Tag: dangerous. | Page 2

5 Most Dangerous New Hacking Techniques

February 1, 2024/in Computer Security

Increasing Militarization Of The Internet

The rise of Stuxnet, Flame, Gause, the Olympic Games operations and Shamoon have all shed light on the issue of nation-state driven cyberwarfare and cyberespionage activities. Now that we are in cyberspace, we have another domain for humans to occupy and dominate, according to Ed Skoudis, founder of Counter Hack Challenges.

Skoudis told RSA Conference 2013 attendees that he worries about some of the risks of taking action over the Internet. Many of the nation-state driven activities could have a tremendous impact on the private sector, he said. “It could have a cascading impact,” he said. “It is possible that every cyberaction could cause bigger problems than people think.” Some of the techniques outlined by Skoudis and Johannes Ullrich, chief research officer at the SANS Institute are not new, but they are being ramped up by cybercriminals to become a serious problem.

Here’s a look at the five most dangerous new hacking techniques that concern top security experts Ullrich and Skoudis.

Rise Of Offensive Forensics

Anti-forensics is the process of cybercriminals getting into a targeted environment and hacking the forensics tools themselves. Offensive forensics is taking forensics techniques and analyzing file systems and memory in-depth then combing them for information assets and extracting them.

Mis-Attribuiton

The industrial processes used to build Stuxnet and other malware provides unique fingerprints for malware analysis investigators to categorize it. Coding styles down to machine level language can indicate a specific threat actor. A nation-state backed cybercriminal that doesn’t want to get noticed may place phony clues in malware to shake off investigators, Skoudis said. The catastrophic attack on Saudi Aramco via Shamoon infections on that company’s workstations had some…

Source…

Windows PCs are now being hit by dangerous malware — here’s the steps you need to take to stay safe

January 29, 2024/in Computer Security

It’s been a while since we heard about malware hiding in PyPI packages, but researchers have now reported finding almost a dozen lurking on the open source Python Package Index (PyPI) repository.

Cybersecurity researchers from Fortinet’s FortiGuard Labs found nine packages delivering the WhiteSnake Stealer. The packages are called nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. WhiteSnake is a Windows infostealer, capable of working around antivirus programs, and communicates with the C2 server via the Tor protocol, the researchers explained.

Its main function is to steal information from the compromised endpoints, and execute various commands. The information it’s after is mostly data from web browsers, cryptocurrency wallets and browser add-ons, and important apps such as Discord, Signal, Telegram, and similar.

Eyes on cryptos

Some of the packages were also observed carrying a more advanced version of the malware that also comes with a clipboard monitor and an overwrite feature. This feature is designed to assist in cryptocurrency theft, as people wanting to send their tokens from one address to another will almost always copy and paste the receiving address, instead of typing it out. With this malware, the attackers can replace the copied wallet address with one belonging to them, having the victim send their funds to the wrong address.

PyPI is one of the world’s largest and most popular Python package repositories. As such, it’s a frequent target by threat actors who mostly do two things: either create an entirely new malicious package, or engage in typosquatting – creating a package similar to a legitimate one, and naming it almost exactly the same. That way, the developers can mistakenly install the malicious one.

Developers are urged to be vigilant when using PyPI and similar services and always make sure they’re downloading a legitimate package. They should look out for strange typos, inconsistent download numbers, and user reviews.

Via The Hacker News

More from TechRadar Pro

Source…

The $10 billion cyber-insurance industry sees a dangerous year in cybercrime ahead. AI, ransomware, and war are its biggest concerns

January 28, 2024/in Internet Security

It’s rare to find an insurance policy against war breaking out, but there’s a $10 billion market for cyber-insurance that guards against the threat of ransomware attacks. With the world as violent and turbulent as it is right now, though, lines between the two are blurring.

The ongoing wars in Ukraine and Gaza have insurers on such high alert that many simply aren’t offering coverage any longer, on top of which AI is creating new and unpredictable cybersecurity risks. And insurers expect a “significant” increase in hacks in 2024, to boot.

Those were the three key findings of a new report on cyber-insurance trends from consultancy Woodruff Sawyer. Insuring against cybercrime has grown from a tiny niche to a $10 billion market, with firms that offer coverage ranging from small specialty carriers to household names such as Chubb and Travelers. They offer coverage for losses incurred relating to companies’ IT and computer systems—for example, if companies are hacked and lose data or have to pay ransoms to get it back.

Woodruff Sawyer surveyed over 40 of its clients and found that the industry has a gloomy outlook this year: 56% of respondents said they believed cyber risk would “increase greatly” in 2024. They pointed to ransomware and war-associated risks as two of their biggest concerns.

“If you have an attack that is part of a war campaign, it can affect private companies across the globe that have nothing to do with war,” said Woodruff Sawyer national cyber practice leader Dan Burke in an interview with Fortune. “That is the true risk that’s elevated by conflict and war and geopolitical tension. That’s really what underwriters are mostly concerned about.”

A famous example of this type of ransomware attack was a virus called NotPetya, which circulated in 2017. Originating in Ukraine, it quickly went global and compromised the computer systems of dozens of companies, including drug giant Merck and shipping company Maersk. The White House estimated it caused $10 billion in damages.

“The NotPetya attack was a Russian-based attack against an accounting software in Ukraine. And it turns out that that specific piece of software was used by multinational…

Source…

Thousands of Android TV boxes hit by dangerous new malware-dropping botnet

January 18, 2024/in Computer Security

A group of hackers has been secretly building a botnet of Android TV and eCos set-top boxes, and then monetizing the access to earn masses of wealth, researchers have warned.

Cybersecurity experts from Qianxin Xlabs dubbed the operation “Bigpanzi”, and claim there are some 170,000 daily active bots.

Given that not all endpoints are active at the same time, the botnet is expected to be much larger, with researchers claiming to have seen 1.3 million unique IP addresses since August 2023.

Tip of the iceberg

To infect the devices with malware, the criminals trick the victims into downloading malicious apps themselves, a separate report from Dr. Web says. The apps, which haven’t been named, drop two malware variants: pandoraspear, and pcdn. While one acts as a trojan and allows the attackers to hijack DNS settings and run commands, the other helps build a peer-to-peer (P2P) Content Distribution Network (CDN) and can mount Distributed Denial of Service (DDoS) attacks.

The campaign is active since 2015, the researchers claim, with most victims apparently being located in Brazil. “Over the past eight years, Bigpanzi has been operating covertly, silently amassing wealth from the shadows,” Xlabs said in its report. “With the progression of their operations, there has been a significant proliferation of samples, domain names, and IP addresses.”

“In the face of such a large and intricate network, our findings represent just the tip of the iceberg in terms of what Bigpanzi encompasses.”

There are a number of things Bigpanzi’s operators can do with infected devices. Most notably, they can turn the compromised set-top boxes into nodes and offer them as part of an illegal media streaming service. Furthermore, they can offer traffic proxy networks for hire, and mount DDoS attacks to whoever is happy to pay. Finally, they can use the botnet for OTT content provision.

Via BleepingComputer

More from TechRadar Pro

Source…

Tag Archive for: dangerous.