Tag Archive for: explained

Explained | How did a China-based hacking group compromise Microsoft’s cloud security? 

/in


The story so far: In July, Microsoft said that a China-based hacking group breached U.S. government-linked email accounts. The company said the group identified as Storm-0558, gained access to email accounts of 25 organisations, including Western European government agencies, email accounts from top American officials such as Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink. The attacks stemmed from the compromise of a Microsoft engineer’s corporate account. The company further explained that hackers were able to extract a cryptographic key from the engineer’s account to access into email accounts. The flaw has been fixed now.

When did the attacks start?

The attack on email accounts of American government officials was first noticed when customers reported abnormal activity on June 16. Microsoft then began an investigation which revealed that from May 15, Storm-0558 gained access to email accounts affecting approximately 25 organisations in the public cloud including government agencies as well as related customer accounts of individuals associated with them.

What is Storm-0558?

Microsoft Threat Intelligence “with moderate confidence” assessed that Storm-0558 is a China-based threat actor with activities and methods consistent with espionage objectives. The group is thought to operate as its own distinct group and its core working hours are consistent with working hours in China, Microsoft said in a blog post.

In the past, the group has been seen to have primarily targeted U.S. and European diplomatic, economic, and legislative governing bodies, and individuals connected to Taiwan and Uyghur geopolitical interests. The group has been targeting Microsoft accounts since August 2021 and had reportedly obtained credentials for initial access through phishing campaigns and exploited vulnerabilities in public-facing applications to gain access to victims’ networks.

How did the threat actors breach Microsoft’s security?

The China-based threat actor was able to compromise Microsoft’s cloud security systems by using an acquired MSA key to forge tokens to access Outlook Web Access…

Source…

Risk briefing: double extortion ransomware explained | Analysis

/in


What is double extortion ransomware?

Ransomware has grown from a moderate risk to a major headline-grabbing challenge.

ransomware, system hacked

 

In its simplest form, ransomware is malicious software that allows a hacker to restrict access to an individual’s or company’s vital information in some way, and then demand some form of payment to lift the restriction.

 

An extension of these traditional ransomware attacks is double extortion ransomware. This is when adversaries not only encrypt data, but they also exfiltrate a copy of the data giving them additional leverage in demanding payment.

 

As well as causing disruption and financial impact, double extortion strategies open victims up to increased reputational harm and potential compliance breaches, as well as the possibility of compensation to their clients and business partners.

 

Since the emergence of double extortion ransomware, some threat actors have further adapted their attack models to no longer focus on encryption.

 

Instead, they simply steal critical data and use that as their leverage. The continued evolution of ransomware attacks is extremely concerning due to the speed that cybercriminals can now cause long-lasting damage to an organisation’s systems.

 

How is ransomware evolving – is it on the rise? 

Ransomware is one of the most damaging and frequent forms of cyberattack facing modern organisations and is a security challenge that is constantly evolving.

 

Threat actors are going after bigger targets for bigger pay-outs, leaving no organisation safe from attack. It is a growing problem, with a total of 236.1 million ransomware attacks hitting organisations worldwide in the first half of 2022, according to Statista.

 

Despite a greater awareness of ransomware, organisations are still falling victim to this ever-growing risk.

Threat actors are continuing to ramp up their attack methods, focusing more on stealing and corrupting data rather than encrypting it for faster and easier attacks.

”Threat actors are going after bigger targets for bigger pay-outs, leaving no organisation safe from attack.”

When a threat actor encrypts data, they need to manage the whole decryption process and this exposes them to risk…

Source…

What is encryption? The backbone of computer security, explained

/in


If you’ve read anything about technology in the last few years, you may have seen the term “encryption” floating around. It’s a simple concept, but the realities of its use are enormously complicated. If you need a quick 101 on what encryption is and how it’s used on modern devices, you’ve come to the right place. But first, we have to start at the beginning.

Further reading: 5 easy tasks that supercharge your security

The basics of cryptography

At the most simple, basic level, encryption is a way to mask information so that it can’t be immediately accessed. Encryption has been used for thousands of years, long before the rise of the information age, to protect sensitive or valuable knowledge. The use and study of encryption, codes, and other means of protecting or hiding information is called cryptography.

The most simple version of encryption is a basic replacement cipher. If you use numbers to indicate letters in the Latin alphabet, A=1, B=2, et cetera, you can send a message as that code. It isn’t immediately recognizable, but anyone who knows the code can quickly decipher the message. So, a seemingly random string of numbers:

20 8 5 16 1 19 19 23 15 18 4 9 19 19 23 15 18 4 6 9 19 8

…can become vital information, to someone who knows how to read it.

t he p a s s w o r d i s s w o r d f i s h

That’s an incredibly basic example, the kind of thing you might find in the classicdecoder ringtoy. Archaeologists have found examples of people encrypting written information that are thousands of years old: Mesopotamian potters sent each other coded messages in clay, telling their friends how to make a new glaze without letting their competitors know. A set of Greek substitutions called the Polybus square is another example, requiring a key to unlock the message. It was still being used in the Middle Ages.

Cryptography in wartime

Cryptography is used to protect information, and there’s no more vital application than warfare. Militaries have encrypted their messages to make sure that enemies won’t know their plans if communication is intercepted. Likewise, militaries also try to break encryption, discover the…

Source…

Explained: Most common types of malware and how they can be dangerous

/in


While a virus may be the most commonly known form of malware, there are a few others that can be dangerous to your data and devices. Viruses, worms, and Trojans are three types of malicious software (malware) that can cause harm to computer systems and networks. Although they all fall under the category of malware, they have distinct characteristics and operate differently. Here, we explain the difference between viruses, worms, and Trojans and how they pose a danger to your devices.

What is a virus?

A computer virus is a type of malware that attaches itself to a legitimate program or file and replicates itself. When the infected program or file is executed, the virus is activated, and it can spread to other programs and files on the computer or network. The primary goal of a virus is to replicate and spread, causing damage to the infected computer or network.
Viruses can be spread through email attachments, infected websites, or file-sharing networks.
A virus can cause a range of problems, including slowing down the computer’s performance, corrupting files, and deleting important data. In some cases, a virus can also allow hackers to gain access to the infected computer, giving them access to sensitive data and personal information.

What is a worm?

A worm is a type of malware that is designed to spread quickly through a network by exploiting security vulnerabilities. Unlike a virus, a worm does not need to attach itself to a program or file to spread. Instead, it can replicate itself and spread from computer to computer, often without the user’s knowledge.
Worms can spread rapidly and cause widespread damage to computer networks, sometimes causing entire systems to crash. They can also be used to install other types of malware, such as spyware or keyloggers, on the infected computer. Worms can be spread through email, instant messaging, or through security vulnerabilities in software and operating systems.

What is a trojan?

A trojan, short for the trojan horse, is a type of malware that disguises itself as a legitimate program or file. Once the user installs or executes the trojan, it can perform a variety of malicious actions, such as stealing data, modifying files, or installing other…

Source…