North

now browsing by tag

 
 

#sextrafficking | North Texas Group Looks To Combat Increase In Sex Trafficking During Pandemic – CBS Dallas / Fort Worth | #tinder | #pof | #match | romancescams | #scams

_________________________ (CBSDFW.COM) – The pandemic has brought so many industries to an abrupt halt, but one that hasn’t slowed is sex trafficking. One local nonprofit working to combat it says […] View full post on National Cyber Security

Phone call scammers now preying on COVID-19 fears – North Delta Reporter | #coronavirus | #scams | #covid19

A new phone scam is taking advantage of fears surrounding the COVID-19 pandemic. The caller tells the victim they’ve been in contact with someone who has tested positive for the […] View full post on National Cyber Security

Long-term psychological impact of COVID-19 a concern for kids and parents, experts say – North Delta Reporter | #covid19 | #kids | #childern | #parenting | #parenting | #kids

At a time when overdose deaths reach a record high in the province, the third and final part of this series explores how adverse childhood experiences can lead to substance […] View full post on National Cyber Security

2 Chinese Charged with Laundering $100 Million for North Korean Hackers

Source: National Cyber Security – Produced By Gregory Evans

North Korea Hacking Cryptocurrency

Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards.

According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated by Lazarus Group, a cybercrime group with ties with the North Korean government.

The two individuals in question — Tian Yinyin (田寅寅, and Li Jiadong (李家东) — were both charged with operating an unlicensed money transmitting business and money laundering conspiracy.

Prosecutors said the defendants worked on behalf of the threat actors based in North Korea to allegedly launder over a $100 million worth of stolen cryptocurrency to obscure transactions, adding the hacking of cryptocurrency exchanges posed a severe threat to the security of the global financial system.

It’s worth noting that Lazarus Group was one among the three hacking outfits to be sanctioned by the US government last September for conducting a variety of financially-motivated operations ranging from cyber-espionage to data theft, so as to fund the country’s illicit weapon and missile programs.

Per the US Treasury, the Lazarus Group stole the funds in 2018 after an employee of a cryptocurrency exchange unwittingly downloaded malware through an email, which gave the threat actor access to private keys, virtual currency, and other customer information.

“Lazarus Group cyber actors used the private keys to steal virtual currencies (250 million dollar equivalent at date of theft) from this exchange, accounting for nearly half of the DPRK’s estimated virtual currency heists that year.” the Treasury said.

While the name of the exchange remains unknown, a report by Kaspersky back in August 2018 detailed a campaign that involved dropping malware in the corporate networks of a number of crypto-exchanges by sending spear-phishing emails.

Stating that North Korea trains hackers to “target and launder stolen funds from financial institutions,” the Treasury added that both Tian and Li received $91 million from North Korea-controlled accounts that can be traced by the 2018 cryptocurrency exchange hack and an additional $9.5 million from a hack of a second exchange.

Prosecutors said the two individuals helped convert more than $34 million of the illicit funds they received back into Chinese yuan by moving them to a bank account linked to the exchange account, in addition to converting $1.4 million worth of cryptocurrency into Apple gift cards.

Created in 2007, the Lazarus Group has gone after a number of targets, including militaries, governments, financial institutions, media companies, and utility sectors, to perpetrate monetary heists and destructive malware attacks, making it the most-profitable cryptocurrency-hacker syndicate in the world.

A United Nations report last August estimated North Korea to have generated an estimated $2 billion for its weapons programs through “widespread and increasingly sophisticated cyberattacks” targeting banks and cryptocurrency exchanges.

The Original Source Of This Story: Source link

The post 2 Chinese Charged with Laundering $100 Million for North Korean Hackers appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | North Korean Hackers Use New TrickBot Module

Source: National Cyber Security – Produced By Gregory Evans

North Korea’s infamous Lazarus Group has been using a new stealth module developed by the group behind TrickBot for covert data theft, according to new research.

The Anchor module is a framework of tools designed “for targeted data extraction from secure environments and long-term persistency,” according to SentinelOne.

It includes memory scrapers, POS malware, backdoor installers and submodules enabling lateral movement, among other capabilities.

“The Anchor project combines a collection of tools — from the initial installation tool to the cleanup meant to scrub the existence of malware on the victim machine. In other words, Anchor presents as an all-in-one attack framework designed to compromise enterprise environments using both custom and existing toolage,” the firm’s SentinelLabs team wrote.

“Logically, this tool will be a very tempting acquisition for high-profile, possibly nation-state groups. However, the Anchor is also be used for large cyber heists and point-of-sale card theft operations leveraging its custom card scraping malware. Among the nation-state groups, only a few are interested in both data collection and financial gain, and one of them is Lazarus.”

Linking the two groups is the PowerRatankba PowerShell backdoor, previously associated with Lazarus but which is actually part of Anchor.

Lazarus isn’t the only customer of TrickBot’s Anchor module; it’s also being used in a “wave of targeted campaigns against financial, manufacturing and retail businesses” designed to steal card data from POS and other systems, according to Cybereason.

Those researchers pointed to a new Anchor_DNS variant which uses DNS tunneling to communicate covertly with C2 servers.

TrickBot is one of the most successful botnets ever built, used in a range of attacks, from banking trojans to ransomware and data theft. Threat intelligence firm Blueliv revealed last week that it detected a 283% increase in detections of the botnet across Q2-Q3 this year.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | North Korean Hackers Use New TrickBot Module appeared first on National Cyber Security.

View full post on National Cyber Security

Fishtech Group Preps North Arkansas Cyber Defense Center

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity services provider Fishtech Group, which has a Top 200 MSSP arm, has announced plans to open a 10,000-square-foot Cyber Defense Center (CDC) in Rogers, Arkansas.

Fishtech’s Arkansas CDC will complement the company’s CDC in Martin City, Missouri. It will initially house 20 employees and expand to host up to 100 onsite staff, the company stated.

Also, the new CDC will be run by Fishtech CISO Kerry Kilker, a former Walmart executive who joined the company earlier this year. It is expected to open in the second quarter of next year.

Fishtech’s Arkansas CDC will bring cybersecurity training, technology and resources to Northwest Arkansas, the company said. In doing so, the CDC will help organizations bridge the cybersecurity resource and talent gap.

Approximately 58 percent of enterprises have unfilled cybersecurity positions, according to the 2019 “State of Cybersecurity” survey from information security organization ISACA. Furthermore, 62 percent of survey respondents said they have to wait three to six months to fill open cybersecurity positions.

Fishtech Joins the OneLogin Accelerate Partner Program

In addition to announcing plans to open a new CDC, Fishtech in April joined the OneLogin Accelerate identity and access management (IAM) partner program. Fishtech has incorporated the OneLogin unified access management (UAM) platform into its offerings and added IAM solutions to its portfolio.

Fishtech provides data-driven cybersecurity solutions designed to help organizations identify security gaps and comply with industry mandates, the company indicated. It also partners with other cybersecurity companies to deliver on-premises and cloud security solutions.

Source

The post Fishtech Group Preps North Arkansas Cyber Defense Center appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | North Korean Malware Found at Indian Nuke Plant

Source: National Cyber Security – Produced By Gregory Evans

A malware infection at one of India’s nuclear power plants has been confirmed by its owner, with researchers speculating that it is North Korean in origin.

News began circulating on social media earlier this week that the Kudankulam Nuclear Power Plant (KNPP) may have been hit by an attack. A third party contacted cyber-intelligence analyst Pukhraj Singh who in turn notified the country’s National Cyber Security Coordinator on September 3, he said.

He added that the malware in question was later identified by Kaspersky as Dtrack.

Although initially KNPP officials said an attack on the plant was “not possible,” they changed their tune in a letter dated Wednesday.

The government-owned Nuclear Power Corporation of India (NPCIL) released a statement saying the original reports had been correct, and handled by CERT-In when the organization was notified on September 4.

“The investigation revealed that the infected PC belonged to a user who was connected in the internet connected network used for administrative purposes,” it clarified. “This was isolated from the critical internal network. The networks are being continuously monitored. Investigation also confirms that the plant systems are not affected.”

Dtrack was first revealed in late September by Kaspersky as linked to the infamous Lazarus Group. It discovered over 180 samples of the malware, which is said to take advantage of weak network security, password management and a lack of traffic monitoring to deploy information stealing and remote access capabilities to victim systems.

It’s unclear what the attacker’s goals were in this raid — whether it was an accidental infection, a deliberately targeted multi-stage IP-stealing mission, or something more sinister still.

However, at the time of discovery, Singh tweeted about a causus belli (act of war) in Indian cyberspace. He later clarified this was a reference to a second, as-yet-unnamed, target.

“Actually, the other target scared the sh*t out of me. Scarier than KKNPP in some ways,” he said.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | North Korean Malware Found at Indian Nuke Plant appeared first on National Cyber Security.

View full post on National Cyber Security

North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors

North Korean hackers are using Android apps with malware to target the country’s defectors, according to researchers from security software firm McAfee.

The Android apps, which were detected as Google Play Store malware, go beyond the usual unwanted advertisements and attempted scams. The apps track and blackmail the targets for escaping North Korea.

North Korea Launches Targeted Malware Attacks
A North Korea hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee.

The team behind the attacks was Sun Team, instead of the more infamous Lazarus, which was previously linked to the WannaCry ransomware from a year ago. This was not Sun Team’s first attempt at this kind of attack though. In January, McAfee spotted the same attempt, but it required the targets go out of their way and download the apps with malware outside of the Google Play Store.

The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store. Compared to the first attempt, the new method of attack may have been more convincing, as the apps were downloaded from the official app store for Android devices.

Google Play Store Malware Harasses North Korea Defectors
The three apps were uploaded to the Google Play Store between January and March. The first app was Food Ingredients Info, which offered information on food, true to its name. The second and third apps were FastAppLock and Fast AppLock Free, which functioned as security tools.

The apps, however, were laced with malware. Once installed, the malware used Dropbox and Yandex to upload data and issue commands. The hackers were able to steal their targets’ personal data, which could then be used to track, threaten, and blackmail them.

It is unclear, however, how effective the apps were. They have now been removed from the Google Play Store after McAfee contacted Google, but only after recording about 100 downloads. McAfee said that it was able to identify the malware early on, and that there have been no public reports of being infected with them.

Being careful in downloading apps does not only apply to North Korean defectors though. Targeted malware attacks may come in any form, so users will need to be very cautious with the apps that they install, even if they come from the Google Play Store.

advertisement:

The post North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Olympic #Games #hackers tried to frame #Russia, #North Korea

Source: National Cyber Security News

When Olympic Destroyer hit the 2018 Winter Games in South Korea, a quick list of suspects behind the attack surfaced.

Reports attributed the destructive attack to Russia and North Korea. In the malware, which was designed to wreak havoc on the Olympics IT system, there were lines of code that only North Korean hackers had used in the past.

But new research from Kaspersky Lab shows these codes were purposely left in there to throw researchers off their trail.

“Attackers are becoming smarter and they know that creating the ultimate false flag is the ultimate defense,” Vitaly Kamluk, director of Kaspersky’s global research and analysis team, said Thursday at the cybersecurity company’s conference in Cancun, Mexico.

Finding out who’s behind cyberattacks is essential for taking countermeasures, but it can be difficult for researchers to pinpoint the exact perpetrators. Just because WannaCry, a global ransomware attack from 2017, used the NSA’s hacking tools, doesn’t mean the US government was behind it, for example. It took about eight months before the White House was able to announce that Russia was behind “NotPetya,” calling it the “most destructive cyberattack in history.”

Researchers are still working to find out who was really behind the Olympic Destroyer attack, Kamluk said, but he noted that code from North Korea’s hacking unit Lazarus Group had been forged.

Read More….

advertisement:

View full post on National Cyber Security Ventures

North America CACS

Source: National Cyber Security News

General Cybersecurity Conference

 April 30 – May 2, 2018 | Chicago, Illinois, United States

Cybersecurity Conference Description

North America CACS attracts the best and brightest with its content-rich and thought-provoking sessions that delve into some of the biggest challenges facing IT audit and security professionals.

Read More….

advertisement:

View full post on National Cyber Security Ventures