden, notified Krebs last week that hackers were selling access to Verticalscope.com and a number of other sites operated by the company.

Holden initially suspected that a nefarious actor was just trying to resell data stolen in the 2016 breach.

“That was before he contacted one of the hackers selling the data and was given screen shots indicating that Verticalscope.com and several other properties were in fact compromised with a backdoor known as a ‘Web shell’,” Krebs wrote. “With a Web shell installed on a site, anyone can remotely administer the site, upload and delete content at will, or dump entire databases of information — such as usernames, passwords, email addresses and Internet addresses associated with each account.”

The hackers reportedly obfuscated certain details in the screenshots that allowed him to locate at least two backdoors on Verticalscope’s website and Toyotanation.com, one of the company’s most popular forums.

Krebs reported that a simple search on one of Verticalscope’s compromised domains led to a series of Pastebin posts that have since been deleted “suggesting that the individual(s) responsible for this hack may be trying to use it to advertise a legally dicey new online service called LuiDB”.

“Similar to Leakedsource, LuiDB allows registered users to search for account details associated with any data element compromised in a breach — such as login, password, email, first/last name and Internet address,” Krebs noted. “The first search is free, but viewing results requires purchasing a subscription for between $5 and $400 in Bitcoin.”

“The intrusion granted access to each individual website files,” Verticalscope said in a statement to Krebs. “Out of an abundance of caution, we have removed the file manager, expired all passwords on the 6 websites in question, added the malicious file pattern and attack vector to our detection tools, and taken additional steps to lock down access.”

The company did not provide any details regarding when and how the attack took place or who carried out the hack. IBTimes UK has reached out to Verticalscope for further details.

The post Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Was Equifax Hacked Again?

Source: National Cyber Security – Produced By Gregory Evans

Was Equifax Hacked Again?

While Equifax continues to deal with the fallout of the massive data breach it announced in September, a security expert is raising fears that the consumer credit rating agency might have another security problem on its hands.

Independent security analyst Randy Abrams says the site redirected some visitors to download a fraudulent update for Adobe Flash that, when clicked, would infect the user’s computer with Malware. (Fortune was unable to reproduce the steps that caused the ‘update’ to appear on Thursday morning.)

Abrams, who says he encountered the spyware three times on Wednesday, posted a video warning people what to look out for.

When users attempted to contest incorrect information on their credit report, the site redirected them to an unfamiliar URL, which prompted the update.

The Flash “update” was actually a file called MediaDownloaderIron.exe, which was infected with Adware.Eorezo, an adware program that only sounds alarms on three of the leading virus scanners.

Equifax, in a statement, said they were aware of the matter and have taken the page offline.

“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” said a spokesperson. ” Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”

The September breach at Equifax exposed the personal data of nearly half the country. It has spawned class-action lawsuits and Congressional investigations, but many have criticized the company’s response, which included executive stock selloffs and a security check tool that asked for even more personal information.

Source:

The post Was Equifax Hacked Again? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The DNC Begins Cybersecurity Effort To Try To Make Sure 2016 Doesn’t Happen Again

Source: National Cyber Security – Produced By Gregory Evans

Phishing drills, top Silicon Valley hires, constant cybersecurity education, emails in the cloud, Tom Perez on Signal, and end-to-end encryption apps like Wickr, which the rest of the Democratic party committees have already adopted. The DNC’s new CTO, now concluding an internal security review, wants a “culture change inside the…

The post The DNC Begins Cybersecurity Effort To Try To Make Sure 2016 Doesn’t Happen Again appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why Russia Will Hack Again

Source: National Cyber Security – Produced By Gregory Evans

The Trump presidency has been an endless, overwhelming swirl of scandal. Whether it’s using the presidency to promote his businesses, firing former FBI Director James Comey, providing support and comfort to neo-Nazis in Charlottesville, Virginia or pardoning a sheriff held in contempt of court, President Donald Trump has invited fresh…

The post Why Russia Will Hack Again appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Florida deputy pleads guilty again in identity theft case

Source: National Cyber Security – Produced By Gregory Evans

WEST PALM BEACH, Fla. (AP) – A Florida sheriff’s deputy has pleaded guilty once again to identity theft after withdrawing a previous guilty plea. A U.S. Attorney’s Office news release says 42-year-old Frantz Felisma pleaded guilty Thursday to aggravated identity theft and access device fraud, the same charges he previously…

The post Florida deputy pleads guilty again in identity theft case appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How to Make Your Ex Boyfriend Miss You – Make Him Crave to Be With You Again

They say that all’s fair in love and war but they likely never were dumped by the man they adore. Being in a relationship and then suddenly losing that person is devastating. You feel alone, confused and scared. Often, it’s hard to see the break up coming until it smacks you in the face. Then you’re faced with the excruciating choice of moving forward and trying to rebuild your life without the man you love or figuring out a way to get him back. Read More….

The post How to Make Your Ex Boyfriend Miss You – Make Him Crave to Be With You Again appeared first on Dating Scams 101.

View full post on Dating Scams 101