Tag Archive for: Bay

Sophos Discovers Malware That Blocks The Pirate Bay

/in


(Photo: Getty Images)

Sophos has revealed new malware with a curious goal: preventing its victims from pirating software. The company says this digital vigilante, which is similar to a malware family discovered over a decade ago, modifies the infected system’s HOSTS file to block access to The Pirate Bay and other piracy-related sites.

“Modifying the HOSTS file is a crude but effective method to prevent a computer from being able to reach a web address,” SophosLabs Principal Researcher Andrew Brandt says in a blog post. “It’s crude because, while it works, the malware has no persistence mechanism. Anyone can remove the entries after they’ve been added to the HOSTS file, and they stay removed (unless you run the program a second time).”

The malware is said to spread via the Discord communications platform by masquerading as pirated copies of popular games. Brandt says it’s also distributed over BitTorrent in bundles “named after popular games, productivity tools, and even security products” that include other files whose sole purpose is to make the malware “appear to have originated with a well-known file sharing account on ThePirateBay.”

After the malware is downloaded it sends two HTTP GET requests to a now-inactive domain. The first request fetches a second payload called “ProcessHacker.jpg” that includes a kill-switch to prevent the malware from operating on devices containing files named “7686789678967896789678” and “412412512512512.” The files themselves can be empty; they simply have to use those names.

The second request “uses a query string to send the filename of the executable that was run to the website’s operators,” Brandt said, which would have allowed them to learn more about what kinds of files people are trying to pirate. That effort appears to have been dropped—Brandt says the server to which the HTTP GET requests were sent “no longer responds to requests, nor has a DNS record.”

Recommended by Our Editors

Sophos has updated its security products to defend against this malware. Brandt says anyone who’s already been affected by the campaign can manually restore their access to the websites it blocked by running Notepad as an administrator and “modifying the…

Source…

FBI Investigating Hacker Attempt To Poison Bay Area Water: Report

/in




The NBC report marked the first time this hack was brought to light.

© Shutterstock
The NBC report marked the first time this hack was brought to light.

BAY AREA, CA — The Federal Bureau of Investigation is looking into a hacker’s attempt to poison an unnamed San Francisco Bay Area water treatment plant in January, NBC News reported.

The hacker knew the username and password of a former employee’s TeamViewer account, which allowed them to remotely obtain access to the plant’s computers, NBC reported. The hacker deleted computer programs used to treat drinking water.

The plant discovered it had been hacked the next day, then reinstalled the water treatment programs and changed its passwords, NBC reported. There were no reports of anyone being sickened by the water.

Loading...

Load Error

NBC’s report marked the first time this incident was made public. The news agency said it reviewed a February report from the Northern California Regional Intelligence Center.

The method used in this attack is the same as one reported in February, when an Oldsmar, Florida water plant operator watched as his computer mouse moved around his screen and opened programs, eventually raising the levels of sodium hydroxide, or lye, by more than 100 fold to a level that could cause illness and corrode pipes, The Washington Post reported. The hacker also used TeamViewer to gain access to the employee’s screen.

Fortunately, the employee quickly reversed the lye levels and water quality was not significantly impacted, The Post reported. Nobody was sickened.

The U.S. Cybersecurity and Infrastructure Security Agency and National Security Agency recommended in July 2020 that operators of critical infrastructure take immediate action to safeguard against “foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression.”

These vulnerabilities have become increasingly apparent as more companies shift to remote operations and monitoring, outsource operations, and seek to accommodate a decentralized workforce, the agencies wrote.

Read more from NBC Bay Area and The Washington Post.

Continue Reading

Source…

California city officials hid 2018 cyber attack, used insurance to pay $65K ransom to hackers – East Bay Times

/in


In the aftermath of a disclosure that sensitive Azusa Police Department records had been hacked by criminals, city officials now acknowledge they experienced another costly ransomware attack that they hid from the public for nearly two years.

In the fall of 2018, the city, through its cybersecurity insurance carrier, paid $65,000 ransom to an unknown hacker organization to regain control of 10 data servers at the Police Department, Azusa City Manager Sergio Gonzalez said Thursday.

“We were able to unlock one server after the ransom was paid but immediately after found a free key to unlock all other locked servers,” Gonzalez said in an email. “No information was compromised. Our servers were just locked. We verified with forensic experts that no data was compromised. That’s essentially why we did not and were not required to report it (publicly).”

The 2018 breach apparently was caused by a virus unleashed after a city employee opened an email or link.

Forensic experts cleaned, wiped and restored the servers before putting them back online. Additionally, city employees received computer security training and updates to software and virus protections were provided.

History of hacks

However, those precautions didn’t prevent the most recent cyber attack at the Police Department, which was discovered March 9 and reported publicly May 27.

That attack was perpetrated by DoppelPaymer, a notorious and shadowy ransomware gang known for extorting victims and then posting their sensitive information on the dark web if the ransom isn’t paid. It is among several rogue hacker groups that have been blamed for recent attacks crippling industries in the U.S. and abroad, including Georgia-based Colonial Pipeline and JBS S.A., the largest meat producer in the world.

DoppelPaymer demanded 10.33 bitcoin, and then raised the ransom to 15.5 bitcoin, which at the time was about $800,000, Gonzalez said.

“In consultation with incident response partners, including federal law enforcement, the department ultimately declined to participate in any ransom payment,” said Gonzalez, adding he could not disclose the type of information that was compromised due to an ongoing criminal…

Source…