Tag Archive for: door

FBI’s Qakbot operation opens door for more botnet takedowns


The FBI’s recent takedown of the QakBot botnet sent shockwaves throughout the cybersecurity community when it was first announced last week. QakBot had become the malware of choice for dozens of hacking groups and ransomware outfits that used it to set the table for devastating attacks.

Since emerging in 2007 as a tool used to attack banks, the malware evolved into one of the most commonly-seen strains in the world, luring an ever-increasing number of machines into its powerful web of compromised devices. Justice Department officials said their access to the botnet’s control panel revealed it was harnessing the power of more than 700,000 machines, including over 200,000 in the U.S. alone.

But almost as interesting as the takedown was the way law enforcement agencies pulled off the disruption.

Senior FBI and Justice Department officials — who called it “the most significant technological and financial operation ever led by the Department of Justice against a botnet” — explained in a briefing that they managed to infiltrate the botnet’s infrastructure and take a range of actions to shut it down.

Using a court order, the law enforcement agencies deployed the botnet’s auto-updating feature against itself to send out a custom application that uninstalled QakBot and disabled the feature on devices in the U.S.

“It’s as if the boss gave the order, ‘leave this workplace and don’t come back,’” said John Hammond, principal security researcher at the cybersecurity intelligence firm Huntress.

Chester Wisniewski, field CTO of applied research at Sophos, said the tactic reminded him of NotPetya, where a software downloader feature was abused by Russian hackers to download malware instead of updates.

“Almost all modern botnets have auto update functionality and if you can gain control of the communications channels you can essentially make them self-destruct,” Wisniewski said. “If we start having success with that though, criminals could start using digital signatures to make this more difficult.”

Other botnets

The FBI and other law enforcement agencies have conducted similar operations in the past to take down botnet networks.

The FBI’s targeting of the…

Source…

Cybersecurity: These simple steps can close the digital door on hackers


Photo courtesy DepositPhotos

Personal accounts can be a gateway for business cyberhackers. Forward-thinking businesses, however, will not leave the door open for them.

Carl Mazzanti

The number of small business data breaches continues to grow and highlights the way cybercriminals can use LinkedIn and other social media profiles as a gateway into businesses, gaining unauthorized access to megabytes of sensitive data. To minimize the risk, business owners should work with their Cyber Security services provider to secure business and personal accounts from hackers.

Mark Zuckerberg found this out the hard way a few years back when a reported LinkedIn hack led to the exposure of a slew of accounts belonging to the Facebook (Meta) CEO. Despite his presumed savvy — after all, he is the world’s No. 1 social media magnate — Zuckerberg reportedly committed a series of fatal errors, including using an easy-to-crack password (dadada) on multiple accounts.

 

Easily guessed passwords can be dangerous

Otherwise-knowledgeable users often do not want to memorize lengthy sign-in codes, and instead seek shortcuts, like using common words, or the same password for more than one account. But hackers are getting more sophisticated —the NSA, FBI, and other security agencies have noted that the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Center for Special Technologies released new malware targeting Americans and other users — so that is a dangerous practice.

But securing accounts does not have to be complicated. One basic, yet effective measure is Multi-Factor Authentication (MFA). MFA requires at least two independent factors to log into an account. One factor may be a (secure) password, and the second could be a one-time passcode sent to the user’s mobile phone. This way, the account will be safe even if one factor is stolen.

Increasing the length of the initial password or PIN (Personal Identification Number) is another move. Shockingly, 7777 is one of the most common and easily guessed PINs. Since all devices support PINs longer than four digits, adding a few more numbers can make a big difference because of the math involved in guessing them. While…

Source…

The National Security Bill and the press: a threat to reputable news publishers, an open door for foreign interference?


By Nathan Sparkes

The National Security Bill is intended to protect the UK from “foreign powers” and has been described as an anti-spying bill.

However, national security legislation often poses a threat to journalists’ ability to do their jobs – and this bill is no different.

A threat to press freedom

The most concerning part of the Bill for UK-based journalists is Clause 3, which states:

Assisting a foreign intelligence service

(1) A person commits an offence if the person—

(a) engages in conduct of any kind, and

(b) intends that conduct to materially assist a foreign intelligence service in carrying out UK-related activities.

(2) A person commits an offence if the person—

(a) engages in conduct that is likely to materially assist a foreign intelligence service in carrying out UK-related activities, and

(b) knows, or ought reasonably to know, that it is reasonably possible their conduct may materially assist a foreign intelligence service in carrying out UK-related activities.

(3) Conduct that may materially assist a foreign intelligence service includes providing, or providing access to, information, goods, services or financial benefits (whether directly or indirectly).

The penalty for this offence is imprisonment for up to 14 years, or a fine.

Reporters sometimes publish information which may assist a foreign intelligence service, yet its disclosure is in the public interest.

For example, the publication of data on unethical activities by UK intelligence services might both assist foreign intelligence services and be in the interests of the UK public to be known.

Some outlets, like the IMPRESS-regulated Declassified UK, specialise in reporting on alleged cases of unethical conduct committed by UK intelligence, diplomatic or military agencies.

It would be a significant threat to the freedom of the press if this provision was used to target Declassified UK and other, similar publishers acting in the public interest.

Unjustified exemptions

Alongside this heavy-handed provision, for which there is no defence for news publishers, other provisions in the bill benefit from a media exemption.

These provisions require individuals or organisations to register with the…

Source…

Was Sensitive User Data Stolen & Did 2FA Open Door To Hacker?


September 18 update below. This post was originally published on September 15

The New York Times is reporting that Uber has been hacked. Here’s what we know so far concerning this breaking story.

The ride-hailing and food delivery company has suffered a systems breach, according to the report, with employees unable to access internal tools such as Slack. One employee resource page is said to have had a not safe for work image posted to it by the hacker. A bug bounty hunter and security engineer not involved in the alleged hack has posted a comment that is attributed to an Uber employee, who wished to remain anonymous, which claims they were told to stop using Slack and “anytime I request a website, I am taken to a page with a pornographic image” and the message ‘f*** you wankers.’

Another bug bounty hunter has tweeted a screenshot, allegedly from the hacker, where they state, “I announce I am a hacker and Uber has suffered a data breach. Slack has been stolen…” with a hashtag of #uberunderpaisdrives

What has Uber said about the hack?

I reached out to Uber for a comment and was pointed to an official statement posted to Twitter which reads: “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”

I have seen messages from someone who claims various Uber admin accounts are under their control. A New York Times reporter says that the hacker tells them he is 18 years old and hacked the Uber systems because “they had weak security.” He further claims this was accomplished through the social engineering of an Uber employee to obtain login credentials.

September 18 update

Uber still hasn’t had much to say publicly about the incident which appears to have allowed extensive access to internal systems. This is not all that surprising as investigations are ongoing. Most nearly all the evidence of the hack has come from the alleged hacker themselves, in the form of multiple postings and screenshots. However,…

Source…