Archive for July 31, 2018

Hackers create fake websites with resources for stealing money from accountants

One of the global leaders in preventing and investigating cyber crimes Group-IB reported on the blocking of 5 accounting sites created specifically for stealing money through the Bank Client system.

According to Group-IB, the goal of hackers is to infect visitors with viruses Buhtrap and RTM. Accountants, lawyers and other professionals working with remote banking services (RBS) have become victims of attacks. From April at least 200 thousand people have already visited three of five websites.

The scheme was detected after trying to load Malware in one of the Russian Banks. During the investigation police established that Trojan was loaded from the website buh-docum[[dot]]ru containing hundreds of specialized documents for accountants. The resource was in the top place in all search engines. According to Group-IB, hackers received about 1.2 million rubles (1.3 million INR) of each successful attack per day.

Experts note that owners of legitimate sites can easily detect presence of a malicious software.  So, the attackers are moving to a different technique - creating websites with hundreds of useful documents. 
"if an accountant needs a specific document that is not available anywhere, he will go to any website, any forum for information.", the local media quote Yulia Gladysheva, an Energy Consulting partner,as saying.
According to Russian Global Cybersecurity company Positive Technologies, the use of the malicious software is one of the most common methods of attacks. Alexey Novikov, Head of the Security Center of Positive Technologies, said that it is necessary to control the security of computers.

In this case, it is extremely difficult for Banks to protect their client from theft. Banks can't control the actions of accountants: whether they visit questionable sites, whether they download infected files, whether they have an antivirus. However, according to Alexei Lukatsky, Security Consultant of Cisco, there are ways to stop hackers. For example, one computer will prepare a payment, then this payment will be sent to the bank from another computer. The Central Bank of Russia hopes that this measure will complicate the work of hackers.

- Christina

Bengaluru Techie Blackmailed To Transfer $2,200 through Bitcoin

In Bengaluru, a hacker claimed he'd utilized a techie's webcam to record his private moments and coerced him, thusly threatening him to transfer $2,200 through bitcoin. Rajesh (name changed), a techie in a multinational software organization on Bannerghatta Road, Bengaluru, received an email which further instructed him to transfer the said amount.

The mail was sent by the hacker,the handle being  'Coy Lynch'  and the mail id as ''.

The hacker asserted he had placed malware on specific sites that Rajesh used to visit and had hacked into his camera, hence recording him. The blackmailer even debilitated to destroy him by sending the recorded footage to every one of those on Rajesh's contact list and relatives on the off chance that he refused to do what was asked of him.

Rajesh told STOI, “I checked whether my contact details or personal information was breached. I found that my personal account information was breached from nine sources, including three verified sources. I’m sure he doesn’t have any private video of mine but it’s possible to do it. This has been reported elsewhere. It’s happening here now — blackmail and extortion has started by compromising password.”

Luckily, Rajesh posted a copy of the mail on the Facebook page of Bengaluru police, who are yet to make progress for this case, yet despite everything they haven't discounted the mind-games played by online fraudsters to coerce cash by asserting to have taken control of the victim's laptops or cell phones by utilizing malware.

Cyberstrike at Kickico: $8 million looted

Despite umpteen numbers of mechanism to firmly deal with the hacking menace, the hackers keep striking in the cyber world making money to leave millions of people poor indeed.

 Yet another hacking incident rattles the cyber community where the attackers are said to have stolen a huge $8 million from a blockchain network.

The sensational hacking incident took place at KICKCO blockchain network where the cybercriminals siphoned off nearly $8 million leaving even sensitive cybersecurity agencies and experts in a state of utter cluelessness this week Cybersecurity experts have called it an incident of security breach in the Initial Coin Offering (ICO) project which resulted in the theft of 70 million KickCoins this week.

 The blockchain networks allow the users to conduct ICOs, cow investing and cow funding campaigns. The cybercriminals struck immediately after they had the access into the crucial key of the smart contact attached to the KickCoin that allowed them to get the access into the entire project to strike without any hindrance before stealing the huge amount to the tune of $8 million.

 The company experts called it a rare incident of cyber attack where the criminals managed to get the KickaCoin smart contract in their possession before damaging the tokens attached with more than 37 addresses to create new ones of the same amount to be diverted.

Stunned by the incident, the team of experts at work with KICKICO successfully regained the control over the entire project and replaced the tokens and addresses used by the hackers. Private keys were then made inaccessible.

 The authorities, further, reimbursed the all affected addresses. KICKICO blockchain network then came out with a clarification admitting the incident of the security breach.

 According to what they say the authority came to know all about the incident only after going through Complaints of the victims.

Now the cybersecurity experts who keep doing research on the security breach incidents, blame it all on the increasing Bitcoin value for the steep rise in the cyberattacks against ICO projects and cryptocurrency exchanges.

Facebook removed hundreds of offensive posts

Facebook claims that they have deleted or blocked hundreds of objectional posts over the past six months in order to follow Germany's new law banning online hate speech.

In January this year, Germany has introduced a new strict law known as 'NetzDG,' which imposes heavy fines on social media companies if they don't remove offensive posts within 24 hours of receiving a complaint. The fine could reach up to  $58 million.

According to a blog written by Facebook’s vice president for global policy solutions, Richard Allan, between January and June, the company has received total 1,704 complaints under the law, while they removed 262 posts.

 "Worldwide, we removed approximately 2.5 million pieces of content in the first quarter of 2018 that violated our policies," wrote Allan. "We are convinced that the vast majority of content that is considered hate speech in Germany would be removed if checked for a violation of our community standards."

For last one year, Facebook has faced severe criticism over the handling of hate speech, fake news, conspiracy theories and hoaxes on its site. Last week, they clarified their stance by arguing that banning fake news won't serve the purpose instead it should be demoted in results. Meanwhile, they emphasized that the company strongly support free speech.

Mixed-up Biometric affects 2 crore Aadhaar holders

A contract laborer from Raichur had to spend Rs 30,000 and wait for over seven years to receive his correct Aadhaar number. His biometric analysis of his fingerprint was mixed up with his son's, reported New Indian Express.

According to a senior UIDAI official, this is not the only case of mixed-up biometric, around 1.3 to 1.9 crore people have suffered from "'mixed biometrics.'

As per an internal communication of UIDAI recently, in over seven years there is about 1-1.5 percent of all enrolments have had incorrectly biometric data, which make them unable to claim basic services or benefits that the government has tied directly to the program.

An anonymous official of UDAI said: "There are also several cases of biometric data not being captured properly. UIDAI is identifying such cases and addressing their grievances."

Now a team of UIDAI is trying to identify the mix-up cases, has informed the ones with the wrong biometrics, and are now organizing camps to reverse the errors.

A UDAI official has blamed the urgency and deadline to meet the initial stage of Aadhaar as the reason behind this goof-up. "To meet targets, some enrolling agencies used biometrics of accompanying relatives if they were not able to register the biometric data of the person who was getting enrolled. Ramifications of this are emerging now as some people are facing problems to avail Aadhaar-linked essential services."