victims’

now browsing by tag

 
 

#infosec | Californian Jailed for Cyber-Stalking Mass Shooting Victims’ Families

Source: National Cyber Security – Produced By Gregory Evans

A California man who used social media to stalk and threaten the families of American mass shooting victims has been sentenced to 66 months in a federal prison.

Brandon Michael Fleury, of Santa Ana, was convicted of cyber-stalking and sending a kidnapping threat to the friends and family of people who were killed in the Marjory Stoneman Douglas High School shooting in Parkland, Florida. The mass shooting, which occurred in 2018, left 17 students dead.

To commit his crimes, 22-year-old Fleury created 13 different Instagram accounts, using a barrage of aliases, including alleged Parkland shooter Nikolas Cruz and executed serial killer Ted Bundy. 

Fleury would then post malicious messages, tagging the friends and families of Parkland shooting victims. 

These messages, posted from December 28, 2018, to January 11, 2019, included statements like, “I’m your abductor I’m kidnapping you fool,” “With the power of my AR-15, you all die,” and “With the power of my AR-15, I take your loved ones away from you PERMANENTLY.”

Many of the messages, including ones written under usernames referring to Cruz and containing Cruz’s profile picture, directly taunted victims’ friends and families about the deaths of their loved ones in the Parkland shooting. 

One message, targeting Jesse Guttenberg, who lost a sister in the attack, read: “I took Jaime away from you. You’ll never see her again hahaha.”

Aliases used on Instagram by Fleury included @teddykillspeople and @nikolas.killed.your.sister.

Upon examining tablets owned by Fleury, law enforcement found thousands of saved images of the notorious Bundy along with images of Fleury’s targeted victims. Police also found saved screenshots of the messages that Fleury had sent to his victims.

Fleury was arrested in the Santa Ana home he shared with his father and brother and charged in January 2019. Law enforcement tracked him down after subpoenaing Instagram for IP addresses and account information related to the threatening and harassing posts. 

Following his convictions for interstate transmission of a threat to kidnap and interstate cyber-stalking, US District Judge Rudolfo A. Ruiz II sentenced Fleury on Monday to a 66-month custodial sentence.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Californian Jailed for Cyber-Stalking Mass Shooting Victims’ Families appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security

Source: National Cyber Security – Produced By Gregory Evans

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today warned of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies.

According to the alert issued in collaboration with the Swiss Government Computer Emergency Response Team (GovCERT), the attackers have asked for ransoms ranging from thousands of Swiss Francs to millions — 1 million CHF is just over $1 million.

Over a dozen of such ransomware attacks that resulted in systems being encrypted and rendered unusable have been reported in recent weeks.

“The attackers made ransom demands of several tens of thousands of Swiss francs, in some cases even millions,” the alert says.

Swiss ransomware victims ignored warnings, had poor security

As MELANI and GovCERT discovered while investigating these ransomware incidents, recommended best practices such as MELANI’s information security checklist for SMEs were not implemented by the victims and previous warnings of such attacks were not taken into consideration.

The Swiss Government-funded cybersecurity body advises businesses not to pay ransoms to avoid becoming involuntary sponsors for the hackers’ ongoing campaigns.

Also, by paying them, businesses don’t have any guarantee that their data will be recoverable using decryption tools provided by the attackers.

It is important that the companies concerned contact the cantonal police immediately, file a complaint and discuss the further procedure with them. As long as there are still companies that make ransom payments, attackers will never stop blackmailing. – MELANI

MELANI also warned both SMEs and large companies that they are still at risk even after paying the ransoms and restoring their systems and data seeing that “the underlying infection from malware such as ‘Emotet’ or ‘TrickBot’ will remain active.”

“As a result, the attackers still have full access to the affected company’s network and can, for example, reinstall ransomware or steal sensitive data from it.”

MELANI said that there are examples of companies from Switzerland and other countries that were ransomed multiple times within short periods of time.

While analyzing the recently reported ransomware incidents, the Swiss cybersecurity body identified a number of weaknesses that allowed attackers to successfully breach the companies’ defenses (all of them can be mitigated by MELANI’s recommendations):

• Virus protection and warning messages: Companies either did not notice or did not take seriously the warning messages from antivirus software that malware had been found on servers (e.g. domain controllers).
• Remote access protection: Remote connections to systems, so-called Remote Desktop Protocols (RDP), were often protected with a weak password and the input was only set to the default (standard port 3389) and without restrictions (e.g. VPN or IP filter).
• Notifications from authorities: Notifications from authorities or from internet service providers (ISPs) about potential infections were ignored or not taken seriously by the affected companies.
• Offline backups and updates: Many companies only had online backups which were not available offline. In the event of an infestation with ransomware, these backups were also encrypted or permanently deleted.
• Patch and lifecycle management: Companies often do not have a clean patch and life cycle management. As a result, operating systems or software were in use that were either outdated or no longer supported.
• No segmentation: The networks were not divided (segmented), e.g. an infection on a computer in the HR department allowed the attacker a direct attack path to the production department.
• Excessive user rights: Users were often given excessive rights, e.g. a backup user who has domain admin rights or a system administrator who has the same rights when browsing the internet as when managing the systems.

Stream of ransomware warnings

Last year, in November, a confidential report issued by the Dutch National Cyber Security Centre (NCSC) said that at least 1,800 companies from around the globe and with operations in various industry sectors were affected by ransomware attacks.

The three file-encrypting malware strains responsible for the infections — LockerGoga, MegaCortex, and Ryuk — relied on the same infrastructure and were previously spotted in attacks that targeted corporate networks and enterprises such as Norsk Hydro and Prosegur.

The Federal Bureau of Investigation (FBI) also warned private sector partners last month about Maze Ransomware operators focusing their attacks on US companies. 

This warning came less than a week after the FBI warned private industry recipients about LockerGoga and MegaCortex ransomware infecting corporate systems from the U.S. and abroad in a flash alert marked as TLP:Amber.

“Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands,” the FBI announced at the time.

“The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.”

Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) alerted organizations across all critical U.S. infrastructure sectors of a recent ransomware attack that hit a natural gas compression facility and took down pipeline operations for two days.

Source link

The post #nationalcybersecuritymonth | Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Maze ransomware publicly shaming victims into paying

Source: National Cyber Security – Produced By Gregory Evans

At least
five law firms have been hit and held hostage by the Maze ransomware group in
the last four days with these attacks being part of a wider campaign possibly
affecting between 45 and 180 total victims in January.

Maze is
using a somewhat unique tactic with its latest victims. Instead of simply
placing a ransom note on the infected system and waiting for payment, the gang places
the company name on a website. If a payment is not forthcoming immediately it
then places a small amount of the stolen data on the site as proof, reported Brett
Callow, threat analyst with Emsisoft.

If payment
is received the name is removed. The websites are hosted by two Chinese
companies, one a Singapore-based division of Alibaba and the other by Tencent,
although there is no indication these entities are involved in the ransomware
scheme.

“Hackers
claim to have stolen data from at least five law firms – three in the last 24
hours alone – and, in two of the cases, a portion of the stolen data has
already been posted online. The data, which includes client information, has
been published on the clear web where it can be accessed by anybody with an
internet connection,” Callow told SC Media.

Emsisoft has
what it believes to be firm data that at least 45 companies were targeted by
Maze in January, but Emsisoft believes this represents only about 25 percent of
the total number of firms involved.

“My concern, as usual, is disclosure,” Callow said discussing the chart below. “It’s submissions we’ve had for Maze (each one represents an actual incident) and we’d estimate it represents only about 25% of the total number. In other words, there’re a lot more submissions than there are companies listed on the website – which means they pay before being listed.”

Source: Emsisoft

The group
has also placed the stolen content on dark forums with instructions telling malicious
actors to “Use this information in any nefarious ways that you want.”

Another
differentiating factor is Maze attempts to fully monetize its criminal endeavor
by demanding $1 million to decrypt the data and then another $1 million to delete
the stolen information, although Callow noted “it seems highly unlikely that a
criminal enterprise would actually delete that it may be able to monetize at a
later date.”

Maze has targeted several high-profile entities within the last few months, including Allied Universal, Southwire and the city of Pensacola. It also recently struck the Canadian firm Bird Construction, which holds several military contracts, and exposed some of the stolen data from Bird subcontractor Suncor and the PII on a few Bird employees, including names, home addresses, phone numbers, banking info., social insurance numbers, tax forms, health numbers, drug and alcohol test results.

Original Source link

The post #cybersecurity | hacker | Maze ransomware publicly shaming victims into paying appeared first on National Cyber Security.

View full post on National Cyber Security

FBI Expands Election Security Alerts Beyond Victims to State, Local Officials

Source: National Cyber Security – Produced By Gregory Evans by DH Kass • Jan 20, 2020 The Federal Bureau of Investigation will now notify state officials when a local election has been hit by hackers, a course reversal from a prior closed door policy not to extend notification beyond victims of cyber attacks. A protracted […] View full post on AmIHackerProof.com

#deepweb | Wasp seizes control of victims’ brains to turn them into zombie slaves

Source: National Cyber Security – Produced By Gregory Evans A newly-discovered member of the Acrotaphus wasp family (Image: Kari Kaunisto) Scientists have discovered a new species of wasp that can seize control of its victim’s brains. Lurking in the dark depths of the Amazon rainforest is a ‘parasitoid’ wasp that can ‘manipulate the behaviour of […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | The dangers of ‘shaming’ the victims of cybercrimes

Source: National Cyber Security – Produced By Gregory Evans ANALYSIS/OPINION: Clearly, it is an egregious violation of today’s social norms to “shame” someone for being overweight, as HBO talk-show host Bill Maher can surely attest. (The uproar over Mr. Maher’s advocacy of fat-shaming was covered everywhere, from The New York Times to the BBC.) Other […] View full post on AmIHackerProof.com

#school | #ransomware | Ryuk Ransomware Is Making Victims Left and Right

Source: National Cyber Security – Produced By Gregory Evans While doing some open-source intelligence (OSINT), a security researcher discovered that a provider of end-to-end solutions for emergency care facilities in the U.S. fell victim to Ryuk ransomware. The company hit by the malware is T-System based in Dallas, Texas, and it is currently working to […] View full post on AmIHackerProof.com

Weekly Threat Briefing: New Banking Trojan Infects Victims via McDonald’s Malvertising

Source: National Cyber Security – Produced By Gregory Evans The intelligence in this week’s iteration discuss the following threats: Backdoors, Cryptocurrency, Data breaches, Malware, and Trojans. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1: IOC Summary Charts.  These […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Netflix email scam tells victims to ‘update your payment information’, news update

Source: National Cyber Security – Produced By Gregory Evans If you receive an email from Netflix telling you to update your payment information immediately, you could be the victim of sophisticated new scam. The streaming giant has once again been embroiled in a phishing email scam, which uses the same branding and username seen with […] View full post on AmIHackerProof.com

Are Our Phones the Next Victims of Hacking?

Source: National Cyber Security – Produced By Gregory Evans

Lately, there is no shortage of hacks going on and the next vulnerability could be right in the palm of your hand – literally. Millions of mobile phones, laptops and home devices could be at risk of hacking after researchers discovered a new way to take over devices using the…

The post Are Our Phones the Next Victims of Hacking? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures