North

now browsing by tag

 
 

North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors

North Korean hackers are using Android apps with malware to target the country’s defectors, according to researchers from security software firm McAfee.

The Android apps, which were detected as Google Play Store malware, go beyond the usual unwanted advertisements and attempted scams. The apps track and blackmail the targets for escaping North Korea.

North Korea Launches Targeted Malware Attacks
A North Korea hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee.

The team behind the attacks was Sun Team, instead of the more infamous Lazarus, which was previously linked to the WannaCry ransomware from a year ago. This was not Sun Team’s first attempt at this kind of attack though. In January, McAfee spotted the same attempt, but it required the targets go out of their way and download the apps with malware outside of the Google Play Store.

The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store. Compared to the first attempt, the new method of attack may have been more convincing, as the apps were downloaded from the official app store for Android devices.

Google Play Store Malware Harasses North Korea Defectors
The three apps were uploaded to the Google Play Store between January and March. The first app was Food Ingredients Info, which offered information on food, true to its name. The second and third apps were FastAppLock and Fast AppLock Free, which functioned as security tools.

The apps, however, were laced with malware. Once installed, the malware used Dropbox and Yandex to upload data and issue commands. The hackers were able to steal their targets’ personal data, which could then be used to track, threaten, and blackmail them.

It is unclear, however, how effective the apps were. They have now been removed from the Google Play Store after McAfee contacted Google, but only after recording about 100 downloads. McAfee said that it was able to identify the malware early on, and that there have been no public reports of being infected with them.

Being careful in downloading apps does not only apply to North Korean defectors though. Targeted malware attacks may come in any form, so users will need to be very cautious with the apps that they install, even if they come from the Google Play Store.

advertisement:

The post North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Olympic #Games #hackers tried to frame #Russia, #North Korea

Source: National Cyber Security News

When Olympic Destroyer hit the 2018 Winter Games in South Korea, a quick list of suspects behind the attack surfaced.

Reports attributed the destructive attack to Russia and North Korea. In the malware, which was designed to wreak havoc on the Olympics IT system, there were lines of code that only North Korean hackers had used in the past.

But new research from Kaspersky Lab shows these codes were purposely left in there to throw researchers off their trail.

“Attackers are becoming smarter and they know that creating the ultimate false flag is the ultimate defense,” Vitaly Kamluk, director of Kaspersky’s global research and analysis team, said Thursday at the cybersecurity company’s conference in Cancun, Mexico.

Finding out who’s behind cyberattacks is essential for taking countermeasures, but it can be difficult for researchers to pinpoint the exact perpetrators. Just because WannaCry, a global ransomware attack from 2017, used the NSA’s hacking tools, doesn’t mean the US government was behind it, for example. It took about eight months before the White House was able to announce that Russia was behind “NotPetya,” calling it the “most destructive cyberattack in history.”

Researchers are still working to find out who was really behind the Olympic Destroyer attack, Kamluk said, but he noted that code from North Korea’s hacking unit Lazarus Group had been forged.

Read More….

advertisement:

View full post on National Cyber Security Ventures

North America CACS

Source: National Cyber Security News

General Cybersecurity Conference

 April 30 – May 2, 2018 | Chicago, Illinois, United States

Cybersecurity Conference Description

North America CACS attracts the best and brightest with its content-rich and thought-provoking sessions that delve into some of the biggest challenges facing IT audit and security professionals.

Read More….

advertisement:

View full post on National Cyber Security Ventures

North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency

Source: National Cyber Security – Produced By Gregory Evans

North Korea has been accused of hacking server networks to install mining scripts for the Monero cryptocurrency. A new Monero mining hacker group has been seizing control of servers over the past year. It’s now been linked back to North Korea.

Bloomberg reports the hacking team called Andariel came to the attention of authorities after it successfully hijacked a South Korean company’s servers last summer. The group then used the extra computing power to mine Monero coins, a cryptocurrency that’s rapidly growing and is especially popular in Asian countries.

Monero is privacy-oriented and easier to conceal than more mainstream alternatives such as Bitcoin and Ethereum. These qualities make it attractive to hacking groups looking to either steal or surreptitiously mine large quantities of cryptocash. Andariel obtained control of the target server without its real owners noticing.

It’s unknown whether Andariel has compromised other organisations. However, South Korean hacking analysis expert Kwak Kyoung-ju told Bloomberg that the unit is sophisticated and looking to broaden its targets. Kyoung-ju said Andariel is “going after anything that generates cash these days,” searching for cryptocurrencies or information which could be used to create money.

Andariel has now been tracked back to North Korea as the country finds itself accused of growing numbers of cyberattacks. After being hit with stricter sanctions and trade bans from the United Nations, the country is looking to alternative forms of income as the pressure on its economy increases. Hijacking foreign servers to mine lucrative digital cash could be one way to survive under the tougher sanctions.

In the past year, North Korea has been blamed by U.S. investigators for the WannaCry ransomware attack. The campaign affected thousands of Windows computers around the world last year and forced several major organisations to suspend their operations. Hackers exploited a vulnerability in unpatched versions of Windows to install the ransomware, forcing PC users to pay in Bitcoin before unlocking the machine.

As Computing notes, North Korea has also been implicated in a string of attempted attacks against the SWIFT international payments network used by major banks. The country is thought to have been involved in an attempt to steal over $950 million from Bangladesh’s central bank back in 2016. The operation was only aborted because the attackers got one word wrong.

The post North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

HACKERS #HIT NORTH #CAROLINA COUNTY #GOVERNMENT AND #DEMAND TWO #BITCOIN #RANSOM

Source: National Cyber Security – Produced By Gregory Evans

he county government of Mecklenburg, North Carolina, has been hacked, leaving their server files being held for a ransom of 2 bitcoins.


One of the growing problems for businesses and governments today is having their electronic files hacked and held for ransom. Last month, computer hackers targeted the Sacramento Regional Transit system, resulting in 30 million files being deleted. The ransom price demanded by the hackers for that attack was a single bitcoin. Now that ransom price is being doubled as hackers have hit the Mecklenburg, North Carolina county government and are demanding 2 bitcoins.

DON’T OPEN THAT ATTACHMENT!

County Manager Dena Diorio said that the hackers got into the county’s system when an employee clicked on an email attachment they shouldn’t have. (It’s amazing in this day and age that people still click on strange email attachments.) Once the click took place, spyware and a worm were unleashed into the system, freezing all of the electronic files.

Diorio told county commissioners in a meeting that the files were being held for ransom as the hackers were demanding 2 bitcoins, which is now worth almost $25,000 (at the time of this article’s writing). The deadline for paying the ransom is 1pm EST today.

Dena Diorio told reporters that the county was considering paying the ransom, but she did express some concerns over doing so, stating:

There’s a risk you don’t get the decryption key and don’t get your files back. There’s also the chance if they think you’ll pay, they may try to get you to come back again.

IS IT CHEAPER TO PAY THE RANSOM?

Local governments and businesses do find themselves in a quandary when targeted by hackers. Is it actually cheaper to pay the hackers off to once again have access to critical files? A third-party group could restore said files, but using them could cost more than what the hackers were demanding. Of course, as Diorio mentioned above, paying off a hacker could embolden them to attack you again.

This difficult decision is summed up by Diorio when she said:

We need to determine how much it would cost (to pay) versus fixing it on our own. There are a lot of places that pay because it’s cheaper.

The short deadline is obviously putting pressure on the country commissioners to capitulate to the hackers. As of now, the county is switching to paper records for their employees today.

As for the hacking attack, County Manager Dena Diorio summed it up by saying:

I don’t think we were targeted. I don’t think we were at fault. There have been many, many institutions that have been breached. I think we do everything we can to keep our firewall secure.

The post HACKERS #HIT NORTH #CAROLINA COUNTY #GOVERNMENT AND #DEMAND TWO #BITCOIN #RANSOM appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North Korea #accused of #stealing #warship #blueprints in #hack

Source: National Cyber Security – Produced By Gregory Evans

North Korea #accused of #stealing #warship #blueprints in #hack

North Korea’s cyber army appears to be going after real weapons.

Hackers tied to Kim Jong Un’s regime stole blueprints and other information about warships and submarines last year when they broke into one of the world’s biggest shipbuilders, according to South Korean lawmaker Kyeong Dae-soo.

Blueprints, shipbuilding technology, weapons systems and test data related to submarines and destroyers were among roughly 60 classified military documents taken from Daewoo Shipbuilding last year, according to Kyeong’s office. It said it was summarizing information it had received from the South Korean Defense Ministry and several military agencies.

The hackers are believed to have accessed some 40,000 documents in all.

Kyeong, a member of the opposition party, learned of the Daewoo hack at an intelligence briefing last week, according to a spokesman for the lawmaker. The South Korean Defense Ministry declined to comment on the matter, but said it is working to strengthen military security.

Daewoo has built several South Korean warships and submarines, all part of the country’s defenses against North Korea.

A Daewoo spokeswoman declined to comment, beyond saying that the company is looking into the matter.

The Daewoo hack is the latest case to come to light suggesting North Korea is using its hacking abilities to try to gain an edge in the tense standoff with the U.S. and its allies over Pyongyang’s nuclear weapons program.

Earlier this month, another South Korean lawmaker revealed that North Korean hackers allegedly stole classified military documents from a Defense Ministry database. Among the documents stolen were a South Korea-U.S. wartime operation plan and a document that included procedures to “decapitate” North Korean leadership.

North Korean hackers have also been tied to other high profile cyberattacks, including the massive ransomware attack WannaCry earlier this year, a series of attacks on global banks that came to light last year and the hacking of Sony Pictures in 2014.

The North Korean government has repeatedly denied involvement in international cyberattacks.

Cybersecurity experts say the latest alleged heist shows the risks for government contractors.

“State versus state espionage has moved into the digital realm,” said Bryce Boland, Asia Pacific chief technology officer with cybersecurity firm FireEye.

Companies “involved in state activities like defense are considered fair game by cyber spies,” he said.

 

The post North Korea #accused of #stealing #warship #blueprints in #hack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

State of Small Business Cybersecurity in North America

Source: National Cyber Security – Produced By Gregory Evans

State of Small Business Cybersecurity in North America

Small business owners know they are at risk for cyberattacks, but they are somewhat at a loss as to what to do. That’s one of the findings of a new report from the Better Business Bureau, The State of Small Business Cybersecurity in North America, released today as part of National Cybersecurity Awareness Month. One of the more troubling findings is that half of small businesses reported they could remain profitable for only one month if they lost essential data.

“Profitability is the ultimate test of risk,” said Bill Fanelli, CISSP, chief security officer for the Council of Better Business Bureaus and one of the authors of the report. “It’s alarming to think that half of small businesses could be at that much risk just a short time after a cybersecurity incident.”

“Small business owners get it,” Fanelli continued. “When we asked them about the most common cybersecurity threats – ransomware, phishing, malware – they know what’s out there, and most of them have basic protections in place. For instance, 81% use antivirus software and 76% have firewalls. But one of the most cost-effective prevention tools, employee education, is used by fewer than half of the companies we surveyed. Other prevention measures scored even lower.”

BBB surveyed approximately 1,100 businesses in North America (71.4% of the sample came from the United States, 28.5% from Canada and 0.1% from Mexico). Two-thirds of the participants were BBB Accredited Businesses, and they apparently fared marginally better in most measures, such as awareness of specific threats and adoption of cybersecurity measures. The data was collected in an online survey with a margin of error of approximately +/- 3% for a 95% confidence interval.

The report focuses on cybersecurity effectiveness from three perspectives: a) cybersecurity standards/frameworks; b) best practices; and c) cost-benefit analysis. One of the key findings is that the NIST Cybersecurity Framework, technically a voluntary standard from the National Institute for Standards and Technology, is becoming mandatory in some markets. Not only are many companies requiring it of their vendors for procurement, but many businesses are adopting it because it helps them run a better business. The NIST framework is the basis for BBB’s training program, “5 Steps to Better Business Cybersecurity”

The State of Small Business Cybersecurity emphasizes the need not only for education and training, but for cost-benefit analysis of cybersecurity measures. The report suggests a formula created by two professors at the University of Maryland, Martin P. Loeb, PhD and Lawrence A. Gordon, PhD, to help small business owners estimate their risk from cybersecurity attacks and calculate an appropriate investment in prevention.

“It doesn’t do any good for a small business to adopt a $10,000 solution if the potential risk reduction is only worth $5,000,” said Fanelli. “We hope this report will give small business owners greater awareness of the real and the perceived risks of cyberattacks, as well as best practices for protecting against these types of security threats. We hope it serves as a step forward in advancing cybersecurity in the marketplace.”

Source:

The post State of Small Business Cybersecurity in North America appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North Korea may be mining bitcoin in addition to hacking it

Source: National Cyber Security – Produced By Gregory Evans

Last month, North Korea was banned from exporting coal to China, its biggest buyer. The rogue regime may have found a new use for these idle coal supplies: powering bitcoin mines. That’s according to research by Recorded Future, an information security firm that counts the Central Intelligence Agency’s venture capital arm among its…

The post North Korea may be mining bitcoin in addition to hacking it appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North Korea Tries to Make Hacking a Profit Center

Source: National Cyber Security – Produced By Gregory Evans

SEOUL, South Korea — North Korea’s state-sponsored hackers are increasingly going after money rather than secrets, according to a report published on Thursday by a South Korean government-backed institute. Cybersecurity experts have noticed a shift in the hacking attacks they suspected were mounted by North Korea. Formerly, most such attacks…

The post North Korea Tries to Make Hacking a Profit Center appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

United States remains vulnerable to North Korean cyber-attack, analysts say

Source: National Cyber Security – Produced By Gregory Evans

United States remains vulnerable to North Korean cyber-attack, analysts say

As North Korea blusters about launching missile strikes against the United States and its allies, experts are warning that aggressive action from North Korea is more likely to come from …

The post United States remains vulnerable to North Korean cyber-attack, analysts say appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures