Tag Archive for: affects

‘Daam’, a malware that affects Android devices: All you need to know

/in


The Indian Computer Emergency Response Team (CERT-IN) has issued an advisory regarding ‘Daam,’ which it says is an Android malware that is ‘capable of stealing sensitive data, bypassing antivirus programs, and deploying ransomware on the targeted devices.’

How does ‘Daam’ affect a device?

FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel//File Photo

According to CERT-IN, the central nodal agency that responds to computer security-related incidents, Daam communicates with various Android APK files to access a phone. Being distributed through third-party websites, it encrypts files in the phone through the AES encryption algorithm.

Following this, files get deleted from the local storage; only the ones encrypted are left behind, and with ‘.enc’ extension and ‘readme_now.txt,’ a ransom note.

In what ways can ‘Daam’ affect a device?

The malware, as per the agency, is capable of hacking call recordings and contacts; gaining access to the camera, modifying passwords, capturing screenshots, stealing SMS, downloading/uploading files, and more.

How to stay away from ‘Daam’?

CERT-IN gave the following recommendations to keep a device safe from Daam:

(1.) Download only from official app stores to reduce the risk of potentially harmful apps.

(2.) Always review app details, user reviews before downloading it; also, grant only those permissions that are relevant to the purpose of the app.

(3.) Install Android updates as and when available, and only from Android device vendors.

(4.) Do not browse un-trusted websites or follow un-trusted links.

(5.) Install and maintain updated anti-virus and antispyware software.

(6.) Be vigilant if you see mobile numbers that don’t look like genuine/regular mobile numbers.

(7.) Do not just click on a link provided in a message; do extensive research first.

(8.) Click only those URLs that clearly indicate the website domain; exercise caution towards shortened URLs,…

Source…

Ransomware event affects US Marshalls Service

/in


US federal agencies warned hackers were targeting the business sector using malware that can lead to ransomware attacks – © AFP

A ransomware attack has taken place on the U.S. Marshals Service. The cybersecurity incident has exposed some of its most private data, including materials used in law enforcement and the personal information of staff members who could become the subject of federal investigations.

Looking into this serious data breach for Digital Journal is Nick Tausek, Lead Security Automation Architect at Swimlane.

Tausek begins his analysis by explaining the incident and what the consequences are, noting: “The U.S. Marshals Service is looking into a significant ransomware attack that exposed some of its most private data, including materials used in law enforcement and the personal information of staff members who could become the subject of federal investigations.”

And with the significance, Tausek says: “Deemed a “major incident” by officials, the attack allowed hackers to access employee information, information on wanted fugitives and information regarding unidentified third parties.”

Tausek adds: “According to U.S. policy, “major incidents” are regarded as “significant cyber incidents” that have the potential to do tangible harm to the economy, national security, or civil liberties of the United States, as well as to public trust and safety. These incidents are required to be reported to Congress within seven days.”

In terms of how the incident is looking, Tausek explains: “Although the U.S. Marshals Service has created a quick fix to continue investigations into fugitives in the midst of the attack, routine operations are sure to be hindered.”

In the wider context, Tausek says: “Government agencies and the federal justice system continue to be hot targets for cybercriminals due to the classification of sensitive information stored by their systems and the negative repercussions coming out of such an attack that could more easily sway officials to pay high ransom.”

The incident also needs to be placed into the national context, explains Tausek: “This attack comes as the Biden administration attempts to shore up the nation’s…

Source…

Ransomware attack affects Dole’s operations

/in


Hacks have increased through the pandemic and the war in Ukraine – © AFP/File Noel Celis

Dole, one of the world’s largest producers and distributors of fresh fruit and vegetables, has announced that it is dealing with a ransomware attack that impacted its operations.

Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America,” Emanuel Lazopoulos, senior vice president at Dole’s Fresh Vegetables division, says in a statement to retailers quoted by CNN.

Looking into this cybersecurity incident for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.

Chenette places the incident in the context of other security incidences impacting upon the food sector. He notes: “The recent ransomware attack against Dole Food Company is an unfortunate reminder that the target on the food and beverage industry hasn’t gone anywhere.”

Drawing on another example, Chenette says: “Just last December, Sobeys, a major Canadian food retail giant, suffered a ransomware attack that cost the company around $25 million.”

The maritime company that owns Sobeys ended up alerting customers, and employees past and present about a data breach of personal information.

Returning to Dole, Chenette observes: “The aftermath of a ransomware attack against a food supplier this large can be devastating. Grocery stores in North America are already noting a shortage of shipments due to Dole shutting down its North American production plants.”

Chenette considers what other firms operating in similar areas can to do prevent similar attacks. He states: “To prevent similar attacks in the future, organizations must study the common tactics, techniques, and procedures used by common threat actors, which will help them build more resilient security detection, prevention, and response programs mapped precisely to those known behaviors.”

As a second recommendation, Chenette turns his attention to robotic processes, recommending: “Organizations should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to better prepare for the next threat.”

Source…

When will the Royal Mail cyber attack be fixed? What we know about how hack affects international deliveries

/in


Royal Mail has confirmed that a cyber attack is to blame for ongoing disruption to postal services.

The attack is believed to have already left more than half a million letters and parcels stuck in limbo, according to reports last week.

The attack is suspected to have come from a Russian-linked ransomware gang called Lockbit, though this is yet to be confirmed.

Here’s how the attack is affecting postal services, and when Royal Mail says it will be fixed.

How is the cyber attack affecting post?

Royal Mail is continuing to ask customers not to post items overseas while it investigates the cyber attack.

The company said it was experiencing “severe disruption” to its international export services and is temporarily unable to dispatch items abroad.

A Royal Mail distribution centre in Northern Ireland revealed its printers began “spurting” out copies of a ransom note on Tuesday, saying “your data are stolen and encrypted”.

In a statement issued on Monday, Royal Mail said: “To support faster recovery when our service is restored and to prevent a build-up of export items in our network, we’re asking customers not to post international items until further notice.”

“Items that have already been dispatched may be subject to delays.”

The company has been hit by disruption in recent months, with postal workers staging walkouts in a long-running dispute over jobs, pay, pensions and conditions.

It has caused havoc for businesses who rely on the delivery services, with major retailers such as Moonpig, Card Factory and Asos partially blaming the strikes for a drop in sales towards the end of 2022.

When will the cyber attack be fixed?

Simon Thompson, chief executive of Royal Mail, told a parliamentary select committee on Tuesday: “We’ve confirmed that we’ve had a cyber attack.”

He was unable to provide a date for when the issue will be resolved, telling MPs: “The team have been working on workarounds so that we can get the service up and running again.”

He added there would be “more news to share” soon.

Mr Thompson said he could not discuss any details of the attack, saying it would be “detrimental” to the ongoing investigation.

More from News

Will there be more Royal…

Source…