Tag Archive for: Reveals

Research reveals a resurfaced botnet targeting end-of-life devices

/in


Research from the Black Lotus Labs team at Lumen Technologies has identified multi-year efforts to target end-of-life (EoL) and IoT devices. Small home and small office routers are a particular target of this campaign, which is associated with an updated version of malware known as TheMoon.

“As we’ve expanded the types of devices that have operating systems in them, we haven’t kept up with the lessons learned from desktop and server computing, namely that automatic updates are the norm. This problem is exacerbated by consumers using devices for much longer periods of time than manufacturers want,” says John Bambenek, President at Bambenek Consulting. “By using security updates as leverage for buying new products, the net result is infected devices that are used in cybercrime. Criminals have all the time in the world to be patient, they are already netting a strong cash flow and there are more infectable devices than they have time to exploit.”

TheMoon emerged in 2014 and has been operating quietly ever since. Between January and February of 2024, it has grown to more than 40,000 bots across 88 countries. Many of these bots are deployed as the foundation of a cybercriminal-focused proxy service called Faceless. 

Faceless is a malicious service, offering anonymity services to cybercriminals for a negligible price. Malicious actors utilizing Faceless services can divert their traffic to hide their origins. 

Jason Soroko, the Senior Vice President of Product at Sectigo, says, “Routers and other networking equipment that use passwords have been easy victims to pray and spray attacks for years. It is unfortunate that stronger forms of authentication are not common. What’s new here is the usage of proxy networks for C2 traffic obfuscation.  It shows that de-anonymizing Tor and VPN traffic is not only happening, but has been successfully used against attackers.”

Source…

Yogurt Heist Reveals a Rampant Form of Online Fraud

/in


The Journal’s story reveals that cargo hijacking fraud remains a serious problem—one that cost $500 million in 2023, quadruple the year before. Victims say load board operators need to do more to verify users’ identities, and that law enforcement and regulators also need to do more to address the thefts.

Multifactor authentication (MFA) has served as a crucial safeguard against hackers for years. In Apple’s case, it can require a user to tap or click “allow” on an iPhone or Apple Watch before their password can be changed, an important protection against fraudulent password resets. But KrebsOnSecurity reports this week that some hackers are weaponizing those MFA push alerts, bombarding users with hundreds of requests to force them to allow a password reset—or at the very least, deal with a very annoying disruption of their device. Even when a user does reject all those password reset alerts, the hackers have, in some cases, called up the user and pretended to be a support person—using identifying information from online databases to fake their legitimacy—to social engineer them into resetting their password. The solution to the problem appears to be “rate-limiting,” a standard security feature that limits the number of times someone can try a password or attempt a sensitive settings change in a certain time period. In fact, the hackers may be exploiting a bug in Apple’s rate limiting to allow their rapid-fire attempts, though the company didn’t respond to Krebs’ request for comment.

Israel has long been accused of using Palestinians as subjects of experimental surveillance and security technologies that it then exports to the world. In the case of the country’s months-long response to Hamas’ October 7 massacre—a response that has killed 31,000 Palestinian civilians and displaced millions more from their homes—that surveillance now includes using controversial and arguably unreliable facial recognition tools among the Palestinian population. The New York Times reports that Israel’s military intelligence has adopted a facial recognition tool built by a private tech firm called Corsight, and has used it in its attempts to identify members of…

Source…

2024 Thales Data Threat Report Reveals Rise In Ransomware Attacks, As Compliance Failings Leave Businesses Vulnerable To…

/in


(MENAFN– AETOSWire) (BUSINESS WIRE ) — Thales today announced the release of the 2024 Thales Data Threat Report , its annual report on the latest data security threats, trends, and emerging topics based on a survey of nearly 3000 IT and security professionals in 18 countries across 37 industries. This year’s report found that 93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year.

Threats continue to increase in volume and severity

The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this escalating threat, less than half of organisations have a formal ransomware plan in place, with 8% resorting to paying the ransom demands.

Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year – closely followed by phishing and ransomware. Cloud assets, including SaaS applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.

The report shows that for a second year running, human error remains the leading cause of data breaches, with 31% of enterprises pinpointing this as the root cause.

These insights are drawn from the 2024 Thales Data Threat Report, conducted by 451 Research. The report sheds light on how businesses are adapting their data security strategies and practices in response to an evolving threat landscape.

Compliance is the key to data security

The research found that over two fifths (43%) of enterprises failed a compliance audit in the past twelve months – with the report highlighting a very clear correlation between compliance and data security.

Of those that had failed a compliance audit in the past twelve months, 31% had experienced a breach that very same year. This compares to just 3% of those who had passed compliance audits.

Operational complexity continues to cause data headaches

Fundamental understanding of what systems, applications, and data are at risk continue to lag due to changing regulatory and threat landscapes. Only a third (33%) of organisations are…

Source…

Group-IB reveals Hi-Tech Crime Trends 23/24: surge in ransomware, leaks, and info stealers targeting Middle East and Africa

/in


(MENAFN– Active DMC) Dubai, February 28, 2024 — Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has presented a comprehensive overview of the cyber threat landscape in the Middle East and Africa (MEA) for the years 2023/2024 with the release of its annual Hi-Tech Crime Trends report. The report provides a thorough analysis of how cybersecurity challenges in the MEA region have evolved. In 2023, Group-IB’s researchers identified a 68% surge in the number of ransomware attacks, with financial services and real estate companies emerging as the most common victims. The Gulf Cooperation Council (GCC) countries, South Africa, and Turkey were the most frequently targeted locales by Ransomware-as-a-Service (RaaS) affiliates. Information stealers pose a significant concern, impacting 297,106 infected devices in the MEA region whose logs were made available on Underground Clouds of Logs (UCL), and an additional 903,002 hosts, logs from which were put up for sale on underground markets. Additionally, 152 new data leaks were detected in the MEA region in 2023.

Nation-state sponsored hackers target MEA

Group-IB researchers discovered that the Middle East and Africa was a significant target for advanced persistent threats (APTs), also known as nation-state sponsored groups, last year. Overall, Group-IB attributed 523 attacks to nation-state actors across the globe in 2023. Attacks on MEA organizations accounted for 15% of the global total, numbering 77, with Group-IB experts asserting that this may be due to ongoing geopolitical conflicts in the region, along with MEA’s importance to the global energy market.

The top targeted locales in the MEA region in 2023 were Israel (14 attacks), Turkey (12) and the GCC region (8). Government and military organizations suffered the most APT attacks in the MEA region, totalling 20. Transportation (8 attacks) and telecommunications (7) were the second and third most targeted sectors, respectively.

Attacks coordinated by groups such as APT42, Oilrig and Hexane (all from MEA) reflect the desire of certain countries in the region to strengthen their…

Source…