Archive for November 30, 2018

North Korean hackers are coming for your bitcoin

After reports of North Koreans using Bitcoin to evade sanctions and hackers involved in stealing half a billion dollars in cryptos from exchanges emerged, now experts say, they are targeting individual investors.

North Korean hackers have taken to stealing cryptocurrency from individual investors as part of a new strategy by Pyongyang to blunt the impact of international sanctions targeting its illicit nuclear weapons programme.

A number of experts have previously shared that North Korea continues to use bitcoin to evade US sanctions. Just last month a report by Russian cybersecurity company Group IB stated that Lazarus, an infamous hacking group of North Korea stole about half a billion dollars in cryptocurrencies.

The targeting of individuals holding virtual currencies such as bitcoin marks a departure from its previous methods, which have targeted exchanges and financial institutions.

This group reportedly was also behind the 14 hacks on cryptocurrency exchanges since January 2017. Previously, the hackers tend to target exchanges and financial institutions but this time it’s individual investors.

“Previously, hackers directly attacked exchanges,” Simon Choi, the founder of the cyber warfare research group IssueMakersLab, said. “They targeted staff at the exchanges, but now they are attacking cryptocurrency users directly.”

This shift could be due to the strengthening of security by exchanges and financial institutions as he shares, “They’ve already had successes and are continuing to progress, but during that time, the exchanges have become used to the attacks and boosted their security somewhat. Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security,” Chois added.

South China Morning Post quoted Choie as saying, “With the US, the UN and others imposing sanctions on the North Korean economy, North Korea is in a difficult position economically, and cryptography has come to be seen as a good opportunity.”

Dell Urges Customers to Reset Passwords Following a Potential Data Breach

American multinational computer technology, Dell, on Wednesday, detected and prevented a data breach attempt. 

The company announced that hackers infiltrated its network and tried to steal their customers' personal information which included the names, email addresses and hashed passwords.

The company said that the perpetrators somehow got hold of the information stored on its server; however, it simultaneously expressed a possibility of none being extracted. 

It is on the basis of the initial investigations carried out by the experts, the officials at Dell confirmed that the attackers were not able to obtain any of the information. 

Aside from that, the security experts at Dell drew some relieved conclusions implying that the more sensitive customer data like credit card information were not targeted and the company confirmed the same in a press release statement. 

It said, "These include the hashing of our customers’ passwords and a mandatory password reset. Credit card and other sensitive customer information were not targeted. The incident did not impact any Dell products or services."

In an attempt to take appropriate remedial measures, Dell has associated itself with a digital forensics firm to carry out an independent investigation and has also approached legal aids. 

Alongside, in an effort to minimize the potential threat, the Texas-based company has requested its users to change their passwords and also reset it for other accounts if it's the same. 

On being enquired about the number of customers that were affected by the breach, Dell rationally denied to actualize the statistics and justified its denial in a statement it gave to Digital Trends, it said “Since this is a voluntary disclosure, and there is no conclusive evidence that customer account information was extracted, it would not be prudent to publish potential numbers when there may be none.”

Russian hackers have found a new way to cash out the stolen money

Bankers started talking about a new withdrawal scheme for funds stolen by hackers. This time, the attackers decided to use a legitimate mechanism — when bailiffs withdraw money on the writ of execution for previously recognized debts for payment of legal services.

The presence of a new fraudulent scheme was confirmed in the largest Banks, where they also noted that the attackers connected lawyers and writs of execution to the withdrawal process.

The whole scheme begins with a conditional theft of funds from a corporate client, during which a substitution of details is used. The aim of the hackers is to transfer money into the account of an apparently non-operating company.

Usually, with this method, the client notifies the Sender’s Bank of the theft, and that, in turn, notifies the Beneficiary’s Bank, which leads to the freezing of funds.

The bailiffs send an absolutely legal writ of execution, according to which the stolen amount is required to pay the a one-day company debt that allegedly did not pay for legal services.

At the same time, according to the documents, the money requires a legitimate Law firm conducting real business. Thus, the Bank is forced to transfer funds in the framework of enforcement proceedings.

According to the representative of the credit institution, the writ of execution is prepared in advance, long before the theft. What is the most advantageous in this situation for hackers? The Bank is not able to refuse to transfer funds, even if there is a good understanding that the money is stolen.

NATO readies for growing cyberthreats

It’s hard to believe we’re not far away from the 20th anniversary of the dreaded Y2K bug that put fear into every technology professional’s life at the turn of the millennium. The Y2K bug was initially thought to be a major safety threat because experts claimed there were significant flaws in the software of computers that controlled many critical systems such as air traffic control, the electric grid, banking, traffic lights and other key resources. In hindsight, the threat was over-hyped. None of the dire predictions came true – partly due to preparation, but mostly because such systems were not so heavily automated and had human intervention to prevent catastrophe.

Unfortunately, no vertical market has remained immune from the harmful aftermath of a successful cyber-attack or data breach. The situation is only exacerbated with regards to the Internet of Things (IoT), as the sheer volume of these devices continues to grow with each passing year. The IoT device explosion has seen a proportionate growth of the cyber threat landscape due to the new attack vectors that many insecure IoT devices can introduce into the ecosystem. Furthermore, the industrial markets that comprise our critical infrastructure have routinely found themselves in the crosshairs of potential cyber-criminals and data thieves.

Recently, the U.S. Undersecretary of Defense Marcel Lettre declared that cyberattacks that result in the destruction of critical infrastructure or serious economic impact should be closely evaluated as to whether or not they would be considered an act of war. NATO too wants to be ready to respond to the attacks on critical infrastructure.

A three-day annual exercise, dubbed Cyber Coalition, is pulling together officials from the North Atlantic Treaty Organization and its partners in Estonia, which suffered what's widely believed to be the first state-sponsored cyber assault on another country in 2007 amid a row with Russia over relocating a Soviet-era monument. They're playing out fictional scenarios in which alliance networks and civilian systems are under assault.

NSA Exploits From A Year Ago Are Back In A More Powerful Form To Haunt Unpatched Devices.

NSA Exploits From A Year Ago Are Back In A More Powerful Form To Haunt "Unpatched" Devices.

About a year ago, the cyber world went rife with formidable powerful NSA exploits and hence patches were circulated around to impede the issue. But after all this time, it turns out heaps and loads of computers are still struggling with the "unpatched" vulnerability.

Right off the bat, the exploits were used to disseminate ransomware, later hopping onto mining attacks for crypto-currency.

As the news goes, according to the researchers the residual leaked exploits are being used by the hackers to fabricate a gigantic proxy network to shake the cyber world even more.

The aforementioned UPnProxy vulnerability initially found a way to abuse the common “Universal Plug and Play network protocol.” And now they’ve found a way of targeting computers behind the router’s firewall which are apparently defenseless and “patch-less”.

The previously cited “UPnProxy” was conventionally an attack tool of the cyber-cons used to reroute the port which was in charge of forwarding settings onto an affected router. The obfuscation and routing of shady cyber-traffic also was supported by it.

The above stated things could be used as weapons for “denial-of-service” attacks or other basic spam or malware attacks.

The only computers that could be saved were the ones with a strong set of their router’s “Network Address Translation” (NAT) rules.

But, as it turns out the cyber-attackers are all set for making use of super-intense and all the more overpowering exploits to dig through the routers and infect computers on separate and distinct levels to attack super powerfully on more devices than they previously could.

According to a well-known researcher of an equally well-known organization, the attack of these stronger exploit networks was inevitable.

The malignant attackers are broadly bound to use two major exploits, namely, “EternalBlue” and its sister or brother for that matter “EternalRed”.

The “Blue” one was a backdoor created by the National Security Agency whose with Windows Computers as bull’s eye, whereas its sibling “EternalRed” had backdoor Linux devices on its radar.

While, UPnProxy worked on altering the port mapping on an exploitable router, the Eternal siblings got busy in targeting the service ports by a service protocol on computers by SMB.

According to sources, what is being called an “EternalSilence” attack is the name given by the aforementioned organization to the diaspora of the proxy network.

Over 45,000 devices have already drenched in the malignant network and countless could be under peril.

Apparently it is not an organized attack and focuses more on the getting as many as possible to fall into the trap.

The Eternal family attacks are pretty covert and hard to detect. Despite the Eternal siblings’ being out in the open for more than a year and yet devices are not properly shielded.

Reportedly, the old exploits could be used against the newer and more formidable ones. The devices must be patched at the earliest because the Eternal exploits are really malicious.

Disabling the “UPnP” and completely changing the affected router could work as the antidotes for the situation.