Tag Archive for: Cybercriminals

Protecting your finances from cybercriminals

/in


Mark Weber/Tribune Content Agency

Identity theft and computer hacks are happening far too often, so protecting yourself and your finances is essential.

In 2013, we were shocked when Target Corp. announced that the credit card information for 41 million customers was compromised after a hacker gained access through credentials stolen from a third-party vendor.

In 2017, Equifax, a credit reporting agency, reported a hack that exposed the personal information of up to 143 million Americans, 15 million British citizens and 19,000 Canadians.

In 2020, a massive cyberattack occurred when SolarWinds, a technology firm based in Austin, Texas, provided a software update that included malware attached by hackers.

Ironically, SolarWinds sells their Orion software to thousands of companies, and it is intended to monitor their computer networks. SolarWinds estimated that 18,000 customers, including roughly 40 government agencies, received the update and were exposed to the hack.

The government agencies included the Pentagon, the Treasury Department, the Department of Energy, the U.S. Postal Service and the Department of Homeland Security. Once the data is stolen, we do not know who has access to it or how they may use it.

Recently, hackers have shifted their strategies and have been using a form of malware that encrypts files on a computer system. Once the hackers have infiltrated a computer system, they demand a ransom in exchange for unencrypting the files. This strategy has been used in recent years to attack the computer systems of cities and municipalities, including Atlanta; Baltimore; Denver; Knoxville, Tennessee; New Orleans; and Tulsa, Oklahoma.

In some cases, the ransom was paid, although there is a concerted effort among the U.S. Conference of Mayors to stop paying ransoms.

Most recently, in January 2022, the computer systems of Bernalillo County and Albuquerque Public Schools were hacked.

Being hacked is not always an indication that the company or city was lax in their computer security policies.

Hackers have numerous ways to gain access. I assume that most personal information — including Social Security numbers, birthdates, addresses, tax records, credit card numbers,…

Source…

Cybercriminals target Microsoft Teams users with malware

/in


After employees turned to remote working tools during the COVID-19 pandemic, cybercriminals looked for ways to exploit these apps.

Cybercriminals have targeted users of collaboration software Slack with phishing attacks, and mischief-makers have shown up uninvited to Zoom meetings. Now, attackers are targeting popular collaboration tool Microsoft Teams, according to cybersecurity firm Avanan.

Avanan researchers observed cybercriminals dropping malicious files into Teams conversations beginning in January, with “thousands” of attacks per month, the company said in a blog post.

The attackers hack into Teams by spoofing a user, compromising a partner organization, or gaining access to the targeted company through an email-based attack, Avanan said. The file they share in a Teams chat includes malicious software that can take over a victim’s computer.

“By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users,” Avanan wrote. “Given that hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams.”

The Teams threat is a serious one and an attractive attack vector, given that cybercriminals can gain access to Microsoft credentials in email-based attacks, cybersecurity experts said.

These attacks are a “new spin on old vectors,” said Keatron Evans, a principal security researcher at the Infosec Institute, a cybersecurity training organization. “The problem is that Microsoft Teams and other meeting platforms have become so widely used due to COVID that it’s easier to slip something under the radar via a Teams chat session.”

Teams users should be wary of clicking on links in chats, and organizations should use updated endpoint detection tools, Evans recommended.

“If the victim does not have sufficient endpoint protection, it is a very easy attack to pull off,” he told the Washington Examiner. “Even with decent endpoint protection, most users would provide the needed interaction to cause the…

Source…

Cybercriminals carried out a record number of ransomware attacks last year; experts expect more in 2022

/in


It might be a different year, but old threats linger—especially in cyberspace.  An advisory covering the current cyberthreat situation issued by federal agencies and international partners Wednesday outlines a growing threat posed by ransomware that’s expected to continue through 2022. 

“Cybercriminals are increasingly gaining access to networks via phishing, stolen remote desktop protocols, credentials or brute force, and exploiting software vulnerabilities,” the advisory says. Over the last year, especially, “The market for ransomware became increasingly ‘professional’ and there has been an increase in cybercriminal services-for-hire.”

With this expansion of cybercrime into more of an enterprising space, the advisory notes that ransomware groups have begun sharing victim information with each other, including victims’ network access information. They’re also diversifying extortion methods to get around defenses and evolving their practices to best exploit vulnerabilities, such as by targeting public organizations on holidays and weekends. 

And from local school districts to vital infrastructure vendors, cybercriminals have broadened their targets. The advisory highlights that nearly every aspect of the nation’s critical infrastructure was digitally attacked in some way last year, including the emergency services sector, food and agriculture, and government facilities. 

“We live at a time when every government … must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), in a statement. CISA, along with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA) and several international organizations including Australia and the United Kingdom collaborated on the advisory. “While we have taken strides over the past year to increase awareness of the threat, we know there is more work to be done to build collective resilience.” 

While action has been taken by federal agencies to make local governments aware of the threat, more education is needed, Easterly said, urging “organizations to review…

Source…

Concerns as cybercriminals unleash SMS-based Android malware — Nigeria — The Guardian Nigeria News – Nigeria and World News

/in


Data services push MTNN revenue to N1.7tr in 2021, as the firm pays N669.2b taxes

Nigerian Communications Commission (NCC) has alerted Nigerians on a new high-risk Short Messaging Service-based malware, TangleBot, infecting Android mobile devices.

TangleBot employs more or less similar tactics as the recently announced notorious FlutBot SMS Android malware that targets mobile devices. TangleBot equally gains control of the device but in a far more invasive manner than FlutBot.

The disclosure was made in a recent security advisory made available to NCC’s New Media and Information Security Department by the Nigerian Computer Emergency Response Team (ngCERT).

TangleBot is installed when an unsuspecting user clicks on a malicious link disguised as COVID-19 vaccination appointment-related information in an SMS message or information about fake local power outages that are due to occur.

NCC explained that the aim behind both or either of the messages (on COVID-19 or impending power outages) is to encourage potential victims to follow a link that supposedly offers detailed information. Once at the page, users are asked to update applications such as Adobe Flash Player to view the page’s content by going through nine dialogue boxes to give acceptance to different permissions that will allow the malware operators to initiate the malware configuration process.

According to the commission, the immediate consequence is that TangleBot gains access to several different permissions when installed on a device, allowing it to eavesdrop on user communications. The malware then steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among others.

Furthermore, the malware takes complete control of the targeted device, including access to banking data, and can reach the deepest recesses of the Android operating system.

“The NCC, therefore, wishes to, once again, urge millions of telecom consumers to be wary of such wiles of cybercriminals, whose intent is to defraud unsuspecting Internet users.”

To ensure maximum protection for Internet users in the country, ngCERT has offered a number of preventive…

Source…