Firewall Firm is a Managed Cyber Security Company in India
Home » Tag: Cyber Security Company

Tag Archives: Cyber Security Company

Home » Tag: Cyber Security Company

2018: The Year of Next-Generation Attacks

Enterprises around the globe are facing a new breed of cyber-attacks that are largely fueled by geopolitical tensions, according to Carbon Black’s 2019 Global Threat Report.  

Last year cybersecurity professionals struggled to defend against increasing crypto-mining attacks, along with fileless attacks, ransomware and commodity malware, marking 2018 as the year of the next-generation of attacks.

“Modern cyberattacks appear to increasingly…reveal how clever attackers have become in evolving to remain undetected – using techniques such as lateral movement, island hopping and counter incident response to stay invisible,” the report stated.

The data analyzed in the study found that, in aggregate, enterprises saw approximately one million attempted cyber-attacks per day, though half of today’s cyber-attacks use the victim primarily for island hopping.

Governments around the globe experienced increased attacks that appeared to stem from Russia, China and North Korea. “Of the identified fileless attacks, variants of the malware Graftor were uniquely identified as the fileless payload. The FBI has high confidence that Graftor variants are used by North Korean cyber operations, also referenced as HIDDEN COBRA, to maintain presence on victim networks and to further network exploitation,” the report stated.

In addition the threat data revealed that computers/electronics, healthcare, business services, internet/software and manufacturing were the five industries most targeted by cyber-attacks in 2018.

Kryptic was the most commonly used ransomware variant in 2018, and the five industries most targeted with ransomware were manufacturing, business services, retail, government and computers/electronics.

The data also showed that the average endpoint “was targeted by two cyberattacks per month throughout 2018. At this rate, an organization with 10,000 endpoints is estimated to see more than 660 attempted cyberattacks per day.”

Another key finding of the study found that approximately $1.8 billion of cryptocurrency-related thefts transpired last year, up from the $1.3 billion in total losses reported by the FBI in 2016, and cyber-criminals have largely shifted from Bitcoin to Monero as their currency of choice.

“Of the identified attacks, cryptocurrency exchanges are the most vulnerable target for cybercriminals. Attacks on these exchanges account for just over 27% of all reported incidents. These exchanges represent prime targets for cryptocurrency theft, fraud and harvesting of user information for follow-on targeting by these same criminals.”

Alleged Russian Hacker Pleads Not Guilty After Extradition to United States

A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York.

Aleksandr Zhukov, 38, was arrested in November last year by Bulgarian authorities after the U.S. issued an international warrant against him, and was extradited by Bulgaria to the United States on Thursday (January 18, 2019). He is currently in prison in Brooklyn.

In November 2018, law enforcement and multiple security firms collaborated to shut down one of the largest digital ad-fraud schemes, which they dubbed 3ve, that infected over 1.7 million computers worldwide to generate fake clicks used to defraud digital advertisers for years and made tens of millions of dollars in revenue.

Pronounced “Eve,” the online ad-fraud campaign was believed to have been active since at least 2014, but its fraudulent activity grew last year, turning it into a large-scale business and earning their operators more than $30 million in profit.

At the time, the US Justice Department announced a 13-count indictment against eight people from Russia, Ukraine, and Kazakhstan, three of them had already been arrested including Zhukov, Boris Timokhin (39, Russian Federation who was arrested from Estonia), and Sergey Ovsyannikov (30, Republic of Kazakhstan who was arrested from Malaysia)

Other defendants who have not yet been caught by the authorities include:

  • Mikhail Andreev (34, Russian Federation and Ukraine)
  • Denis Avdeev (40, Russian Federation) 
  • Dmitry Novikov (Russian Federation) 
  • Aleksandr Isaev (31, Russian Federation)
  • Yevgeniy Timchenko (30, Republic of Kazakhstan)

Zhukov, along with other suspects, has been accused of organizing an advertising fraud scheme, dubbed “Methbot,” from September 2014 through December 2016 wherein he rented out more than 1,900 computer servers hosted in commercial data centers to load ads from advertisers on over 5,000 counterfeit websites

The scheme flawlessly generated billions of ad views and caused businesses to pay over $7 million for “ads that were never actually viewed by real human internet users,” US prosecutors said in a November indictment.

All the eight defendants have been charged with 13 counts of criminal violations, including wire fraud, aggravated identity theft, money laundering, and conspiracy to commit computer intrusion, among others.

However, Zhukov denied all the charges against him on Friday, when he appeared in a Brooklyn courtroom in New York

Cyber Security News 1st week Sept 2016

1.      Dropbox hacked: Hackers have obtained credentials for more than 68 Million accounts of online cloud storage platform Dropbox from a known 2012 data breach. Last week, Dropbox sent out emails alerting its users that a large chunk of its users’ credentials that was obtained in 2012 data breach, may soon be seen on the Dark Web marketplace, prompting them to change their password if they hadn’t changed since mid-2012. Dropbox is the latest to join the list of “Mega-Breaches,” which includes LinkedIn, MySpace, VK.com and Tumblr.

 

  1. Kimpton Hotels hit by Point-of-Sale breach: Kimpton Hotels & Restaurants is alerting payment card customers of a payment card breach at more than 60 of its hotels and restaurants that occurred between February 16 and July 7 of this year. The hotel chain said in a message on its website that it first got word of unauthorized charges on guests’ payment cards in mid-July. An ensuing investigation uncovered malware on PoS servers at the front desks and restaurants of some of its hotels. “The malware searched for track data read from the magnetic stripe of a payment card and routed it through the affected server. Kimpton’s POS woes follow that of Eddie Bauer and HEI Hotels & Resorts, which operates Marriott, Hyatt and Sheraton and Westin hotels.

 

  1. Music website hacked: UK based – Music website called Last.fm, was hacked in March 2012 and three months after the breach, the company admitted to the incident and issued a warning, encouraging its users to change their passwords. Now, four years later the stolen data has surfaced in the public. The leaked records include usernames, hashed passwords, email addresses, the date when a user signed up to the website, and ad-related data. Last.fm stored its users’ passwords using MD5 hashing – which has been considered outdated even before 2012 – and that too without any Salt. (Salt is a random string added to strengthen encrypted passwords that make it more difficult for hackers to crack them.)

 

  1. St. Jude says Muddy Waters, MedSec video shows security feature, not flaw: St. Jude Medical, is a medical device company which makes pacemakers. MedSec is a Cyber security firm that specializes in security flaws in medical devices. Muddy Waters Research is a due diligence based investment firm. After a yearlong research by Medsec, it was found that St Jude’s products had severe issues. Medsec did not responsibly disclose its findings to St Jude but instead joined hands with Muddy waters to profit in the stock market with this information. St. Jude has refuted the allegations and has issued a statement saying the supposed “flaw” was actually a “security feature. If attacked, the pacemakers place themselves into a ‘safe’ mode to ensure the device continues to work.

 

  1. Double Whammy – Ransomware steals data before Encrypting: Betabot, the first known weaponized password-stealing malware that also infects victims with ransomware in a second stage of attack. In many instances it is still able to evade detection, it uses the Neutrino exploit kit, which uses infected documents disguised as CVs to ask the victim to enable macros. If they do, the malware is able to steal login data and passwords from web browsers. The Trojan then downloads and installs the Cerber ransomware onto the victim’s computer, demanding the user pays up in order to regain access to their compromised machine.

 

  1. ‘Guccifer’ gets 52-month Jail term: Romanian hacker “Guccifer,” who pleaded guilty in May this year to hacking and identity theft of around 100 high-profile Americans, has been sentenced to 52 months in prison by a US court. Guccifer hacked the email and social media accounts of his victims between October 2012 and January 2014 and made public confidential emails, photographs and private medical and financial data. Not to confuse with Guccifer 2.0, the hacker behind the DNC hack.

 

  1. Suspect arrested for 2011 Linux Kernel organization breach: In September 2011, kernel.org site that hosts the core development infrastructure behind the Linux kernel was breached. For the last five years, not many details about the attack were revealed and the attacker remained at large—that is, until he was picked during a traffic stop in Miami – last week. The hacker had managed to steal login credentials of one of the Linux Kernel Organization system administrators in 2011 and used them to install a hard-to-detect malware backdoor, dubbed Phalanx, on servers belonging to the organization. Using this backdoor, he installed malware on various Linux installations. He faces a possible sentence of 40 years in prison as well as $2 Million in fines. Threat protection for Linux can help in such situations.

 

  1. California may soon treat Ransomware as extortion: Ransomware may soon be regarded as a form of extortion in California once legislation is approved by governor. The Bill if passed, could land culprits in jail for two to four years. The move has received widespread support from different quarters that want ransomware attacks to be treated as a felony. The state’s law enforcement unit and the tech sector all support the legislation.

 

  1. SWIFT reveals new hacking attempts on member Banks: SWIFT has revealed new hacking attempts on several member banks following its June disclosure of the $81-million Bangladesh Bank heist and is pushing members to comply with new safety features. “The threat is persistent, adaptive and sophisticated – and it is here to stay,” SWIFT told the banks. SWIFT members have been warned that failure to meet a November 19 deadline for installing latest security software would be reported to banking regulatory bodies and partners.

 

  1. India registers 350 percent rise in cybercrime in last three years: According to a study, in India, there has been a surge of approximately 350% in cybercrime cases registered under the Information Technology (IT) Act, from the year of 2011 to 2014. The Indian Computer Emergency Response Team (CERT-In) has also reported a surge in the number of incidents handled by it, with close to 50,000 security incidents in 2015. Bangalore leads in the number of cybercrime cases, the city recorded 1,041 cybercrime cases in 2015, the highest among the country’s 53 mega cities, and a 42% increase over the 2014 figures. State-wise data shows the worst states to be: Maharashtra (2,195 cases) and Uttar Pradesh (2,208). Most cases relate to credit card fraud, email hacking and online cheating, including fake lottery scams. Use of technology and building awareness can reduce cybercrime.
Read More »