Category: Computer Security | Page 7

Dangerous New ICS Malware Targets Orgs in Russia and Ukraine

April 17, 2024/in Computer Security

Two dangerous malware tools targeted at industrial control systems (ICS) and operating technology (OT) environments in Europe are the latest manifestations of the cyber fallout from the war in Ukraine.

One of the tools, dubbed “Kapeka,” appears linked to Sandworm, a prolific Russian state-backed threat actor that Google’s Mandiant security group this week described as the country’s primary cyberattack unit in Ukraine. Security researchers from Finland-based WithSecure spotted the backdoor featured in 2023 attacks against an Estonian logistics company and other targets in Eastern Europe and perceive it as an active and ongoing threat.

Destructive Malware

The other malware — somewhat colorfully dubbed Fuxnet — is a tool that Ukraine government-backed threat group Blackjack likely used in a recent, destructive attack against Moskollector, a company that maintains a large network of sensors for monitoring Moscow’s sewage system. The attackers used Fuxnet to successfully brick what they claimed was a total of 1,700 sensor-gateways on Moskollector’s network and in the process disabled some 87,000 sensors connected to these gateways.

“The main functionality of the Fuxnet ICS malware was corrupting and blocking access to sensor gateways, and trying to corrupt the physical sensors as well,” says Sharon Brizinov, director of vulnerability research at ICS security firm Claroty, which recently investigated Blackjack’s attack. As a result of the attack, Moskollector will likely have to physically reach each of the thousands of affected devices and replace them individually, Brizinov says. “To restore [Moskollector’s] ability of monitoring and operating the sewage system all around Moscow, they will need to procure and reset the entire system.”

Kapeka and Fuxnet are examples of the broader cyber fallout from the conflict between Russia and Ukraine. Since the war between the two countries started in February 2022 — and even well before that — hacker groups from both sides developed and used a range of malware tools against each other. Many of the tools, including wipers and ransomware, have been destructive or disruptive in nature and mainly targeted critical infrastructure, ICS, and OT…

Source…

Russian ‘Cyber Sabotage’ A Global Threat: Security Firm

April 17, 2024/in Computer Security

A Sandworm cyber hacker groups linked to Russian intelligence services is expected by computer security firm Mandiant to take aim at Western elections the Kremlin would like to sway

Indranil Mukherjee

Text size

Source…

6 Ways To Tell If Your Phone Is Hacked—And What To Do Next

April 16, 2024/in Computer Security

Realizing your phone has been hacked can be extremely stressful, but stay calm.

getty

These days, most people are highly reliant on their phone. Three quarters of phone users worldwide use them to chat or send messages, six in ten for banking and nearly half for navigation, according to Statista. Indeed, according to Pew Research, 15% of U.S. adults are “smartphone-only” internet users who depend on their phone as they don’t have a home broadband service. All this means that if something goes wrong and your phone is hacked, your life can be upended — and your bank account cleaned out. Here’s a look at how to know if your phone is hacked, how to avoid it and what to do if the worst happens.

Can Someone Hack My Phone?

Cyber criminals have a variety of ways to take control of, or steal information from, a victim’s phone. All types of phone, whether iPhone or Android, are vulnerable — although Apple phones are generally perceived as being safer, thanks to stronger security controls.

There are a number of different phone hacking techniques. One of the most common is to fool the user into clicking on a malicious link, or into downloading software from a fake app store or elsewhere through what’s known as social engineering, often through the use of phishing emails. Fake public wifi networks can often fool the unsuspecting. Another technique involves a SIM swap, in which an attacker persuades a victim’s mobile provider to transfer their SIM card to a device under their control; infected USB cables or charger cables can also allow an attacker access. And once an attacker has found a way in, a user’s data can be exposed, especially where passwords have been reused.

How To Check If Your Phone Has Been Hacked

Perhaps the most high-profile hack of a phone came in 2019, when the Twitter account of the company’s CEO, Jack Dorsey, started tweeting out a string of bizarre posts. It was immediately clear that his account had been hacked.

In this case, the attackers appear to have used a SIM swap, which was only possible through a “security oversight” by his mobile carrier. More commonly, a phone user becomes suspicious after spotting one or more of the symptoms below.

There…

Source…

A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack

April 16, 2024/in Computer Security

Hackers have been observed using steganography to target hundreds of organizations in Latin America with infostealers, remote access trojans (RAT), and more.

The campaign, dubbed SteganoArmor, was discovered by researchers from Positive Technologies.

For those unfamiliar with steganography, it’s a technique of hiding data inside benign files. Hackers use it to hide malware in JPG and similar files, and thus bypass email security solutions.

Infostealers and other malware

As per the researchers, a threat actor dubbed TA558 sent out hundreds of phishing emails, through which they shared Microsoft Word and Excel files.

These files exploit a seven-year-old flaw tracked as CVE-2017-1182. To minimize the chances of the emails being picked up by email security solutions, they were sent from compromised SMTP servers.

If the victim runs the files, they will download a Visual Basic Script (VBS) from the legitimate “paste upon opening the file.ee” service. This script will download a JPG file holding a base-64 encoded payload. This payload will, ultimately, result in the download and installation of one of these malware variants:

AgentTesla, FormBook, Remcos, LokiBot, Guloader, Snake Keylogger, and XWorm. The majority of these are infostealers, with a few RATs and stage-two downloaders. While the attackers do seem to have cast a wide, global net, the majority of the victims are located in Latin America, the researchers added. So far, more than 320 attacks were discovered.

Defending against this attack is relatively easy. First, users should be wary of incoming emails, especially those carrying files and links, as that’s the usual modus operandi of cybercriminal groups. Also, they could patch their Office suite to prevent the malware from exploiting CVE-2017-1182. The patch for this vulnerability has been around for more than half a decade.

TA558 has been around for almost a decade, mostly targeting organizations in the hospitality and tourism industries.

Via BleepingComputer

More from TechRadar Pro

Source…

Destructive Malware

A Sandworm cyber hacker groups linked to Russian intelligence services is expected by computer security firm Mandiant to take aim at Western elections the Kremlin would like to sway

Can Someone Hack My Phone?

How To Check If Your Phone Has Been Hacked