Stealing

now browsing by tag

 
 

Former NY Hospital Employee Admits to Stealing …

Source: National Cyber Security – Produced By Gregory Evans

Richard Liriano pleads guilty to compromising hospital computers and co-workers’ email accounts, as well as stealing personal files and photos.

The former IT employee of a New York City-area hospital has pled guilty to stealing colleagues’ credentials and logging into various accounts to steal private and confidential files, the Department of Justice reports. He used this access to view photos, videos, and other data.

Between 2013 and 2018, the allegations state, Richard Liriano abused his administrative access to log into employee accounts and copy his colleagues’ personal documents, including tax records and personal photographs, onto his own machine. To do this, he installed malicious programs, including a keylogger, onto victims’ machines so he could capture their credentials.

Over the course of this time frame, Liriano stole the usernames and passwords of about 70 or more email accounts belonging to hospital employees or people associated with them. He then obtained unauthorized access to password-protected email, social media, photography, and other online accounts where the victims were registered.

“Liriano’s disturbing crimes not only invaded the privacy of his coworkers; he also intruded into computers housing vital healthcare and patient information, costing his former employer hundreds of thousands of dollars to remediate,” US Attorney Geoffrey Berman said in a statement. Liriano’s intrusions into the hospital networks caused more than $350,000 in losses.

Read more details here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

Click here for the Source link

The post Former NY Hospital Employee Admits to Stealing … appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers Behind GozNym Malware Sentenced for Stealing $100 Million

Source: National Cyber Security – Produced By Gregory Evans

GozNym Banking Malware

Three members of an international organized cybercrime group that was behind a multi-million dollar theft primarily against U.S. businesses and financial institutions have been sentenced to prison, the U.S. Justice Department announced.

The criminals used the GozNym banking Trojan to break into more than 4,000 victim computers globally, primarily in the United States and Europe, between 2015 and 2016, and fraudulently steal nearly $100 million from their banking accounts.

In May this year, Europol dismantled the cybercrime network behind GozNym, with the United States issuing charges against a total of ten members of the group, 5 of which were arrested at that time, while five others, including the developer of GozNym, remain at the run.

In a federal court in Pittsburgh on Friday, Krasimir Nikolov, one of the group’s members, was sentenced to a period of time served after having served over 39 months in prison for his role as an “account takeover specialist” in the scheme, and will now be transferred to Bulgaria.

Nikolov, 47, was arrested in September 2016 by Bulgarian authorities and extradited to Pittsburgh in December 2016 to face federal charges of criminal conspiracy, computer fraud, and bank fraud.

“Nikolov used the victims’ stolen online banking credentials captured by GozNym malware to access victims’ online bank accounts and attempt to steal victims’ money through electronic transfers into bank accounts controlled by fellow conspirators,” the DoJ said in a press release.

Two other GozNym group members sentenced on Friday—Alexander Konovolov and Marat Kazandjian—also participated in the scheme and sentenced to seven and five years of imprisonment, respectively. Both were arrested and prosecuted in Georgia.

While Konovolov served as a primary organizer and leader of the GozNym network that controlled over 41,000 infected computers and recruited cybercriminals using underground online criminal forums, Kazandjian was his primary assistant and technical administrator.

GozNym is a notorious banking Trojan that was developed by combining two known powerful Trojans, Gozi ISFB malware—a banking Trojan that first appeared in 2012, and Nymaim—a Trojan downloader that can also function as ransomware.

Web Application Firewall

The malware, primarily delivered via massive malspam campaigns to hack on victims’ Windows PCs, waits for victims to enter their banking passwords into their web browser, captures them, and then used them to break into victims’ bank accounts and fraudulently transfer funds to their own accounts.

GozNym malware network was hosted and operated through “Avalanche” bulletproof service, whose administrator was arrested in Ukraine during a search in November 2016.

“This new paradigm involves unprecedented levels of cooperation with willing and trusted law enforcement partners around the world who share our goals of searching, arresting, and prosecuting cyber criminals no matter where they might be,” said U.S. Attorney Scott W. Brady.

The victims of this cybercrime network were primarily U.S. businesses and their financial institutions, including a number of victims located in the Western District of Pennsylvania, though the DoJ did not name any.

The Original Source Of This Story: Source link

The post Hackers Behind GozNym Malware Sentenced for Stealing $100 Million appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | Hackers attack OnePlus again – this time stealing customer details – HOTforSecurity

Source: National Cyber Security – Produced By Gregory Evans

Hackers have once again successfully compromised the website of Chinese phone manufacturer OnePlus.

Back in January 2018 it was revealed that the credit card details of some 40,000 people using the OnePlus website had been stolen by hackers. On that occasion the attackers managed to inject a malicious script into an payment webpage that skimmed card data as it was entered by customers.

At the time OnePlus said it was conducting an indepth security audit of its systems.

The latest security incident, detailed by OnePlus in an FAQ on its website, isn’t as serious as the payment card breach – but could still lead to customers being put at risk by fraudsters and online criminals.

The cellphone manufacturer has confirmed that customers’ names, contact numbers, email addresses and shipping details have been accessed by an unauthorised party via a vulnerability on its website.

Fortunately, payment information and passwords have not been compromised.

OnePlus has not revealed just how many customers have been impacted by the data breach, but says that all affected users have been sent an email notifying them of the security incident.

Of course, even if your passwords and payment details haven’t been exposed in this latest hack – that doesn’t mean that users have nothing to worry about.

Online criminals could abuse users’ names and contact details to launch phishing attacks, spread spam, or even attempt to commit fraud over the telephone.

Of course, the challenge for affected users is that – unlike passwords – details such as your name and contact details can not be easily changed.

Customers are being advised to contact OnePlus’s support team for assistance if they have any concerns.

According to the company it has since patched the vulnerable website, and checked it for similar security flaws:

“We’ve inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program – we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December.”

No details have been shared of the nature of the website vulnerability which allowed the hackers to access customer data, but OnePlus must realise that the patience of customers is not limited – and for a second serious security breach to have occurred in a relatively short period of time will have done nothing to strengthen users’ trust in the brand.

More transparency about what has occurred and how, combined with strengthened security, would go a long way to reassure customers who must be feeling rattled by this latest incident.

OnePlus says it has informed the authorities about the data breach and is working with the police to further investigate who might be responsible for the attack.

Source link

The post #cybersecurity | #infosec | Hackers attack OnePlus again – this time stealing customer details – HOTforSecurity appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Hackers are stealing loyalty rewards. Are your air miles or hotel points at risk?

Source: National Cyber Security – Produced By Gregory Evans

American consumers love loyalty programs. It’s estimated that the 3.3 billion loyalty program members in the U.S. currently store about $48 billion worth of points and miles in their accounts, according to Chargebacks911. These programs have grown so large in recent years that they’ve become an inviting target for hackers.

“It’s a huge problem and getting bigger,” said Brett Johnson, a former cyber-thief who turned his life around and became a digital security consultant after spending six years in prison. “Rewards points are a goldmine for crooks. They’re easy to access, very easy to use or transfer, and victims rarely check their accounts, so criminals flock to this type of crime without fear of consequences.”

While we call them miles or points, loyalty rewards are really a form of digital currency that can be used just like cash. Because they’re so liquid, the hackers don’t have to book flights or hotel stays with them. They can buy gift cards or merchandise to resell online, or they can simply sell the stolen rewards to other criminals.

Electronic gift cards are the favorite way to turn loyalty rewards into cash, said Peter R. Maeder, secretary and cofounder of the Loyalty Security Association.

“The opportunities for criminals in the loyalty area are tremendous,” Maeder told NBC News BETTER from his home-base of Switzerland. “Crooks talk to one another and the word is out that they can make easy money very quickly this way, and there’s not a lot of danger of being caught.”

Scammers always look for soft targets, and loyalty accounts are relatively easy to attack.

“They are incredibly insecure,” said John Breyault at Fraud.org (a public service of the National Consumers League). “Typically, they usually don’t have two-factor authentication; they’re only protected by an e-mail address and password. That’s just like leaving your front door unlocked to cyberthieves, who can get in easily and make money off of your miles or points.”

While travel rewards are a prime target for hackers, any loyalty program where the rewards are accessed digitally is at risk. Loyalty programs at McDonald’s, Domino’s and Buffalo Wild Wings have all been hacked, the New York Times reported.

How much are stolen rewards worth?

There’s a vibrant market for stolen miles and points and loyalty reward program login credentials on the ‘dark web’, the online black market where criminals shop.

“They can just go shopping for what they want,” said Kevin Lee, digital trust and safety architect at Sift, a digital security company. The dark web, Lee says, is “essentially like an Amazon marketplace where you can find rewards for hotel chains and airlines.”

Get the better newsletter.

NBC News BETTER asked Lee to check the dark web so he could give us an idea of what these rewards are selling for right now. Turns out, they’re a steal (pun intended). He found:

  • 900,000 Marriott points (value $1,125) selling for only $270.
  • 44,000 Hilton points (worth $450) selling for just $20.
  • 2,000 Jet Blue miles ($75 to buy from the airline) selling for $2.50.

“They’re cheap and you aggregate lots of these different accounts together and then funnel them into one account and buy a plane ticket or redeem them for other rewards,” Lee said.

Source link
——————————————————————————————————

The post #deepweb | <p> Hackers are stealing loyalty rewards. Are your air miles or hotel points at risk? <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Fake Tor Browser Found Stealing Bitcoin From Darknet Market Users

Source: National Cyber Security – Produced By Gregory Evans

/latest/2019/10/fake-tor-browser-found-stealing-bitcoin-from-darknet-market-users/

A fake version of the popular Tor Browser, used to access the deep web, has been found to be stealing the bitcoin of users looking to shop on darknet markets.

According to researchers, the malicious version of the browser has been promoted as its Russian version on posts published on Pastebin, optimized to rank on search engines for queries related to cryptocurrencies, drugs, censorship, and politicians.

The malicious browser is distributed through two domains, created in 2014, to Russian users as it if were an official version. The website’s pages mimic those of the Tor project’s official website, but add a warning to the user telling them their privacy is at risk because their browser is supposedly outdated.

A translated version of the message reads:

Your anonymity is in danger! WARNING: Your Tor Browser is outdated. Click the button “Update”


On the Pastebin and forum posts, the cybercriminals advertise various features the Tor browser doesn’t actually have, such as an anti-captcha system that allows them to bypass checks. In reality, users download a compromised version of the official Tor browser’s 7.5 version, released in January of last year.

Cybersecurity researchers at ESET further discovered the altered Tor version stops the browser from asking users for an update, as this would update them to a non-compromised version of the official Tor browser.

To get to users’ bitcoins, the browser includes a script that detects when users are about to fund their BTC wallets on darknet markets, and replaces thee destination wallets with their own.

The criminals’ three identified bitcoin wallets made a total of 863 transactions, and currently have 4.8 BTC (around $38,000) in them. The wallets have been active since 2017. Back in July, Chainalysis found that darknet markets were on pace to see $1 billion worth of bitcoin transactions this year.

As reported U.S. authorities recently took down one of the largest child porn websites on the darknet after tracing bitcoin transactions.

Featured image by Kaur Kristjan on Unsplash.

Source link
——————————————————————————————————

The post #deepweb | <p> Fake Tor Browser Found Stealing Bitcoin From Darknet Market Users <p> appeared first on National Cyber Security.

View full post on National Cyber Security

North Korea #accused of #stealing #warship #blueprints in #hack

Source: National Cyber Security – Produced By Gregory Evans

North Korea #accused of #stealing #warship #blueprints in #hack

North Korea’s cyber army appears to be going after real weapons.

Hackers tied to Kim Jong Un’s regime stole blueprints and other information about warships and submarines last year when they broke into one of the world’s biggest shipbuilders, according to South Korean lawmaker Kyeong Dae-soo.

Blueprints, shipbuilding technology, weapons systems and test data related to submarines and destroyers were among roughly 60 classified military documents taken from Daewoo Shipbuilding last year, according to Kyeong’s office. It said it was summarizing information it had received from the South Korean Defense Ministry and several military agencies.

The hackers are believed to have accessed some 40,000 documents in all.

Kyeong, a member of the opposition party, learned of the Daewoo hack at an intelligence briefing last week, according to a spokesman for the lawmaker. The South Korean Defense Ministry declined to comment on the matter, but said it is working to strengthen military security.

Daewoo has built several South Korean warships and submarines, all part of the country’s defenses against North Korea.

A Daewoo spokeswoman declined to comment, beyond saying that the company is looking into the matter.

The Daewoo hack is the latest case to come to light suggesting North Korea is using its hacking abilities to try to gain an edge in the tense standoff with the U.S. and its allies over Pyongyang’s nuclear weapons program.

Earlier this month, another South Korean lawmaker revealed that North Korean hackers allegedly stole classified military documents from a Defense Ministry database. Among the documents stolen were a South Korea-U.S. wartime operation plan and a document that included procedures to “decapitate” North Korean leadership.

North Korean hackers have also been tied to other high profile cyberattacks, including the massive ransomware attack WannaCry earlier this year, a series of attacks on global banks that came to light last year and the hacking of Sony Pictures in 2014.

The North Korean government has repeatedly denied involvement in international cyberattacks.

Cybersecurity experts say the latest alleged heist shows the risks for government contractors.

“State versus state espionage has moved into the digital realm,” said Bryce Boland, Asia Pacific chief technology officer with cybersecurity firm FireEye.

Companies “involved in state activities like defense are considered fair game by cyber spies,” he said.

 

The post North Korea #accused of #stealing #warship #blueprints in #hack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

FormBook is the new malware from attackers targeting manufacturing, defense, and aerospace firms in the South Korea and the United States.

According to the expert FireEye researchers, Formbook was identified in numerous distribution campaigns attacking the U.S. with emails containing unauthentic XLS, DOC, or PDF files. Even similar attacks from FormBook have been identified in South Korea through emails containing malicious files in ZIP, ACE, ISOS, and RAR formats.

With functional payloads, Formbook creates grabber to steal the data, the same being advertised in various hacking forums since 2016. Keylogging, tracking HTTP/SPDY/HTTPS/HTTP2 forms, network requests, stealing passwords from the browsers, email clients, clipboard monitoring, and taking screenshots are some of the prominent capabilities of FormBook.

There have been wide assortments of distribution mechanisms leveraged by the attackers of such email campaigns to distribute the information from FormBook malware, as posted on 9th October 2017 on the australiandefence.com.

As confirmed by the FireEye experts, an important and exclusive feature of this malware is that is can read ‘Windows ntdl.dll module’ to memory from the disk. This is the exported function of the FormBook making ineffective the API monitoring and user-mode hooking mechanisms.

There is a self-extracting RAR file that delivers the payload execution to the FormBook. During the instigation of launch,an AutoIt loadersrun and compile the script. This script decrypts the files from FormBook payload into a memory and then carry the execution process, confirm the researchers.

But overtime the researchers have identified that FormBook can also download NanoCore, which is a remote access Trojan or RAT that was first witnessed in 2013 and readily sold on the web. Taylor Huddleston, the author of the same was arrested for this in March 2017.

Besides the United States and South Korea, the malware has targeted other countries, such as United Kingdom, France, Poland, Ukraine, Hungry, Russia, Australia, Germany, and Netherlands.Even the archive campaign has hit the prominent countries of the world like United States, Belgium, Japan, Saudi Arabia, France, Sweden, Germany, and India.

The FormBook holds the potential to hit Windows devices, and hence it has become an urgent need for the high-end institutions to look to a more secure solution and upgrade their Windows operating system. As for now, it is announced strictly to not open any suspicious emails or click on unidentified links or download any unknown attachments from any unrecognized email address.

Source:

The post CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Scammers Stealing Down Payments By Hacking Real Estate Agents’ Email Accounts

Source: National Cyber Security – Produced By Gregory Evans

Buying a home is the biggest purchase most Americans will make during their lifetime. But now hackers have figured out how to steal the down payment, leaving the buyer without a new home and often wiping out their life savings. “The timing was impeccable, actually,” said Kristina Soloviena, a real…

The post Scammers Stealing Down Payments By Hacking Real Estate Agents’ Email Accounts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Be Alert! Hackers Are Stealing Millions From Buyers By Using These Real Estate Scams

Source: National Cyber Security – Produced By Gregory Evans

Tight Inventory Continues To Dog Housing Market Steve starts his Real Estat Roundup segment by asking Terry how long a typical For Sale house stays on the market before it gets a confirmed buyer. Terry says the national average was 27 days for the month of May 2017, well below…

The post Be Alert! Hackers Are Stealing Millions From Buyers By Using These Real Estate Scams appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

6 charged with stealing checks from Anchorage mail and vehicles to get cash

Source: National Cyber Security – Produced By Gregory Evans

Six Anchorage residents have been charged with stealing checks from the mail and vehicles and using them to get cash at banks and stores across the city over a 10-month period, the U.S. Attorney’s Office said Thursday. Acting U.S. Attorney Bryan Schroder said in a prepared statement that Sara James,…

The post 6 charged with stealing checks from Anchorage mail and vehicles to get cash appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures